summaryrefslogtreecommitdiffstats
path: root/secure
diff options
context:
space:
mode:
Diffstat (limited to 'secure')
-rw-r--r--secure/Makefile37
-rw-r--r--secure/Makefile.inc19
-rw-r--r--secure/lib/Makefile13
-rw-r--r--secure/lib/Makefile.inc6
-rw-r--r--secure/lib/libcrypt/blowfish.c484
-rw-r--r--secure/lib/libcrypt/blowfish.h71
-rw-r--r--secure/lib/libcrypt/crypt-blowfish.c307
-rw-r--r--secure/lib/libcrypt/crypt-des.c704
-rw-r--r--secure/lib/libcrypto/Makefile458
-rw-r--r--secure/lib/libcrypto/Makefile.asm61
-rw-r--r--secure/lib/libcrypto/Makefile.inc67
-rw-r--r--secure/lib/libcrypto/Makefile.man824
-rw-r--r--secure/lib/libcrypto/engines/Makefile6
-rw-r--r--secure/lib/libcrypto/engines/Makefile.inc6
-rw-r--r--secure/lib/libcrypto/engines/lib4758cca/Makefile7
-rw-r--r--secure/lib/libcrypto/engines/libaep/Makefile6
-rw-r--r--secure/lib/libcrypto/engines/libatalla/Makefile6
-rw-r--r--secure/lib/libcrypto/engines/libchil/Makefile6
-rw-r--r--secure/lib/libcrypto/engines/libcswift/Makefile6
-rw-r--r--secure/lib/libcrypto/engines/libnuron/Makefile6
-rw-r--r--secure/lib/libcrypto/engines/libsureware/Makefile6
-rw-r--r--secure/lib/libcrypto/engines/libubsec/Makefile6
-rw-r--r--secure/lib/libcrypto/i386/bf-586.s927
-rw-r--r--secure/lib/libcrypto/i386/bf-686.s897
-rw-r--r--secure/lib/libcrypto/i386/bn-586.s890
-rw-r--r--secure/lib/libcrypto/i386/cast-586.s966
-rw-r--r--secure/lib/libcrypto/i386/co-586.s1270
-rw-r--r--secure/lib/libcrypto/i386/crypt586.s887
-rw-r--r--secure/lib/libcrypto/i386/des-586.s2698
-rw-r--r--secure/lib/libcrypto/i386/md5-586.s689
-rw-r--r--secure/lib/libcrypto/i386/rc4-586.s316
-rw-r--r--secure/lib/libcrypto/i386/rc5-586.s579
-rw-r--r--secure/lib/libcrypto/i386/rmd-586.s1975
-rw-r--r--secure/lib/libcrypto/i386/sha1-586.s1537
-rw-r--r--secure/lib/libcrypto/man/ASN1_OBJECT_new.3167
-rw-r--r--secure/lib/libcrypto/man/ASN1_STRING_length.3207
-rw-r--r--secure/lib/libcrypto/man/ASN1_STRING_new.3168
-rw-r--r--secure/lib/libcrypto/man/ASN1_STRING_print_ex.3218
-rw-r--r--secure/lib/libcrypto/man/ASN1_generate_nconf.3367
-rw-r--r--secure/lib/libcrypto/man/BIO_ctrl.3252
-rw-r--r--secure/lib/libcrypto/man/BIO_f_base64.3208
-rw-r--r--secure/lib/libcrypto/man/BIO_f_buffer.3199
-rw-r--r--secure/lib/libcrypto/man/BIO_f_cipher.3200
-rw-r--r--secure/lib/libcrypto/man/BIO_f_md.3267
-rw-r--r--secure/lib/libcrypto/man/BIO_f_null.3157
-rw-r--r--secure/lib/libcrypto/man/BIO_f_ssl.3441
-rw-r--r--secure/lib/libcrypto/man/BIO_find_type.3224
-rw-r--r--secure/lib/libcrypto/man/BIO_new.3191
-rw-r--r--secure/lib/libcrypto/man/BIO_push.3199
-rw-r--r--secure/lib/libcrypto/man/BIO_read.3191
-rw-r--r--secure/lib/libcrypto/man/BIO_s_accept.3323
-rw-r--r--secure/lib/libcrypto/man/BIO_s_bio.3305
-rw-r--r--secure/lib/libcrypto/man/BIO_s_connect.3316
-rw-r--r--secure/lib/libcrypto/man/BIO_s_fd.3215
-rw-r--r--secure/lib/libcrypto/man/BIO_s_file.3275
-rw-r--r--secure/lib/libcrypto/man/BIO_s_mem.3244
-rw-r--r--secure/lib/libcrypto/man/BIO_s_null.3162
-rw-r--r--secure/lib/libcrypto/man/BIO_s_socket.3188
-rw-r--r--secure/lib/libcrypto/man/BIO_set_callback.3224
-rw-r--r--secure/lib/libcrypto/man/BIO_should_retry.3239
-rw-r--r--secure/lib/libcrypto/man/BN_BLINDING_new.3231
-rw-r--r--secure/lib/libcrypto/man/BN_CTX_new.3175
-rw-r--r--secure/lib/libcrypto/man/BN_CTX_start.3174
-rw-r--r--secure/lib/libcrypto/man/BN_add.3249
-rw-r--r--secure/lib/libcrypto/man/BN_add_word.3184
-rw-r--r--secure/lib/libcrypto/man/BN_bn2bin.3218
-rw-r--r--secure/lib/libcrypto/man/BN_cmp.3171
-rw-r--r--secure/lib/libcrypto/man/BN_copy.3157
-rw-r--r--secure/lib/libcrypto/man/BN_generate_prime.3215
-rw-r--r--secure/lib/libcrypto/man/BN_mod_inverse.3159
-rw-r--r--secure/lib/libcrypto/man/BN_mod_mul_montgomery.3225
-rw-r--r--secure/lib/libcrypto/man/BN_mod_mul_reciprocal.3206
-rw-r--r--secure/lib/libcrypto/man/BN_new.3176
-rw-r--r--secure/lib/libcrypto/man/BN_num_bytes.3179
-rw-r--r--secure/lib/libcrypto/man/BN_rand.3181
-rw-r--r--secure/lib/libcrypto/man/BN_set_bit.3189
-rw-r--r--secure/lib/libcrypto/man/BN_swap.3148
-rw-r--r--secure/lib/libcrypto/man/BN_zero.3181
-rw-r--r--secure/lib/libcrypto/man/CONF_modules_free.3171
-rw-r--r--secure/lib/libcrypto/man/CONF_modules_load_file.3184
-rw-r--r--secure/lib/libcrypto/man/CRYPTO_set_ex_data.3176
-rw-r--r--secure/lib/libcrypto/man/DH_generate_key.3173
-rw-r--r--secure/lib/libcrypto/man/DH_generate_parameters.3194
-rw-r--r--secure/lib/libcrypto/man/DH_get_ex_new_index.3160
-rw-r--r--secure/lib/libcrypto/man/DH_new.3163
-rw-r--r--secure/lib/libcrypto/man/DH_set_method.3252
-rw-r--r--secure/lib/libcrypto/man/DH_size.3156
-rw-r--r--secure/lib/libcrypto/man/DSA_SIG_new.3163
-rw-r--r--secure/lib/libcrypto/man/DSA_do_sign.3170
-rw-r--r--secure/lib/libcrypto/man/DSA_dup_DH.3158
-rw-r--r--secure/lib/libcrypto/man/DSA_generate_key.3157
-rw-r--r--secure/lib/libcrypto/man/DSA_generate_parameters.3210
-rw-r--r--secure/lib/libcrypto/man/DSA_get_ex_new_index.3160
-rw-r--r--secure/lib/libcrypto/man/DSA_new.3165
-rw-r--r--secure/lib/libcrypto/man/DSA_set_method.3266
-rw-r--r--secure/lib/libcrypto/man/DSA_sign.3188
-rw-r--r--secure/lib/libcrypto/man/DSA_size.3156
-rw-r--r--secure/lib/libcrypto/man/ERR_GET_LIB.3174
-rw-r--r--secure/lib/libcrypto/man/ERR_clear_error.3152
-rw-r--r--secure/lib/libcrypto/man/ERR_error_string.3198
-rw-r--r--secure/lib/libcrypto/man/ERR_get_error.3199
-rw-r--r--secure/lib/libcrypto/man/ERR_load_crypto_strings.3169
-rw-r--r--secure/lib/libcrypto/man/ERR_load_strings.3179
-rw-r--r--secure/lib/libcrypto/man/ERR_print_errors.3175
-rw-r--r--secure/lib/libcrypto/man/ERR_put_error.3167
-rw-r--r--secure/lib/libcrypto/man/ERR_remove_state.3157
-rw-r--r--secure/lib/libcrypto/man/ERR_set_mark.3161
-rw-r--r--secure/lib/libcrypto/man/EVP_BytesToKey.3191
-rw-r--r--secure/lib/libcrypto/man/EVP_DigestInit.3378
-rw-r--r--secure/lib/libcrypto/man/EVP_EncryptInit.3626
-rw-r--r--secure/lib/libcrypto/man/EVP_OpenInit.3186
-rw-r--r--secure/lib/libcrypto/man/EVP_PKEY_new.3168
-rw-r--r--secure/lib/libcrypto/man/EVP_PKEY_set1_RSA.3202
-rw-r--r--secure/lib/libcrypto/man/EVP_SealInit.3207
-rw-r--r--secure/lib/libcrypto/man/EVP_SignInit.3216
-rw-r--r--secure/lib/libcrypto/man/EVP_VerifyInit.3207
-rw-r--r--secure/lib/libcrypto/man/OBJ_nid2obj.3281
-rw-r--r--secure/lib/libcrypto/man/OPENSSL_Applink.3147
-rw-r--r--secure/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3222
-rw-r--r--secure/lib/libcrypto/man/OPENSSL_config.3203
-rw-r--r--secure/lib/libcrypto/man/OPENSSL_ia32cap.3169
-rw-r--r--secure/lib/libcrypto/man/OPENSSL_load_builtin_modules.3173
-rw-r--r--secure/lib/libcrypto/man/OpenSSL_add_all_algorithms.3188
-rw-r--r--secure/lib/libcrypto/man/PKCS12_create.3197
-rw-r--r--secure/lib/libcrypto/man/PKCS12_parse.3178
-rw-r--r--secure/lib/libcrypto/man/PKCS7_decrypt.3176
-rw-r--r--secure/lib/libcrypto/man/PKCS7_encrypt.3188
-rw-r--r--secure/lib/libcrypto/man/PKCS7_sign.3222
-rw-r--r--secure/lib/libcrypto/man/PKCS7_verify.3238
-rw-r--r--secure/lib/libcrypto/man/RAND_add.3200
-rw-r--r--secure/lib/libcrypto/man/RAND_bytes.3173
-rw-r--r--secure/lib/libcrypto/man/RAND_cleanup.3152
-rw-r--r--secure/lib/libcrypto/man/RAND_egd.3210
-rw-r--r--secure/lib/libcrypto/man/RAND_load_file.3176
-rw-r--r--secure/lib/libcrypto/man/RAND_set_rand_method.3206
-rw-r--r--secure/lib/libcrypto/man/RSA_blinding_on.3166
-rw-r--r--secure/lib/libcrypto/man/RSA_check_key.3188
-rw-r--r--secure/lib/libcrypto/man/RSA_generate_key.3181
-rw-r--r--secure/lib/libcrypto/man/RSA_get_ex_new_index.3242
-rw-r--r--secure/lib/libcrypto/man/RSA_new.3164
-rw-r--r--secure/lib/libcrypto/man/RSA_padding_add_PKCS1_type_1.3238
-rw-r--r--secure/lib/libcrypto/man/RSA_print.3172
-rw-r--r--secure/lib/libcrypto/man/RSA_private_encrypt.3187
-rw-r--r--secure/lib/libcrypto/man/RSA_public_encrypt.3198
-rw-r--r--secure/lib/libcrypto/man/RSA_set_method.3324
-rw-r--r--secure/lib/libcrypto/man/RSA_sign.3183
-rw-r--r--secure/lib/libcrypto/man/RSA_sign_ASN1_OCTET_STRING.3181
-rw-r--r--secure/lib/libcrypto/man/RSA_size.3156
-rw-r--r--secure/lib/libcrypto/man/SMIME_read_PKCS7.3196
-rw-r--r--secure/lib/libcrypto/man/SMIME_write_PKCS7.3184
-rw-r--r--secure/lib/libcrypto/man/X509_NAME_ENTRY_get_object.3197
-rw-r--r--secure/lib/libcrypto/man/X509_NAME_add_entry_by_txt.3239
-rw-r--r--secure/lib/libcrypto/man/X509_NAME_get_index_by_NID.3233
-rw-r--r--secure/lib/libcrypto/man/X509_NAME_print_ex.3227
-rw-r--r--secure/lib/libcrypto/man/X509_new.3162
-rw-r--r--secure/lib/libcrypto/man/bio.3180
-rw-r--r--secure/lib/libcrypto/man/blowfish.3233
-rw-r--r--secure/lib/libcrypto/man/bn.3306
-rw-r--r--secure/lib/libcrypto/man/bn_internal.3360
-rw-r--r--secure/lib/libcrypto/man/buffer.3198
-rw-r--r--secure/lib/libcrypto/man/crypto.3198
-rw-r--r--secure/lib/libcrypto/man/d2i_ASN1_OBJECT.3153
-rw-r--r--secure/lib/libcrypto/man/d2i_DHparams.3154
-rw-r--r--secure/lib/libcrypto/man/d2i_DSAPublicKey.3206
-rw-r--r--secure/lib/libcrypto/man/d2i_PKCS8PrivateKey.3180
-rw-r--r--secure/lib/libcrypto/man/d2i_RSAPublicKey.3190
-rw-r--r--secure/lib/libcrypto/man/d2i_X509.3360
-rw-r--r--secure/lib/libcrypto/man/d2i_X509_ALGOR.3154
-rw-r--r--secure/lib/libcrypto/man/d2i_X509_CRL.3161
-rw-r--r--secure/lib/libcrypto/man/d2i_X509_NAME.3155
-rw-r--r--secure/lib/libcrypto/man/d2i_X509_REQ.3160
-rw-r--r--secure/lib/libcrypto/man/d2i_X509_SIG.3154
-rw-r--r--secure/lib/libcrypto/man/des.3478
-rw-r--r--secure/lib/libcrypto/man/des_modes.3290
-rw-r--r--secure/lib/libcrypto/man/dh.3205
-rw-r--r--secure/lib/libcrypto/man/dsa.3240
-rw-r--r--secure/lib/libcrypto/man/ecdsa.3344
-rw-r--r--secure/lib/libcrypto/man/engine.3737
-rw-r--r--secure/lib/libcrypto/man/err.3313
-rw-r--r--secure/lib/libcrypto/man/evp.3170
-rw-r--r--secure/lib/libcrypto/man/hmac.3222
-rw-r--r--secure/lib/libcrypto/man/lh_stats.3183
-rw-r--r--secure/lib/libcrypto/man/lhash.3424
-rw-r--r--secure/lib/libcrypto/man/md5.3222
-rw-r--r--secure/lib/libcrypto/man/mdc2.3186
-rw-r--r--secure/lib/libcrypto/man/pem.3626
-rw-r--r--secure/lib/libcrypto/man/rand.3281
-rw-r--r--secure/lib/libcrypto/man/rc4.3184
-rw-r--r--secure/lib/libcrypto/man/ripemd.3188
-rw-r--r--secure/lib/libcrypto/man/rsa.3248
-rw-r--r--secure/lib/libcrypto/man/sha.3192
-rw-r--r--secure/lib/libcrypto/man/threads.3294
-rw-r--r--secure/lib/libcrypto/man/ui.3317
-rw-r--r--secure/lib/libcrypto/man/ui_compat.3180
-rw-r--r--secure/lib/libcrypto/man/x509.3189
-rw-r--r--secure/lib/libcrypto/opensslconf-amd64.h213
-rw-r--r--secure/lib/libcrypto/opensslconf-arm.h217
-rw-r--r--secure/lib/libcrypto/opensslconf-i386.h213
-rw-r--r--secure/lib/libcrypto/opensslconf-ia64.h217
-rw-r--r--secure/lib/libcrypto/opensslconf-mips.h231
-rw-r--r--secure/lib/libcrypto/opensslconf-powerpc.h226
-rw-r--r--secure/lib/libcrypto/opensslconf-sparc64.h217
-rw-r--r--secure/lib/libssh/Makefile52
-rw-r--r--secure/lib/libssl/Makefile31
-rw-r--r--secure/lib/libssl/Makefile.man209
-rw-r--r--secure/lib/libssl/man/SSL_CIPHER_get_name.3224
-rw-r--r--secure/lib/libssl/man/SSL_COMP_add_compression_method.3185
-rw-r--r--secure/lib/libssl/man/SSL_CTX_add_extra_chain_cert.3162
-rw-r--r--secure/lib/libssl/man/SSL_CTX_add_session.3192
-rw-r--r--secure/lib/libssl/man/SSL_CTX_ctrl.3158
-rw-r--r--secure/lib/libssl/man/SSL_CTX_flush_sessions.3173
-rw-r--r--secure/lib/libssl/man/SSL_CTX_free.3164
-rw-r--r--secure/lib/libssl/man/SSL_CTX_get_ex_new_index.3178
-rw-r--r--secure/lib/libssl/man/SSL_CTX_get_verify_mode.3174
-rw-r--r--secure/lib/libssl/man/SSL_CTX_load_verify_locations.3244
-rw-r--r--secure/lib/libssl/man/SSL_CTX_new.3203
-rw-r--r--secure/lib/libssl/man/SSL_CTX_sess_number.3200
-rw-r--r--secure/lib/libssl/man/SSL_CTX_sess_set_cache_size.3174
-rw-r--r--secure/lib/libssl/man/SSL_CTX_sess_set_get_cb.3211
-rw-r--r--secure/lib/libssl/man/SSL_CTX_sessions.3158
-rw-r--r--secure/lib/libssl/man/SSL_CTX_set_cert_store.3180
-rw-r--r--secure/lib/libssl/man/SSL_CTX_set_cert_verify_callback.3196
-rw-r--r--secure/lib/libssl/man/SSL_CTX_set_cipher_list.3193
-rw-r--r--secure/lib/libssl/man/SSL_CTX_set_client_CA_list.3216
-rw-r--r--secure/lib/libssl/man/SSL_CTX_set_client_cert_cb.3217
-rw-r--r--secure/lib/libssl/man/SSL_CTX_set_default_passwd_cb.3200
-rw-r--r--secure/lib/libssl/man/SSL_CTX_set_generate_session_id.3272
-rw-r--r--secure/lib/libssl/man/SSL_CTX_set_info_callback.3268
-rw-r--r--secure/lib/libssl/man/SSL_CTX_set_max_cert_list.3199
-rw-r--r--secure/lib/libssl/man/SSL_CTX_set_mode.3196
-rw-r--r--secure/lib/libssl/man/SSL_CTX_set_msg_callback.3212
-rw-r--r--secure/lib/libssl/man/SSL_CTX_set_options.3431
-rw-r--r--secure/lib/libssl/man/SSL_CTX_set_quiet_shutdown.3186
-rw-r--r--secure/lib/libssl/man/SSL_CTX_set_session_cache_mode.3245
-rw-r--r--secure/lib/libssl/man/SSL_CTX_set_session_id_context.3198
-rw-r--r--secure/lib/libssl/man/SSL_CTX_set_ssl_version.3177
-rw-r--r--secure/lib/libssl/man/SSL_CTX_set_timeout.3182
-rw-r--r--secure/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3294
-rw-r--r--secure/lib/libssl/man/SSL_CTX_set_tmp_rsa_callback.3290
-rw-r--r--secure/lib/libssl/man/SSL_CTX_set_verify.3409
-rw-r--r--secure/lib/libssl/man/SSL_CTX_use_certificate.3290
-rw-r--r--secure/lib/libssl/man/SSL_SESSION_free.3178
-rw-r--r--secure/lib/libssl/man/SSL_SESSION_get_ex_new_index.3185
-rw-r--r--secure/lib/libssl/man/SSL_SESSION_get_time.3187
-rw-r--r--secure/lib/libssl/man/SSL_accept.3200
-rw-r--r--secure/lib/libssl/man/SSL_alert_type_string.3347
-rw-r--r--secure/lib/libssl/man/SSL_clear.3185
-rw-r--r--secure/lib/libssl/man/SSL_connect.3197
-rw-r--r--secure/lib/libssl/man/SSL_do_handshake.3199
-rw-r--r--secure/lib/libssl/man/SSL_free.3168
-rw-r--r--secure/lib/libssl/man/SSL_get_SSL_CTX.3150
-rw-r--r--secure/lib/libssl/man/SSL_get_ciphers.3165
-rw-r--r--secure/lib/libssl/man/SSL_get_client_CA_list.3171
-rw-r--r--secure/lib/libssl/man/SSL_get_current_cipher.3167
-rw-r--r--secure/lib/libssl/man/SSL_get_default_timeout.3164
-rw-r--r--secure/lib/libssl/man/SSL_get_error.3226
-rw-r--r--secure/lib/libssl/man/SSL_get_ex_data_X509_STORE_CTX_idx.3178
-rw-r--r--secure/lib/libssl/man/SSL_get_ex_new_index.3183
-rw-r--r--secure/lib/libssl/man/SSL_get_fd.3162
-rw-r--r--secure/lib/libssl/man/SSL_get_peer_cert_chain.3169
-rw-r--r--secure/lib/libssl/man/SSL_get_peer_certificate.3172
-rw-r--r--secure/lib/libssl/man/SSL_get_rbio.3158
-rw-r--r--secure/lib/libssl/man/SSL_get_session.3190
-rw-r--r--secure/lib/libssl/man/SSL_get_verify_result.3173
-rw-r--r--secure/lib/libssl/man/SSL_get_version.3162
-rw-r--r--secure/lib/libssl/man/SSL_library_init.3178
-rw-r--r--secure/lib/libssl/man/SSL_load_client_CA_file.3180
-rw-r--r--secure/lib/libssl/man/SSL_new.3162
-rw-r--r--secure/lib/libssl/man/SSL_pending.3165
-rw-r--r--secure/lib/libssl/man/SSL_read.3238
-rw-r--r--secure/lib/libssl/man/SSL_rstate_string.3178
-rw-r--r--secure/lib/libssl/man/SSL_session_reused.3161
-rw-r--r--secure/lib/libssl/man/SSL_set_bio.3158
-rw-r--r--secure/lib/libssl/man/SSL_set_connect_state.3178
-rw-r--r--secure/lib/libssl/man/SSL_set_fd.3171
-rw-r--r--secure/lib/libssl/man/SSL_set_session.3173
-rw-r--r--secure/lib/libssl/man/SSL_set_shutdown.3187
-rw-r--r--secure/lib/libssl/man/SSL_set_verify_result.3161
-rw-r--r--secure/lib/libssl/man/SSL_shutdown.3234
-rw-r--r--secure/lib/libssl/man/SSL_state_string.3168
-rw-r--r--secure/lib/libssl/man/SSL_want.3192
-rw-r--r--secure/lib/libssl/man/SSL_write.3223
-rw-r--r--secure/lib/libssl/man/d2i_SSL_SESSION.3189
-rw-r--r--secure/lib/libssl/man/ssl.3803
-rw-r--r--secure/libexec/Makefile10
-rw-r--r--secure/libexec/Makefile.inc5
-rw-r--r--secure/libexec/sftp-server/Makefile18
-rw-r--r--secure/libexec/ssh-keysign/Makefile18
-rw-r--r--secure/libexec/ssh-pkcs11-helper/Makefile16
-rw-r--r--secure/usr.bin/Makefile13
-rw-r--r--secure/usr.bin/Makefile.inc5
-rw-r--r--secure/usr.bin/bdes/Makefile11
-rw-r--r--secure/usr.bin/bdes/bdes.1415
-rw-r--r--secure/usr.bin/bdes/bdes.c1005
-rw-r--r--secure/usr.bin/bdes/bdes.ps2946
-rw-r--r--secure/usr.bin/openssl/Makefile26
-rw-r--r--secure/usr.bin/openssl/Makefile.man47
-rw-r--r--secure/usr.bin/openssl/man/CA.pl.1297
-rw-r--r--secure/usr.bin/openssl/man/asn1parse.1294
-rw-r--r--secure/usr.bin/openssl/man/ca.1727
-rw-r--r--secure/usr.bin/openssl/man/ciphers.1522
-rw-r--r--secure/usr.bin/openssl/man/config.1282
-rw-r--r--secure/usr.bin/openssl/man/crl.1227
-rw-r--r--secure/usr.bin/openssl/man/crl2pkcs7.1206
-rw-r--r--secure/usr.bin/openssl/man/dgst.1221
-rw-r--r--secure/usr.bin/openssl/man/dhparam.1246
-rw-r--r--secure/usr.bin/openssl/man/dsa.1276
-rw-r--r--secure/usr.bin/openssl/man/dsaparam.1219
-rw-r--r--secure/usr.bin/openssl/man/ec.1306
-rw-r--r--secure/usr.bin/openssl/man/ecparam.1292
-rw-r--r--secure/usr.bin/openssl/man/enc.1390
-rw-r--r--secure/usr.bin/openssl/man/errstr.1166
-rw-r--r--secure/usr.bin/openssl/man/gendsa.1180
-rw-r--r--secure/usr.bin/openssl/man/genrsa.1205
-rw-r--r--secure/usr.bin/openssl/man/nseq.1190
-rw-r--r--secure/usr.bin/openssl/man/ocsp.1463
-rw-r--r--secure/usr.bin/openssl/man/openssl.1409
-rw-r--r--secure/usr.bin/openssl/man/passwd.1192
-rw-r--r--secure/usr.bin/openssl/man/pkcs12.1423
-rw-r--r--secure/usr.bin/openssl/man/pkcs7.1221
-rw-r--r--secure/usr.bin/openssl/man/pkcs8.1350
-rw-r--r--secure/usr.bin/openssl/man/rand.1170
-rw-r--r--secure/usr.bin/openssl/man/req.1701
-rw-r--r--secure/usr.bin/openssl/man/rsa.1303
-rw-r--r--secure/usr.bin/openssl/man/rsautl.1307
-rw-r--r--secure/usr.bin/openssl/man/s_client.1383
-rw-r--r--secure/usr.bin/openssl/man/s_server.1419
-rw-r--r--secure/usr.bin/openssl/man/s_time.1277
-rw-r--r--secure/usr.bin/openssl/man/sess_id.1249
-rw-r--r--secure/usr.bin/openssl/man/smime.1484
-rw-r--r--secure/usr.bin/openssl/man/speed.1177
-rw-r--r--secure/usr.bin/openssl/man/spkac.1247
-rw-r--r--secure/usr.bin/openssl/man/verify.1406
-rw-r--r--secure/usr.bin/openssl/man/version.1175
-rw-r--r--secure/usr.bin/openssl/man/x509.1850
-rw-r--r--secure/usr.bin/openssl/man/x509v3_config.1601
-rw-r--r--secure/usr.bin/scp/Makefile17
-rw-r--r--secure/usr.bin/sftp/Makefile17
-rw-r--r--secure/usr.bin/ssh-add/Makefile17
-rw-r--r--secure/usr.bin/ssh-agent/Makefile17
-rw-r--r--secure/usr.bin/ssh-keygen/Makefile17
-rw-r--r--secure/usr.bin/ssh-keyscan/Makefile14
-rw-r--r--secure/usr.bin/ssh/Makefile48
-rw-r--r--secure/usr.sbin/Makefile10
-rw-r--r--secure/usr.sbin/Makefile.inc5
-rw-r--r--secure/usr.sbin/sshd/Makefile62
346 files changed, 87798 insertions, 0 deletions
diff --git a/secure/Makefile b/secure/Makefile
new file mode 100644
index 0000000..7342709
--- /dev/null
+++ b/secure/Makefile
@@ -0,0 +1,37 @@
+# $FreeBSD$
+
+.include <bsd.own.mk>
+
+SUBDIR= lib libexec usr.bin usr.sbin
+
+# These are the programs which depend on crypto, but not Kerberos.
+SPROGS= lib/libfetch lib/libpam lib/libradius lib/libtelnet \
+ bin/ed libexec/telnetd usr.bin/fetch usr.bin/telnet \
+ usr.sbin/pkg_install usr.sbin/ppp usr.sbin/tcpdump/tcpdump
+.if ${MK_SENDMAIL} != "no"
+SPROGS+=usr.sbin/sendmail
+.endif
+
+# This target is used to rebuild these programs with crypto.
+secure:
+.for entry in ${SPROGS}
+ cd ${.CURDIR}/../${entry}; \
+ ${MAKE} cleandir; \
+ ${MAKE} obj; \
+ ${MAKE} depend; \
+ ${MAKE} all; \
+ ${MAKE} install
+.endfor
+
+# This target is used to rebuild these programs without crypto.
+insecure:
+.for entry in ${SPROGS}
+ cd ${.CURDIR}/../${entry}; \
+ ${MAKE} -DWITHOUT_CRYPT cleandir; \
+ ${MAKE} -DWITHOUT_CRYPT obj; \
+ ${MAKE} -DWITHOUT_CRYPT depend; \
+ ${MAKE} -DWITHOUT_CRYPT all; \
+ ${MAKE} -DWITHOUT_CRYPT install
+.endfor
+
+.include <bsd.subdir.mk>
diff --git a/secure/Makefile.inc b/secure/Makefile.inc
new file mode 100644
index 0000000..0bd84f1
--- /dev/null
+++ b/secure/Makefile.inc
@@ -0,0 +1,19 @@
+# $FreeBSD$
+
+.include <bsd.own.mk>
+
+.if exists(${.CURDIR}/../../lib/libcrypt/obj)
+CRYPTOBJDIR= ${.CURDIR}/../../lib/libcrypt/obj
+.else
+CRYPTOBJDIR= ${.CURDIR}/../../lib/libcrypt
+.endif
+
+.if ${MK_IDEA} == "no"
+CFLAGS+= -DNO_IDEA
+.endif
+
+.if ${MK_OPENSSH} != "no"
+SSHDIR= ${.CURDIR}/../../../crypto/openssh
+.endif
+
+WARNS?= 0
diff --git a/secure/lib/Makefile b/secure/lib/Makefile
new file mode 100644
index 0000000..e27bcc3
--- /dev/null
+++ b/secure/lib/Makefile
@@ -0,0 +1,13 @@
+# $FreeBSD$
+
+.include <bsd.own.mk>
+
+SUBDIR=
+.if ${MK_OPENSSL} != "no"
+SUBDIR+=libcrypto libssl
+.if ${MK_OPENSSH} != "no"
+SUBDIR+=libssh
+.endif
+.endif
+
+.include <bsd.subdir.mk>
diff --git a/secure/lib/Makefile.inc b/secure/lib/Makefile.inc
new file mode 100644
index 0000000..002a3f7
--- /dev/null
+++ b/secure/lib/Makefile.inc
@@ -0,0 +1,6 @@
+# $FreeBSD$
+
+.include "../Makefile.inc"
+.if exists(${.CURDIR}/../../../lib/Makefile.inc)
+.include "${.CURDIR}/../../../lib/Makefile.inc"
+.endif
diff --git a/secure/lib/libcrypt/blowfish.c b/secure/lib/libcrypt/blowfish.c
new file mode 100644
index 0000000..5b33f02
--- /dev/null
+++ b/secure/lib/libcrypt/blowfish.c
@@ -0,0 +1,484 @@
+/*
+ * Blowfish block cipher
+ * Copyright 1997 Niels Provos <provos@physnet.uni-hamburg.de>
+ * All rights reserved.
+ *
+ * Implementation advice by David Mazieres <dm@lcs.mit.edu>.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by Niels Provos.
+ * 4. The name of the author may not be used to endorse or promote products
+ * derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <sys/cdefs.h>
+__FBSDID("$FreeBSD$");
+
+/*
+ * This code is derived from section 14.3 and the given source
+ * in section V of Applied Cryptography, second edition.
+ * Blowfish is an unpatented fast block cipher designed by
+ * Bruce Schneier.
+ */
+
+/*
+ * FreeBSD implementation by Paul Herman <pherman@frenchfries.net>
+ */
+
+#if 0
+#include <stdio.h> /* used for debugging */
+#include <string.h>
+#endif
+
+#include <sys/types.h>
+#include "blowfish.h"
+
+/* Function for Feistel Networks */
+
+#define _F(s, x) ((((s)[ (((x)>>24)&0xFF)] \
+ + (s)[0x100 + (((x)>>16)&0xFF)]) \
+ ^ (s)[0x200 + (((x)>> 8)&0xFF)]) \
+ + (s)[0x300 + ( (x) &0xFF)])
+
+#define BLFRND(s, p, i, j, n) (i ^= _F(s, j) ^ (p)[n])
+
+static void
+Blowfish_encipher(blf_ctx *c, u_int32_t *xl, u_int32_t *xr)
+{
+ u_int32_t Xl;
+ u_int32_t Xr;
+ u_int32_t *s = c->S[0];
+ u_int32_t *p = c->P;
+
+ Xl = *xl;
+ Xr = *xr;
+
+ Xl ^= p[0];
+ BLFRND(s, p, Xr, Xl, 1); BLFRND(s, p, Xl, Xr, 2);
+ BLFRND(s, p, Xr, Xl, 3); BLFRND(s, p, Xl, Xr, 4);
+ BLFRND(s, p, Xr, Xl, 5); BLFRND(s, p, Xl, Xr, 6);
+ BLFRND(s, p, Xr, Xl, 7); BLFRND(s, p, Xl, Xr, 8);
+ BLFRND(s, p, Xr, Xl, 9); BLFRND(s, p, Xl, Xr, 10);
+ BLFRND(s, p, Xr, Xl, 11); BLFRND(s, p, Xl, Xr, 12);
+ BLFRND(s, p, Xr, Xl, 13); BLFRND(s, p, Xl, Xr, 14);
+ BLFRND(s, p, Xr, Xl, 15); BLFRND(s, p, Xl, Xr, 16);
+
+ *xl = Xr ^ p[17];
+ *xr = Xl;
+}
+
+void
+Blowfish_initstate(blf_ctx *c)
+{
+
+/* P-box and S-box tables initialized with digits of Pi */
+
+ const blf_ctx initstate =
+
+ { {
+ {
+ 0xd1310ba6, 0x98dfb5ac, 0x2ffd72db, 0xd01adfb7,
+ 0xb8e1afed, 0x6a267e96, 0xba7c9045, 0xf12c7f99,
+ 0x24a19947, 0xb3916cf7, 0x0801f2e2, 0x858efc16,
+ 0x636920d8, 0x71574e69, 0xa458fea3, 0xf4933d7e,
+ 0x0d95748f, 0x728eb658, 0x718bcd58, 0x82154aee,
+ 0x7b54a41d, 0xc25a59b5, 0x9c30d539, 0x2af26013,
+ 0xc5d1b023, 0x286085f0, 0xca417918, 0xb8db38ef,
+ 0x8e79dcb0, 0x603a180e, 0x6c9e0e8b, 0xb01e8a3e,
+ 0xd71577c1, 0xbd314b27, 0x78af2fda, 0x55605c60,
+ 0xe65525f3, 0xaa55ab94, 0x57489862, 0x63e81440,
+ 0x55ca396a, 0x2aab10b6, 0xb4cc5c34, 0x1141e8ce,
+ 0xa15486af, 0x7c72e993, 0xb3ee1411, 0x636fbc2a,
+ 0x2ba9c55d, 0x741831f6, 0xce5c3e16, 0x9b87931e,
+ 0xafd6ba33, 0x6c24cf5c, 0x7a325381, 0x28958677,
+ 0x3b8f4898, 0x6b4bb9af, 0xc4bfe81b, 0x66282193,
+ 0x61d809cc, 0xfb21a991, 0x487cac60, 0x5dec8032,
+ 0xef845d5d, 0xe98575b1, 0xdc262302, 0xeb651b88,
+ 0x23893e81, 0xd396acc5, 0x0f6d6ff3, 0x83f44239,
+ 0x2e0b4482, 0xa4842004, 0x69c8f04a, 0x9e1f9b5e,
+ 0x21c66842, 0xf6e96c9a, 0x670c9c61, 0xabd388f0,
+ 0x6a51a0d2, 0xd8542f68, 0x960fa728, 0xab5133a3,
+ 0x6eef0b6c, 0x137a3be4, 0xba3bf050, 0x7efb2a98,
+ 0xa1f1651d, 0x39af0176, 0x66ca593e, 0x82430e88,
+ 0x8cee8619, 0x456f9fb4, 0x7d84a5c3, 0x3b8b5ebe,
+ 0xe06f75d8, 0x85c12073, 0x401a449f, 0x56c16aa6,
+ 0x4ed3aa62, 0x363f7706, 0x1bfedf72, 0x429b023d,
+ 0x37d0d724, 0xd00a1248, 0xdb0fead3, 0x49f1c09b,
+ 0x075372c9, 0x80991b7b, 0x25d479d8, 0xf6e8def7,
+ 0xe3fe501a, 0xb6794c3b, 0x976ce0bd, 0x04c006ba,
+ 0xc1a94fb6, 0x409f60c4, 0x5e5c9ec2, 0x196a2463,
+ 0x68fb6faf, 0x3e6c53b5, 0x1339b2eb, 0x3b52ec6f,
+ 0x6dfc511f, 0x9b30952c, 0xcc814544, 0xaf5ebd09,
+ 0xbee3d004, 0xde334afd, 0x660f2807, 0x192e4bb3,
+ 0xc0cba857, 0x45c8740f, 0xd20b5f39, 0xb9d3fbdb,
+ 0x5579c0bd, 0x1a60320a, 0xd6a100c6, 0x402c7279,
+ 0x679f25fe, 0xfb1fa3cc, 0x8ea5e9f8, 0xdb3222f8,
+ 0x3c7516df, 0xfd616b15, 0x2f501ec8, 0xad0552ab,
+ 0x323db5fa, 0xfd238760, 0x53317b48, 0x3e00df82,
+ 0x9e5c57bb, 0xca6f8ca0, 0x1a87562e, 0xdf1769db,
+ 0xd542a8f6, 0x287effc3, 0xac6732c6, 0x8c4f5573,
+ 0x695b27b0, 0xbbca58c8, 0xe1ffa35d, 0xb8f011a0,
+ 0x10fa3d98, 0xfd2183b8, 0x4afcb56c, 0x2dd1d35b,
+ 0x9a53e479, 0xb6f84565, 0xd28e49bc, 0x4bfb9790,
+ 0xe1ddf2da, 0xa4cb7e33, 0x62fb1341, 0xcee4c6e8,
+ 0xef20cada, 0x36774c01, 0xd07e9efe, 0x2bf11fb4,
+ 0x95dbda4d, 0xae909198, 0xeaad8e71, 0x6b93d5a0,
+ 0xd08ed1d0, 0xafc725e0, 0x8e3c5b2f, 0x8e7594b7,
+ 0x8ff6e2fb, 0xf2122b64, 0x8888b812, 0x900df01c,
+ 0x4fad5ea0, 0x688fc31c, 0xd1cff191, 0xb3a8c1ad,
+ 0x2f2f2218, 0xbe0e1777, 0xea752dfe, 0x8b021fa1,
+ 0xe5a0cc0f, 0xb56f74e8, 0x18acf3d6, 0xce89e299,
+ 0xb4a84fe0, 0xfd13e0b7, 0x7cc43b81, 0xd2ada8d9,
+ 0x165fa266, 0x80957705, 0x93cc7314, 0x211a1477,
+ 0xe6ad2065, 0x77b5fa86, 0xc75442f5, 0xfb9d35cf,
+ 0xebcdaf0c, 0x7b3e89a0, 0xd6411bd3, 0xae1e7e49,
+ 0x00250e2d, 0x2071b35e, 0x226800bb, 0x57b8e0af,
+ 0x2464369b, 0xf009b91e, 0x5563911d, 0x59dfa6aa,
+ 0x78c14389, 0xd95a537f, 0x207d5ba2, 0x02e5b9c5,
+ 0x83260376, 0x6295cfa9, 0x11c81968, 0x4e734a41,
+ 0xb3472dca, 0x7b14a94a, 0x1b510052, 0x9a532915,
+ 0xd60f573f, 0xbc9bc6e4, 0x2b60a476, 0x81e67400,
+ 0x08ba6fb5, 0x571be91f, 0xf296ec6b, 0x2a0dd915,
+ 0xb6636521, 0xe7b9f9b6, 0xff34052e, 0xc5855664,
+ 0x53b02d5d, 0xa99f8fa1, 0x08ba4799, 0x6e85076a},
+ {
+ 0x4b7a70e9, 0xb5b32944, 0xdb75092e, 0xc4192623,
+ 0xad6ea6b0, 0x49a7df7d, 0x9cee60b8, 0x8fedb266,
+ 0xecaa8c71, 0x699a17ff, 0x5664526c, 0xc2b19ee1,
+ 0x193602a5, 0x75094c29, 0xa0591340, 0xe4183a3e,
+ 0x3f54989a, 0x5b429d65, 0x6b8fe4d6, 0x99f73fd6,
+ 0xa1d29c07, 0xefe830f5, 0x4d2d38e6, 0xf0255dc1,
+ 0x4cdd2086, 0x8470eb26, 0x6382e9c6, 0x021ecc5e,
+ 0x09686b3f, 0x3ebaefc9, 0x3c971814, 0x6b6a70a1,
+ 0x687f3584, 0x52a0e286, 0xb79c5305, 0xaa500737,
+ 0x3e07841c, 0x7fdeae5c, 0x8e7d44ec, 0x5716f2b8,
+ 0xb03ada37, 0xf0500c0d, 0xf01c1f04, 0x0200b3ff,
+ 0xae0cf51a, 0x3cb574b2, 0x25837a58, 0xdc0921bd,
+ 0xd19113f9, 0x7ca92ff6, 0x94324773, 0x22f54701,
+ 0x3ae5e581, 0x37c2dadc, 0xc8b57634, 0x9af3dda7,
+ 0xa9446146, 0x0fd0030e, 0xecc8c73e, 0xa4751e41,
+ 0xe238cd99, 0x3bea0e2f, 0x3280bba1, 0x183eb331,
+ 0x4e548b38, 0x4f6db908, 0x6f420d03, 0xf60a04bf,
+ 0x2cb81290, 0x24977c79, 0x5679b072, 0xbcaf89af,
+ 0xde9a771f, 0xd9930810, 0xb38bae12, 0xdccf3f2e,
+ 0x5512721f, 0x2e6b7124, 0x501adde6, 0x9f84cd87,
+ 0x7a584718, 0x7408da17, 0xbc9f9abc, 0xe94b7d8c,
+ 0xec7aec3a, 0xdb851dfa, 0x63094366, 0xc464c3d2,
+ 0xef1c1847, 0x3215d908, 0xdd433b37, 0x24c2ba16,
+ 0x12a14d43, 0x2a65c451, 0x50940002, 0x133ae4dd,
+ 0x71dff89e, 0x10314e55, 0x81ac77d6, 0x5f11199b,
+ 0x043556f1, 0xd7a3c76b, 0x3c11183b, 0x5924a509,
+ 0xf28fe6ed, 0x97f1fbfa, 0x9ebabf2c, 0x1e153c6e,
+ 0x86e34570, 0xeae96fb1, 0x860e5e0a, 0x5a3e2ab3,
+ 0x771fe71c, 0x4e3d06fa, 0x2965dcb9, 0x99e71d0f,
+ 0x803e89d6, 0x5266c825, 0x2e4cc978, 0x9c10b36a,
+ 0xc6150eba, 0x94e2ea78, 0xa5fc3c53, 0x1e0a2df4,
+ 0xf2f74ea7, 0x361d2b3d, 0x1939260f, 0x19c27960,
+ 0x5223a708, 0xf71312b6, 0xebadfe6e, 0xeac31f66,
+ 0xe3bc4595, 0xa67bc883, 0xb17f37d1, 0x018cff28,
+ 0xc332ddef, 0xbe6c5aa5, 0x65582185, 0x68ab9802,
+ 0xeecea50f, 0xdb2f953b, 0x2aef7dad, 0x5b6e2f84,
+ 0x1521b628, 0x29076170, 0xecdd4775, 0x619f1510,
+ 0x13cca830, 0xeb61bd96, 0x0334fe1e, 0xaa0363cf,
+ 0xb5735c90, 0x4c70a239, 0xd59e9e0b, 0xcbaade14,
+ 0xeecc86bc, 0x60622ca7, 0x9cab5cab, 0xb2f3846e,
+ 0x648b1eaf, 0x19bdf0ca, 0xa02369b9, 0x655abb50,
+ 0x40685a32, 0x3c2ab4b3, 0x319ee9d5, 0xc021b8f7,
+ 0x9b540b19, 0x875fa099, 0x95f7997e, 0x623d7da8,
+ 0xf837889a, 0x97e32d77, 0x11ed935f, 0x16681281,
+ 0x0e358829, 0xc7e61fd6, 0x96dedfa1, 0x7858ba99,
+ 0x57f584a5, 0x1b227263, 0x9b83c3ff, 0x1ac24696,
+ 0xcdb30aeb, 0x532e3054, 0x8fd948e4, 0x6dbc3128,
+ 0x58ebf2ef, 0x34c6ffea, 0xfe28ed61, 0xee7c3c73,
+ 0x5d4a14d9, 0xe864b7e3, 0x42105d14, 0x203e13e0,
+ 0x45eee2b6, 0xa3aaabea, 0xdb6c4f15, 0xfacb4fd0,
+ 0xc742f442, 0xef6abbb5, 0x654f3b1d, 0x41cd2105,
+ 0xd81e799e, 0x86854dc7, 0xe44b476a, 0x3d816250,
+ 0xcf62a1f2, 0x5b8d2646, 0xfc8883a0, 0xc1c7b6a3,
+ 0x7f1524c3, 0x69cb7492, 0x47848a0b, 0x5692b285,
+ 0x095bbf00, 0xad19489d, 0x1462b174, 0x23820e00,
+ 0x58428d2a, 0x0c55f5ea, 0x1dadf43e, 0x233f7061,
+ 0x3372f092, 0x8d937e41, 0xd65fecf1, 0x6c223bdb,
+ 0x7cde3759, 0xcbee7460, 0x4085f2a7, 0xce77326e,
+ 0xa6078084, 0x19f8509e, 0xe8efd855, 0x61d99735,
+ 0xa969a7aa, 0xc50c06c2, 0x5a04abfc, 0x800bcadc,
+ 0x9e447a2e, 0xc3453484, 0xfdd56705, 0x0e1e9ec9,
+ 0xdb73dbd3, 0x105588cd, 0x675fda79, 0xe3674340,
+ 0xc5c43465, 0x713e38d8, 0x3d28f89e, 0xf16dff20,
+ 0x153e21e7, 0x8fb03d4a, 0xe6e39f2b, 0xdb83adf7},
+ {
+ 0xe93d5a68, 0x948140f7, 0xf64c261c, 0x94692934,
+ 0x411520f7, 0x7602d4f7, 0xbcf46b2e, 0xd4a20068,
+ 0xd4082471, 0x3320f46a, 0x43b7d4b7, 0x500061af,
+ 0x1e39f62e, 0x97244546, 0x14214f74, 0xbf8b8840,
+ 0x4d95fc1d, 0x96b591af, 0x70f4ddd3, 0x66a02f45,
+ 0xbfbc09ec, 0x03bd9785, 0x7fac6dd0, 0x31cb8504,
+ 0x96eb27b3, 0x55fd3941, 0xda2547e6, 0xabca0a9a,
+ 0x28507825, 0x530429f4, 0x0a2c86da, 0xe9b66dfb,
+ 0x68dc1462, 0xd7486900, 0x680ec0a4, 0x27a18dee,
+ 0x4f3ffea2, 0xe887ad8c, 0xb58ce006, 0x7af4d6b6,
+ 0xaace1e7c, 0xd3375fec, 0xce78a399, 0x406b2a42,
+ 0x20fe9e35, 0xd9f385b9, 0xee39d7ab, 0x3b124e8b,
+ 0x1dc9faf7, 0x4b6d1856, 0x26a36631, 0xeae397b2,
+ 0x3a6efa74, 0xdd5b4332, 0x6841e7f7, 0xca7820fb,
+ 0xfb0af54e, 0xd8feb397, 0x454056ac, 0xba489527,
+ 0x55533a3a, 0x20838d87, 0xfe6ba9b7, 0xd096954b,
+ 0x55a867bc, 0xa1159a58, 0xcca92963, 0x99e1db33,
+ 0xa62a4a56, 0x3f3125f9, 0x5ef47e1c, 0x9029317c,
+ 0xfdf8e802, 0x04272f70, 0x80bb155c, 0x05282ce3,
+ 0x95c11548, 0xe4c66d22, 0x48c1133f, 0xc70f86dc,
+ 0x07f9c9ee, 0x41041f0f, 0x404779a4, 0x5d886e17,
+ 0x325f51eb, 0xd59bc0d1, 0xf2bcc18f, 0x41113564,
+ 0x257b7834, 0x602a9c60, 0xdff8e8a3, 0x1f636c1b,
+ 0x0e12b4c2, 0x02e1329e, 0xaf664fd1, 0xcad18115,
+ 0x6b2395e0, 0x333e92e1, 0x3b240b62, 0xeebeb922,
+ 0x85b2a20e, 0xe6ba0d99, 0xde720c8c, 0x2da2f728,
+ 0xd0127845, 0x95b794fd, 0x647d0862, 0xe7ccf5f0,
+ 0x5449a36f, 0x877d48fa, 0xc39dfd27, 0xf33e8d1e,
+ 0x0a476341, 0x992eff74, 0x3a6f6eab, 0xf4f8fd37,
+ 0xa812dc60, 0xa1ebddf8, 0x991be14c, 0xdb6e6b0d,
+ 0xc67b5510, 0x6d672c37, 0x2765d43b, 0xdcd0e804,
+ 0xf1290dc7, 0xcc00ffa3, 0xb5390f92, 0x690fed0b,
+ 0x667b9ffb, 0xcedb7d9c, 0xa091cf0b, 0xd9155ea3,
+ 0xbb132f88, 0x515bad24, 0x7b9479bf, 0x763bd6eb,
+ 0x37392eb3, 0xcc115979, 0x8026e297, 0xf42e312d,
+ 0x6842ada7, 0xc66a2b3b, 0x12754ccc, 0x782ef11c,
+ 0x6a124237, 0xb79251e7, 0x06a1bbe6, 0x4bfb6350,
+ 0x1a6b1018, 0x11caedfa, 0x3d25bdd8, 0xe2e1c3c9,
+ 0x44421659, 0x0a121386, 0xd90cec6e, 0xd5abea2a,
+ 0x64af674e, 0xda86a85f, 0xbebfe988, 0x64e4c3fe,
+ 0x9dbc8057, 0xf0f7c086, 0x60787bf8, 0x6003604d,
+ 0xd1fd8346, 0xf6381fb0, 0x7745ae04, 0xd736fccc,
+ 0x83426b33, 0xf01eab71, 0xb0804187, 0x3c005e5f,
+ 0x77a057be, 0xbde8ae24, 0x55464299, 0xbf582e61,
+ 0x4e58f48f, 0xf2ddfda2, 0xf474ef38, 0x8789bdc2,
+ 0x5366f9c3, 0xc8b38e74, 0xb475f255, 0x46fcd9b9,
+ 0x7aeb2661, 0x8b1ddf84, 0x846a0e79, 0x915f95e2,
+ 0x466e598e, 0x20b45770, 0x8cd55591, 0xc902de4c,
+ 0xb90bace1, 0xbb8205d0, 0x11a86248, 0x7574a99e,
+ 0xb77f19b6, 0xe0a9dc09, 0x662d09a1, 0xc4324633,
+ 0xe85a1f02, 0x09f0be8c, 0x4a99a025, 0x1d6efe10,
+ 0x1ab93d1d, 0x0ba5a4df, 0xa186f20f, 0x2868f169,
+ 0xdcb7da83, 0x573906fe, 0xa1e2ce9b, 0x4fcd7f52,
+ 0x50115e01, 0xa70683fa, 0xa002b5c4, 0x0de6d027,
+ 0x9af88c27, 0x773f8641, 0xc3604c06, 0x61a806b5,
+ 0xf0177a28, 0xc0f586e0, 0x006058aa, 0x30dc7d62,
+ 0x11e69ed7, 0x2338ea63, 0x53c2dd94, 0xc2c21634,
+ 0xbbcbee56, 0x90bcb6de, 0xebfc7da1, 0xce591d76,
+ 0x6f05e409, 0x4b7c0188, 0x39720a3d, 0x7c927c24,
+ 0x86e3725f, 0x724d9db9, 0x1ac15bb4, 0xd39eb8fc,
+ 0xed545578, 0x08fca5b5, 0xd83d7cd3, 0x4dad0fc4,
+ 0x1e50ef5e, 0xb161e6f8, 0xa28514d9, 0x6c51133c,
+ 0x6fd5c7e7, 0x56e14ec4, 0x362abfce, 0xddc6c837,
+ 0xd79a3234, 0x92638212, 0x670efa8e, 0x406000e0},
+ {
+ 0x3a39ce37, 0xd3faf5cf, 0xabc27737, 0x5ac52d1b,
+ 0x5cb0679e, 0x4fa33742, 0xd3822740, 0x99bc9bbe,
+ 0xd5118e9d, 0xbf0f7315, 0xd62d1c7e, 0xc700c47b,
+ 0xb78c1b6b, 0x21a19045, 0xb26eb1be, 0x6a366eb4,
+ 0x5748ab2f, 0xbc946e79, 0xc6a376d2, 0x6549c2c8,
+ 0x530ff8ee, 0x468dde7d, 0xd5730a1d, 0x4cd04dc6,
+ 0x2939bbdb, 0xa9ba4650, 0xac9526e8, 0xbe5ee304,
+ 0xa1fad5f0, 0x6a2d519a, 0x63ef8ce2, 0x9a86ee22,
+ 0xc089c2b8, 0x43242ef6, 0xa51e03aa, 0x9cf2d0a4,
+ 0x83c061ba, 0x9be96a4d, 0x8fe51550, 0xba645bd6,
+ 0x2826a2f9, 0xa73a3ae1, 0x4ba99586, 0xef5562e9,
+ 0xc72fefd3, 0xf752f7da, 0x3f046f69, 0x77fa0a59,
+ 0x80e4a915, 0x87b08601, 0x9b09e6ad, 0x3b3ee593,
+ 0xe990fd5a, 0x9e34d797, 0x2cf0b7d9, 0x022b8b51,
+ 0x96d5ac3a, 0x017da67d, 0xd1cf3ed6, 0x7c7d2d28,
+ 0x1f9f25cf, 0xadf2b89b, 0x5ad6b472, 0x5a88f54c,
+ 0xe029ac71, 0xe019a5e6, 0x47b0acfd, 0xed93fa9b,
+ 0xe8d3c48d, 0x283b57cc, 0xf8d56629, 0x79132e28,
+ 0x785f0191, 0xed756055, 0xf7960e44, 0xe3d35e8c,
+ 0x15056dd4, 0x88f46dba, 0x03a16125, 0x0564f0bd,
+ 0xc3eb9e15, 0x3c9057a2, 0x97271aec, 0xa93a072a,
+ 0x1b3f6d9b, 0x1e6321f5, 0xf59c66fb, 0x26dcf319,
+ 0x7533d928, 0xb155fdf5, 0x03563482, 0x8aba3cbb,
+ 0x28517711, 0xc20ad9f8, 0xabcc5167, 0xccad925f,
+ 0x4de81751, 0x3830dc8e, 0x379d5862, 0x9320f991,
+ 0xea7a90c2, 0xfb3e7bce, 0x5121ce64, 0x774fbe32,
+ 0xa8b6e37e, 0xc3293d46, 0x48de5369, 0x6413e680,
+ 0xa2ae0810, 0xdd6db224, 0x69852dfd, 0x09072166,
+ 0xb39a460a, 0x6445c0dd, 0x586cdecf, 0x1c20c8ae,
+ 0x5bbef7dd, 0x1b588d40, 0xccd2017f, 0x6bb4e3bb,
+ 0xdda26a7e, 0x3a59ff45, 0x3e350a44, 0xbcb4cdd5,
+ 0x72eacea8, 0xfa6484bb, 0x8d6612ae, 0xbf3c6f47,
+ 0xd29be463, 0x542f5d9e, 0xaec2771b, 0xf64e6370,
+ 0x740e0d8d, 0xe75b1357, 0xf8721671, 0xaf537d5d,
+ 0x4040cb08, 0x4eb4e2cc, 0x34d2466a, 0x0115af84,
+ 0xe1b00428, 0x95983a1d, 0x06b89fb4, 0xce6ea048,
+ 0x6f3f3b82, 0x3520ab82, 0x011a1d4b, 0x277227f8,
+ 0x611560b1, 0xe7933fdc, 0xbb3a792b, 0x344525bd,
+ 0xa08839e1, 0x51ce794b, 0x2f32c9b7, 0xa01fbac9,
+ 0xe01cc87e, 0xbcc7d1f6, 0xcf0111c3, 0xa1e8aac7,
+ 0x1a908749, 0xd44fbd9a, 0xd0dadecb, 0xd50ada38,
+ 0x0339c32a, 0xc6913667, 0x8df9317c, 0xe0b12b4f,
+ 0xf79e59b7, 0x43f5bb3a, 0xf2d519ff, 0x27d9459c,
+ 0xbf97222c, 0x15e6fc2a, 0x0f91fc71, 0x9b941525,
+ 0xfae59361, 0xceb69ceb, 0xc2a86459, 0x12baa8d1,
+ 0xb6c1075e, 0xe3056a0c, 0x10d25065, 0xcb03a442,
+ 0xe0ec6e0e, 0x1698db3b, 0x4c98a0be, 0x3278e964,
+ 0x9f1f9532, 0xe0d392df, 0xd3a0342b, 0x8971f21e,
+ 0x1b0a7441, 0x4ba3348c, 0xc5be7120, 0xc37632d8,
+ 0xdf359f8d, 0x9b992f2e, 0xe60b6f47, 0x0fe3f11d,
+ 0xe54cda54, 0x1edad891, 0xce6279cf, 0xcd3e7e6f,
+ 0x1618b166, 0xfd2c1d05, 0x848fd2c5, 0xf6fb2299,
+ 0xf523f357, 0xa6327623, 0x93a83531, 0x56cccd02,
+ 0xacf08162, 0x5a75ebb5, 0x6e163697, 0x88d273cc,
+ 0xde966292, 0x81b949d0, 0x4c50901b, 0x71c65614,
+ 0xe6c6c7bd, 0x327a140a, 0x45e1d006, 0xc3f27b9a,
+ 0xc9aa53fd, 0x62a80f00, 0xbb25bfe2, 0x35bdd2f6,
+ 0x71126905, 0xb2040222, 0xb6cbcf7c, 0xcd769c2b,
+ 0x53113ec0, 0x1640e3d3, 0x38abbd60, 0x2547adf0,
+ 0xba38209c, 0xf746ce76, 0x77afa1c5, 0x20756060,
+ 0x85cbfe4e, 0x8ae88dd8, 0x7aaaf9b0, 0x4cf9aa7e,
+ 0x1948c25c, 0x02fb8a8c, 0x01c36ae4, 0xd6ebe1f9,
+ 0x90d4f869, 0xa65cdea0, 0x3f09252d, 0xc208e69f,
+ 0xb74e6132, 0xce77e25b, 0x578fdfe3, 0x3ac372e6}
+ },
+ {
+ 0x243f6a88, 0x85a308d3, 0x13198a2e, 0x03707344,
+ 0xa4093822, 0x299f31d0, 0x082efa98, 0xec4e6c89,
+ 0x452821e6, 0x38d01377, 0xbe5466cf, 0x34e90c6c,
+ 0xc0ac29b7, 0xc97c50dd, 0x3f84d5b5, 0xb5470917,
+ 0x9216d5d9, 0x8979fb1b
+ } };
+
+ *c = initstate;
+
+}
+
+u_int32_t
+Blowfish_stream2word(const u_int8_t *data, u_int16_t databytes,
+ u_int16_t *current)
+{
+ u_int8_t i;
+ u_int16_t j;
+ u_int32_t temp;
+
+ temp = 0x00000000;
+ j = *current;
+
+ for (i = 0; i < 4; i++, j++) {
+ if (j >= databytes)
+ j = 0;
+ temp = (temp << 8) | data[j];
+ }
+
+ *current = j;
+ return temp;
+}
+
+void
+Blowfish_expand0state(blf_ctx *c, const u_int8_t *key, u_int16_t keybytes)
+{
+ u_int16_t i;
+ u_int16_t j;
+ u_int16_t k;
+ u_int32_t temp;
+ u_int32_t datal;
+ u_int32_t datar;
+
+ j = 0;
+ for (i = 0; i < BLF_N + 2; i++) {
+ /* Extract 4 int8 to 1 int32 from keystream */
+ temp = Blowfish_stream2word(key, keybytes, &j);
+ c->P[i] = c->P[i] ^ temp;
+ }
+
+ j = 0;
+ datal = 0x00000000;
+ datar = 0x00000000;
+ for (i = 0; i < BLF_N + 2; i += 2) {
+ Blowfish_encipher(c, &datal, &datar);
+
+ c->P[i] = datal;
+ c->P[i + 1] = datar;
+ }
+
+ for (i = 0; i < 4; i++) {
+ for (k = 0; k < 256; k += 2) {
+ Blowfish_encipher(c, &datal, &datar);
+
+ c->S[i][k] = datal;
+ c->S[i][k + 1] = datar;
+ }
+ }
+}
+
+void
+Blowfish_expandstate(blf_ctx *c, const u_int8_t *data, u_int16_t databytes,
+ const u_int8_t *key, u_int16_t keybytes)
+{
+ u_int16_t i;
+ u_int16_t j;
+ u_int16_t k;
+ u_int32_t temp;
+ u_int32_t datal;
+ u_int32_t datar;
+
+ j = 0;
+ for (i = 0; i < BLF_N + 2; i++) {
+ /* Extract 4 int8 to 1 int32 from keystream */
+ temp = Blowfish_stream2word(key, keybytes, &j);
+ c->P[i] = c->P[i] ^ temp;
+ }
+
+ j = 0;
+ datal = 0x00000000;
+ datar = 0x00000000;
+ for (i = 0; i < BLF_N + 2; i += 2) {
+ datal ^= Blowfish_stream2word(data, databytes, &j);
+ datar ^= Blowfish_stream2word(data, databytes, &j);
+ Blowfish_encipher(c, &datal, &datar);
+
+ c->P[i] = datal;
+ c->P[i + 1] = datar;
+ }
+
+ for (i = 0; i < 4; i++) {
+ for (k = 0; k < 256; k += 2) {
+ datal ^= Blowfish_stream2word(data, databytes, &j);
+ datar ^= Blowfish_stream2word(data, databytes, &j);
+ Blowfish_encipher(c, &datal, &datar);
+
+ c->S[i][k] = datal;
+ c->S[i][k + 1] = datar;
+ }
+ }
+
+}
+
+void
+blf_enc(blf_ctx *c, u_int32_t *data, u_int16_t blocks)
+{
+ u_int32_t *d;
+ u_int16_t i;
+
+ d = data;
+ for (i = 0; i < blocks; i++) {
+ Blowfish_encipher(c, d, d + 1);
+ d += 2;
+ }
+}
diff --git a/secure/lib/libcrypt/blowfish.h b/secure/lib/libcrypt/blowfish.h
new file mode 100644
index 0000000..2ea6474
--- /dev/null
+++ b/secure/lib/libcrypt/blowfish.h
@@ -0,0 +1,71 @@
+/*
+ * Blowfish - a fast block cipher designed by Bruce Schneier
+ *
+ * Copyright 1997 Niels Provos <provos@physnet.uni-hamburg.de>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by Niels Provos.
+ * 4. The name of the author may not be used to endorse or promote products
+ * derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ * $FreeBSD$
+ */
+
+/*
+ * FreeBSD implementation by Paul Herman <pherman@frenchfries.net>
+ */
+
+#ifndef _BLF_H_
+#define _BLF_H_
+
+/* Schneier states the maximum key length to be 56 bytes.
+ * The way how the subkeys are initalized by the key up
+ * to (N+2)*4 i.e. 72 bytes are utilized.
+ * Warning: For normal blowfish encryption only 56 bytes
+ * of the key affect all cipherbits.
+ */
+
+#define BLF_N 16 /* Number of Subkeys */
+
+/* Blowfish context */
+typedef struct BlowfishContext {
+ u_int32_t S[4][256]; /* S-Boxes */
+ u_int32_t P[BLF_N + 2]; /* Subkeys */
+} blf_ctx;
+
+/* Raw access to customized Blowfish
+ * blf_key is just:
+ * Blowfish_initstate( state )
+ * Blowfish_expand0state( state, key, keylen )
+ */
+
+void Blowfish_initstate(blf_ctx *);
+void Blowfish_expand0state(blf_ctx *, const u_int8_t *, u_int16_t);
+void Blowfish_expandstate
+ (blf_ctx *, const u_int8_t *, u_int16_t, const u_int8_t *, u_int16_t);
+u_int32_t Blowfish_stream2word(const u_int8_t *, u_int16_t, u_int16_t *);
+
+void blf_enc(blf_ctx *, u_int32_t *, u_int16_t);
+
+#endif /* _BLF_H_ */
diff --git a/secure/lib/libcrypt/crypt-blowfish.c b/secure/lib/libcrypt/crypt-blowfish.c
new file mode 100644
index 0000000..649d07c
--- /dev/null
+++ b/secure/lib/libcrypt/crypt-blowfish.c
@@ -0,0 +1,307 @@
+/*
+ * Copyright 1997 Niels Provos <provos@physnet.uni-hamburg.de>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by Niels Provos.
+ * 4. The name of the author may not be used to endorse or promote products
+ * derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <sys/cdefs.h>
+__FBSDID("$FreeBSD$");
+
+/* This password hashing algorithm was designed by David Mazieres
+ * <dm@lcs.mit.edu> and works as follows:
+ *
+ * 1. state := InitState ()
+ * 2. state := ExpandKey (state, salt, password) 3.
+ * REPEAT rounds:
+ * state := ExpandKey (state, 0, salt)
+ * state := ExpandKey(state, 0, password)
+ * 4. ctext := "OrpheanBeholderScryDoubt"
+ * 5. REPEAT 64:
+ * ctext := Encrypt_ECB (state, ctext);
+ * 6. RETURN Concatenate (salt, ctext);
+ *
+ */
+
+/*
+ * FreeBSD implementation by Paul Herman <pherman@frenchfries.net>
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <sys/types.h>
+#include <string.h>
+#include <pwd.h>
+#include "blowfish.h"
+#include "crypt.h"
+
+/* This implementation is adaptable to current computing power.
+ * You can have up to 2^31 rounds which should be enough for some
+ * time to come.
+ */
+
+#define BCRYPT_VERSION '2'
+#define BCRYPT_MAXSALT 16 /* Precomputation is just so nice */
+#define BCRYPT_BLOCKS 6 /* Ciphertext blocks */
+#define BCRYPT_MINROUNDS 16 /* we have log2(rounds) in salt */
+
+static void encode_base64(u_int8_t *, u_int8_t *, u_int16_t);
+static void decode_base64(u_int8_t *, u_int16_t, const u_int8_t *);
+
+static char encrypted[_PASSWORD_LEN];
+static char error[] = ":";
+
+static const u_int8_t Base64Code[] =
+"./ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
+
+static const u_int8_t index_64[128] =
+{
+ 255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
+ 255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
+ 255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
+ 255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
+ 255, 255, 255, 255, 255, 255, 0, 1, 54, 55,
+ 56, 57, 58, 59, 60, 61, 62, 63, 255, 255,
+ 255, 255, 255, 255, 255, 2, 3, 4, 5, 6,
+ 7, 8, 9, 10, 11, 12, 13, 14, 15, 16,
+ 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27,
+ 255, 255, 255, 255, 255, 255, 28, 29, 30,
+ 31, 32, 33, 34, 35, 36, 37, 38, 39, 40,
+ 41, 42, 43, 44, 45, 46, 47, 48, 49, 50,
+ 51, 52, 53, 255, 255, 255, 255, 255
+};
+#define CHAR64(c) ( (c) > 127 ? 255 : index_64[(c)])
+
+static void
+decode_base64(u_int8_t *buffer, u_int16_t len, const u_int8_t *data)
+{
+ u_int8_t *bp = buffer;
+ const u_int8_t *p = data;
+ u_int8_t c1, c2, c3, c4;
+ while (bp < buffer + len) {
+ c1 = CHAR64(*p);
+ c2 = CHAR64(*(p + 1));
+
+ /* Invalid data */
+ if (c1 == 255 || c2 == 255)
+ break;
+
+ *bp++ = (u_int8_t)((c1 << 2) | ((c2 & 0x30) >> 4));
+ if (bp >= buffer + len)
+ break;
+
+ c3 = CHAR64(*(p + 2));
+ if (c3 == 255)
+ break;
+
+ *bp++ = ((c2 & 0x0f) << 4) | ((c3 & 0x3c) >> 2);
+ if (bp >= buffer + len)
+ break;
+
+ c4 = CHAR64(*(p + 3));
+ if (c4 == 255)
+ break;
+ *bp++ = ((c3 & 0x03) << 6) | c4;
+
+ p += 4;
+ }
+}
+
+/* We handle $Vers$log2(NumRounds)$salt+passwd$
+ i.e. $2$04$iwouldntknowwhattosayetKdJ6iFtacBqJdKe6aW7ou */
+
+char *
+crypt_blowfish(const char *key, const char *salt)
+{
+ blf_ctx state;
+ u_int32_t rounds, i, k;
+ u_int16_t j;
+ u_int8_t key_len, salt_len, logr, minr;
+ u_int8_t ciphertext[4 * BCRYPT_BLOCKS] = "OrpheanBeholderScryDoubt";
+ u_int8_t csalt[BCRYPT_MAXSALT];
+ u_int32_t cdata[BCRYPT_BLOCKS];
+ static const char *magic = "$2a$04$";
+
+ /* Defaults */
+ minr = 'a';
+ logr = 4;
+ rounds = 1 << logr;
+
+ /* If it starts with the magic string, then skip that */
+ if(!strncmp(salt, magic, strlen(magic))) {
+ salt += strlen(magic);
+ }
+ else if (*salt == '$') {
+
+ /* Discard "$" identifier */
+ salt++;
+
+ if (*salt > BCRYPT_VERSION) {
+ /* How do I handle errors ? Return ':' */
+ return error;
+ }
+
+ /* Check for minor versions */
+ if (salt[1] != '$') {
+ switch (salt[1]) {
+ case 'a':
+ /* 'ab' should not yield the same as 'abab' */
+ minr = (u_int8_t)salt[1];
+ salt++;
+ break;
+ default:
+ return error;
+ }
+ } else
+ minr = 0;
+
+ /* Discard version + "$" identifier */
+ salt += 2;
+
+ if (salt[2] != '$')
+ /* Out of sync with passwd entry */
+ return error;
+
+ /* Computer power doesnt increase linear, 2^x should be fine */
+ logr = (u_int8_t)atoi(salt);
+ rounds = 1 << logr;
+ if (rounds < BCRYPT_MINROUNDS)
+ return error;
+
+ /* Discard num rounds + "$" identifier */
+ salt += 3;
+ }
+
+
+ /* We dont want the base64 salt but the raw data */
+ decode_base64(csalt, BCRYPT_MAXSALT, (const u_int8_t *)salt);
+ salt_len = BCRYPT_MAXSALT;
+ key_len = (u_int8_t)(strlen(key) + (minr >= 'a' ? 1 : 0));
+
+ /* Setting up S-Boxes and Subkeys */
+ Blowfish_initstate(&state);
+ Blowfish_expandstate(&state, csalt, salt_len,
+ (const u_int8_t *) key, key_len);
+ for (k = 0; k < rounds; k++) {
+ Blowfish_expand0state(&state, (const u_int8_t *) key, key_len);
+ Blowfish_expand0state(&state, csalt, salt_len);
+ }
+
+ /* This can be precomputed later */
+ j = 0;
+ for (i = 0; i < BCRYPT_BLOCKS; i++)
+ cdata[i] = Blowfish_stream2word(ciphertext, 4 * BCRYPT_BLOCKS, &j);
+
+ /* Now do the encryption */
+ for (k = 0; k < 64; k++)
+ blf_enc(&state, cdata, BCRYPT_BLOCKS / 2);
+
+ for (i = 0; i < BCRYPT_BLOCKS; i++) {
+ ciphertext[4 * i + 3] = cdata[i] & 0xff;
+ cdata[i] = cdata[i] >> 8;
+ ciphertext[4 * i + 2] = cdata[i] & 0xff;
+ cdata[i] = cdata[i] >> 8;
+ ciphertext[4 * i + 1] = cdata[i] & 0xff;
+ cdata[i] = cdata[i] >> 8;
+ ciphertext[4 * i + 0] = cdata[i] & 0xff;
+ }
+
+
+ i = 0;
+ encrypted[i++] = '$';
+ encrypted[i++] = BCRYPT_VERSION;
+ if (minr)
+ encrypted[i++] = (int8_t)minr;
+ encrypted[i++] = '$';
+
+ snprintf(encrypted + i, 4, "%2.2u$", logr);
+
+ encode_base64((u_int8_t *) encrypted + i + 3, csalt, BCRYPT_MAXSALT);
+ encode_base64((u_int8_t *) encrypted + strlen(encrypted), ciphertext,
+ 4 * BCRYPT_BLOCKS - 1);
+ return encrypted;
+}
+
+static void
+encode_base64(u_int8_t *buffer, u_int8_t *data, u_int16_t len)
+{
+ u_int8_t *bp = buffer;
+ u_int8_t *p = data;
+ u_int8_t c1, c2;
+ while (p < data + len) {
+ c1 = *p++;
+ *bp++ = Base64Code[(c1 >> 2)];
+ c1 = (c1 & 0x03) << 4;
+ if (p >= data + len) {
+ *bp++ = Base64Code[c1];
+ break;
+ }
+ c2 = *p++;
+ c1 |= (c2 >> 4) & 0x0f;
+ *bp++ = Base64Code[c1];
+ c1 = (c2 & 0x0f) << 2;
+ if (p >= data + len) {
+ *bp++ = Base64Code[c1];
+ break;
+ }
+ c2 = *p++;
+ c1 |= (c2 >> 6) & 0x03;
+ *bp++ = Base64Code[c1];
+ *bp++ = Base64Code[c2 & 0x3f];
+ }
+ *bp = '\0';
+}
+
+#if 0
+void
+main()
+{
+ char blubber[73];
+ char salt[100];
+ char *p;
+ salt[0] = '$';
+ salt[1] = BCRYPT_VERSION;
+ salt[2] = '$';
+
+ snprintf(salt + 3, 4, "%2.2u$", 5);
+
+ printf("24 bytes of salt: ");
+ fgets(salt + 6, 94, stdin);
+ salt[99] = 0;
+ printf("72 bytes of password: ");
+ fpurge(stdin);
+ fgets(blubber, 73, stdin);
+ blubber[72] = 0;
+
+ p = crypt(blubber, salt);
+ printf("Passwd entry: %s\n\n", p);
+
+ p = bcrypt_gensalt(5);
+ printf("Generated salt: %s\n", p);
+ p = crypt(blubber, p);
+ printf("Passwd entry: %s\n", p);
+}
+#endif
diff --git a/secure/lib/libcrypt/crypt-des.c b/secure/lib/libcrypt/crypt-des.c
new file mode 100644
index 0000000..9adff93
--- /dev/null
+++ b/secure/lib/libcrypt/crypt-des.c
@@ -0,0 +1,704 @@
+/*
+ * FreeSec: libcrypt for NetBSD
+ *
+ * Copyright (c) 1994 David Burren
+ * All rights reserved.
+ *
+ * Adapted for FreeBSD-2.0 by Geoffrey M. Rehmet
+ * this file should now *only* export crypt(), in order to make
+ * binaries of libcrypt exportable from the USA
+ *
+ * Adapted for FreeBSD-4.0 by Mark R V Murray
+ * this file should now *only* export crypt_des(), in order to make
+ * a module that can be optionally included in libcrypt.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the author nor the names of other contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * This is an original implementation of the DES and the crypt(3) interfaces
+ * by David Burren <davidb@werj.com.au>.
+ *
+ * An excellent reference on the underlying algorithm (and related
+ * algorithms) is:
+ *
+ * B. Schneier, Applied Cryptography: protocols, algorithms,
+ * and source code in C, John Wiley & Sons, 1994.
+ *
+ * Note that in that book's description of DES the lookups for the initial,
+ * pbox, and final permutations are inverted (this has been brought to the
+ * attention of the author). A list of errata for this book has been
+ * posted to the sci.crypt newsgroup by the author and is available for FTP.
+ *
+ * ARCHITECTURE ASSUMPTIONS:
+ * It is assumed that the 8-byte arrays passed by reference can be
+ * addressed as arrays of u_int32_t's (ie. the CPU is not picky about
+ * alignment).
+ */
+
+#include <sys/cdefs.h>
+__FBSDID("$FreeBSD$");
+
+#include <sys/types.h>
+#include <sys/param.h>
+#include <arpa/inet.h>
+#include <pwd.h>
+#include <string.h>
+#include "crypt.h"
+
+/* We can't always assume gcc */
+#if defined(__GNUC__) && !defined(lint)
+#define INLINE inline
+#else
+#define INLINE
+#endif
+
+
+static u_char IP[64] = {
+ 58, 50, 42, 34, 26, 18, 10, 2, 60, 52, 44, 36, 28, 20, 12, 4,
+ 62, 54, 46, 38, 30, 22, 14, 6, 64, 56, 48, 40, 32, 24, 16, 8,
+ 57, 49, 41, 33, 25, 17, 9, 1, 59, 51, 43, 35, 27, 19, 11, 3,
+ 61, 53, 45, 37, 29, 21, 13, 5, 63, 55, 47, 39, 31, 23, 15, 7
+};
+
+static u_char inv_key_perm[64];
+static u_char key_perm[56] = {
+ 57, 49, 41, 33, 25, 17, 9, 1, 58, 50, 42, 34, 26, 18,
+ 10, 2, 59, 51, 43, 35, 27, 19, 11, 3, 60, 52, 44, 36,
+ 63, 55, 47, 39, 31, 23, 15, 7, 62, 54, 46, 38, 30, 22,
+ 14, 6, 61, 53, 45, 37, 29, 21, 13, 5, 28, 20, 12, 4
+};
+
+static u_char key_shifts[16] = {
+ 1, 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 2, 2, 2, 1
+};
+
+static u_char inv_comp_perm[56];
+static u_char comp_perm[48] = {
+ 14, 17, 11, 24, 1, 5, 3, 28, 15, 6, 21, 10,
+ 23, 19, 12, 4, 26, 8, 16, 7, 27, 20, 13, 2,
+ 41, 52, 31, 37, 47, 55, 30, 40, 51, 45, 33, 48,
+ 44, 49, 39, 56, 34, 53, 46, 42, 50, 36, 29, 32
+};
+
+/*
+ * No E box is used, as it's replaced by some ANDs, shifts, and ORs.
+ */
+
+static u_char u_sbox[8][64];
+static u_char sbox[8][64] = {
+ {
+ 14, 4, 13, 1, 2, 15, 11, 8, 3, 10, 6, 12, 5, 9, 0, 7,
+ 0, 15, 7, 4, 14, 2, 13, 1, 10, 6, 12, 11, 9, 5, 3, 8,
+ 4, 1, 14, 8, 13, 6, 2, 11, 15, 12, 9, 7, 3, 10, 5, 0,
+ 15, 12, 8, 2, 4, 9, 1, 7, 5, 11, 3, 14, 10, 0, 6, 13
+ },
+ {
+ 15, 1, 8, 14, 6, 11, 3, 4, 9, 7, 2, 13, 12, 0, 5, 10,
+ 3, 13, 4, 7, 15, 2, 8, 14, 12, 0, 1, 10, 6, 9, 11, 5,
+ 0, 14, 7, 11, 10, 4, 13, 1, 5, 8, 12, 6, 9, 3, 2, 15,
+ 13, 8, 10, 1, 3, 15, 4, 2, 11, 6, 7, 12, 0, 5, 14, 9
+ },
+ {
+ 10, 0, 9, 14, 6, 3, 15, 5, 1, 13, 12, 7, 11, 4, 2, 8,
+ 13, 7, 0, 9, 3, 4, 6, 10, 2, 8, 5, 14, 12, 11, 15, 1,
+ 13, 6, 4, 9, 8, 15, 3, 0, 11, 1, 2, 12, 5, 10, 14, 7,
+ 1, 10, 13, 0, 6, 9, 8, 7, 4, 15, 14, 3, 11, 5, 2, 12
+ },
+ {
+ 7, 13, 14, 3, 0, 6, 9, 10, 1, 2, 8, 5, 11, 12, 4, 15,
+ 13, 8, 11, 5, 6, 15, 0, 3, 4, 7, 2, 12, 1, 10, 14, 9,
+ 10, 6, 9, 0, 12, 11, 7, 13, 15, 1, 3, 14, 5, 2, 8, 4,
+ 3, 15, 0, 6, 10, 1, 13, 8, 9, 4, 5, 11, 12, 7, 2, 14
+ },
+ {
+ 2, 12, 4, 1, 7, 10, 11, 6, 8, 5, 3, 15, 13, 0, 14, 9,
+ 14, 11, 2, 12, 4, 7, 13, 1, 5, 0, 15, 10, 3, 9, 8, 6,
+ 4, 2, 1, 11, 10, 13, 7, 8, 15, 9, 12, 5, 6, 3, 0, 14,
+ 11, 8, 12, 7, 1, 14, 2, 13, 6, 15, 0, 9, 10, 4, 5, 3
+ },
+ {
+ 12, 1, 10, 15, 9, 2, 6, 8, 0, 13, 3, 4, 14, 7, 5, 11,
+ 10, 15, 4, 2, 7, 12, 9, 5, 6, 1, 13, 14, 0, 11, 3, 8,
+ 9, 14, 15, 5, 2, 8, 12, 3, 7, 0, 4, 10, 1, 13, 11, 6,
+ 4, 3, 2, 12, 9, 5, 15, 10, 11, 14, 1, 7, 6, 0, 8, 13
+ },
+ {
+ 4, 11, 2, 14, 15, 0, 8, 13, 3, 12, 9, 7, 5, 10, 6, 1,
+ 13, 0, 11, 7, 4, 9, 1, 10, 14, 3, 5, 12, 2, 15, 8, 6,
+ 1, 4, 11, 13, 12, 3, 7, 14, 10, 15, 6, 8, 0, 5, 9, 2,
+ 6, 11, 13, 8, 1, 4, 10, 7, 9, 5, 0, 15, 14, 2, 3, 12
+ },
+ {
+ 13, 2, 8, 4, 6, 15, 11, 1, 10, 9, 3, 14, 5, 0, 12, 7,
+ 1, 15, 13, 8, 10, 3, 7, 4, 12, 5, 6, 11, 0, 14, 9, 2,
+ 7, 11, 4, 1, 9, 12, 14, 2, 0, 6, 10, 13, 15, 3, 5, 8,
+ 2, 1, 14, 7, 4, 10, 8, 13, 15, 12, 9, 0, 3, 5, 6, 11
+ }
+};
+
+static u_char un_pbox[32];
+static u_char pbox[32] = {
+ 16, 7, 20, 21, 29, 12, 28, 17, 1, 15, 23, 26, 5, 18, 31, 10,
+ 2, 8, 24, 14, 32, 27, 3, 9, 19, 13, 30, 6, 22, 11, 4, 25
+};
+
+static u_int32_t bits32[32] =
+{
+ 0x80000000, 0x40000000, 0x20000000, 0x10000000,
+ 0x08000000, 0x04000000, 0x02000000, 0x01000000,
+ 0x00800000, 0x00400000, 0x00200000, 0x00100000,
+ 0x00080000, 0x00040000, 0x00020000, 0x00010000,
+ 0x00008000, 0x00004000, 0x00002000, 0x00001000,
+ 0x00000800, 0x00000400, 0x00000200, 0x00000100,
+ 0x00000080, 0x00000040, 0x00000020, 0x00000010,
+ 0x00000008, 0x00000004, 0x00000002, 0x00000001
+};
+
+static u_char bits8[8] = { 0x80, 0x40, 0x20, 0x10, 0x08, 0x04, 0x02, 0x01 };
+
+static u_int32_t saltbits;
+static u_int32_t old_salt;
+static u_int32_t *bits28, *bits24;
+static u_char init_perm[64], final_perm[64];
+static u_int32_t en_keysl[16], en_keysr[16];
+static u_int32_t de_keysl[16], de_keysr[16];
+static int des_initialised = 0;
+static u_char m_sbox[4][4096];
+static u_int32_t psbox[4][256];
+static u_int32_t ip_maskl[8][256], ip_maskr[8][256];
+static u_int32_t fp_maskl[8][256], fp_maskr[8][256];
+static u_int32_t key_perm_maskl[8][128], key_perm_maskr[8][128];
+static u_int32_t comp_maskl[8][128], comp_maskr[8][128];
+static u_int32_t old_rawkey0, old_rawkey1;
+
+static u_char ascii64[] =
+ "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
+/* 0000000000111111111122222222223333333333444444444455555555556666 */
+/* 0123456789012345678901234567890123456789012345678901234567890123 */
+
+static INLINE int
+ascii_to_bin(char ch)
+{
+ if (ch > 'z')
+ return(0);
+ if (ch >= 'a')
+ return(ch - 'a' + 38);
+ if (ch > 'Z')
+ return(0);
+ if (ch >= 'A')
+ return(ch - 'A' + 12);
+ if (ch > '9')
+ return(0);
+ if (ch >= '.')
+ return(ch - '.');
+ return(0);
+}
+
+static void
+des_init(void)
+{
+ int i, j, b, k, inbit, obit;
+ u_int32_t *p, *il, *ir, *fl, *fr;
+
+ old_rawkey0 = old_rawkey1 = 0L;
+ saltbits = 0L;
+ old_salt = 0L;
+ bits24 = (bits28 = bits32 + 4) + 4;
+
+ /*
+ * Invert the S-boxes, reordering the input bits.
+ */
+ for (i = 0; i < 8; i++)
+ for (j = 0; j < 64; j++) {
+ b = (j & 0x20) | ((j & 1) << 4) | ((j >> 1) & 0xf);
+ u_sbox[i][j] = sbox[i][b];
+ }
+
+ /*
+ * Convert the inverted S-boxes into 4 arrays of 8 bits.
+ * Each will handle 12 bits of the S-box input.
+ */
+ for (b = 0; b < 4; b++)
+ for (i = 0; i < 64; i++)
+ for (j = 0; j < 64; j++)
+ m_sbox[b][(i << 6) | j] =
+ (u_char)((u_sbox[(b << 1)][i] << 4) |
+ u_sbox[(b << 1) + 1][j]);
+
+ /*
+ * Set up the initial & final permutations into a useful form, and
+ * initialise the inverted key permutation.
+ */
+ for (i = 0; i < 64; i++) {
+ init_perm[final_perm[i] = IP[i] - 1] = (u_char)i;
+ inv_key_perm[i] = 255;
+ }
+
+ /*
+ * Invert the key permutation and initialise the inverted key
+ * compression permutation.
+ */
+ for (i = 0; i < 56; i++) {
+ inv_key_perm[key_perm[i] - 1] = (u_char)i;
+ inv_comp_perm[i] = 255;
+ }
+
+ /*
+ * Invert the key compression permutation.
+ */
+ for (i = 0; i < 48; i++) {
+ inv_comp_perm[comp_perm[i] - 1] = (u_char)i;
+ }
+
+ /*
+ * Set up the OR-mask arrays for the initial and final permutations,
+ * and for the key initial and compression permutations.
+ */
+ for (k = 0; k < 8; k++) {
+ for (i = 0; i < 256; i++) {
+ *(il = &ip_maskl[k][i]) = 0L;
+ *(ir = &ip_maskr[k][i]) = 0L;
+ *(fl = &fp_maskl[k][i]) = 0L;
+ *(fr = &fp_maskr[k][i]) = 0L;
+ for (j = 0; j < 8; j++) {
+ inbit = 8 * k + j;
+ if (i & bits8[j]) {
+ if ((obit = init_perm[inbit]) < 32)
+ *il |= bits32[obit];
+ else
+ *ir |= bits32[obit-32];
+ if ((obit = final_perm[inbit]) < 32)
+ *fl |= bits32[obit];
+ else
+ *fr |= bits32[obit - 32];
+ }
+ }
+ }
+ for (i = 0; i < 128; i++) {
+ *(il = &key_perm_maskl[k][i]) = 0L;
+ *(ir = &key_perm_maskr[k][i]) = 0L;
+ for (j = 0; j < 7; j++) {
+ inbit = 8 * k + j;
+ if (i & bits8[j + 1]) {
+ if ((obit = inv_key_perm[inbit]) == 255)
+ continue;
+ if (obit < 28)
+ *il |= bits28[obit];
+ else
+ *ir |= bits28[obit - 28];
+ }
+ }
+ *(il = &comp_maskl[k][i]) = 0L;
+ *(ir = &comp_maskr[k][i]) = 0L;
+ for (j = 0; j < 7; j++) {
+ inbit = 7 * k + j;
+ if (i & bits8[j + 1]) {
+ if ((obit=inv_comp_perm[inbit]) == 255)
+ continue;
+ if (obit < 24)
+ *il |= bits24[obit];
+ else
+ *ir |= bits24[obit - 24];
+ }
+ }
+ }
+ }
+
+ /*
+ * Invert the P-box permutation, and convert into OR-masks for
+ * handling the output of the S-box arrays setup above.
+ */
+ for (i = 0; i < 32; i++)
+ un_pbox[pbox[i] - 1] = (u_char)i;
+
+ for (b = 0; b < 4; b++)
+ for (i = 0; i < 256; i++) {
+ *(p = &psbox[b][i]) = 0L;
+ for (j = 0; j < 8; j++) {
+ if (i & bits8[j])
+ *p |= bits32[un_pbox[8 * b + j]];
+ }
+ }
+
+ des_initialised = 1;
+}
+
+static void
+setup_salt(u_int32_t salt)
+{
+ u_int32_t obit, saltbit;
+ int i;
+
+ if (salt == old_salt)
+ return;
+ old_salt = salt;
+
+ saltbits = 0L;
+ saltbit = 1;
+ obit = 0x800000;
+ for (i = 0; i < 24; i++) {
+ if (salt & saltbit)
+ saltbits |= obit;
+ saltbit <<= 1;
+ obit >>= 1;
+ }
+}
+
+static int
+des_setkey(const char *key)
+{
+ u_int32_t k0, k1, rawkey0, rawkey1;
+ int shifts, round;
+
+ if (!des_initialised)
+ des_init();
+
+ rawkey0 = ntohl(*(const u_int32_t *) key);
+ rawkey1 = ntohl(*(const u_int32_t *) (key + 4));
+
+ if ((rawkey0 | rawkey1)
+ && rawkey0 == old_rawkey0
+ && rawkey1 == old_rawkey1) {
+ /*
+ * Already setup for this key.
+ * This optimisation fails on a zero key (which is weak and
+ * has bad parity anyway) in order to simplify the starting
+ * conditions.
+ */
+ return(0);
+ }
+ old_rawkey0 = rawkey0;
+ old_rawkey1 = rawkey1;
+
+ /*
+ * Do key permutation and split into two 28-bit subkeys.
+ */
+ k0 = key_perm_maskl[0][rawkey0 >> 25]
+ | key_perm_maskl[1][(rawkey0 >> 17) & 0x7f]
+ | key_perm_maskl[2][(rawkey0 >> 9) & 0x7f]
+ | key_perm_maskl[3][(rawkey0 >> 1) & 0x7f]
+ | key_perm_maskl[4][rawkey1 >> 25]
+ | key_perm_maskl[5][(rawkey1 >> 17) & 0x7f]
+ | key_perm_maskl[6][(rawkey1 >> 9) & 0x7f]
+ | key_perm_maskl[7][(rawkey1 >> 1) & 0x7f];
+ k1 = key_perm_maskr[0][rawkey0 >> 25]
+ | key_perm_maskr[1][(rawkey0 >> 17) & 0x7f]
+ | key_perm_maskr[2][(rawkey0 >> 9) & 0x7f]
+ | key_perm_maskr[3][(rawkey0 >> 1) & 0x7f]
+ | key_perm_maskr[4][rawkey1 >> 25]
+ | key_perm_maskr[5][(rawkey1 >> 17) & 0x7f]
+ | key_perm_maskr[6][(rawkey1 >> 9) & 0x7f]
+ | key_perm_maskr[7][(rawkey1 >> 1) & 0x7f];
+ /*
+ * Rotate subkeys and do compression permutation.
+ */
+ shifts = 0;
+ for (round = 0; round < 16; round++) {
+ u_int32_t t0, t1;
+
+ shifts += key_shifts[round];
+
+ t0 = (k0 << shifts) | (k0 >> (28 - shifts));
+ t1 = (k1 << shifts) | (k1 >> (28 - shifts));
+
+ de_keysl[15 - round] =
+ en_keysl[round] = comp_maskl[0][(t0 >> 21) & 0x7f]
+ | comp_maskl[1][(t0 >> 14) & 0x7f]
+ | comp_maskl[2][(t0 >> 7) & 0x7f]
+ | comp_maskl[3][t0 & 0x7f]
+ | comp_maskl[4][(t1 >> 21) & 0x7f]
+ | comp_maskl[5][(t1 >> 14) & 0x7f]
+ | comp_maskl[6][(t1 >> 7) & 0x7f]
+ | comp_maskl[7][t1 & 0x7f];
+
+ de_keysr[15 - round] =
+ en_keysr[round] = comp_maskr[0][(t0 >> 21) & 0x7f]
+ | comp_maskr[1][(t0 >> 14) & 0x7f]
+ | comp_maskr[2][(t0 >> 7) & 0x7f]
+ | comp_maskr[3][t0 & 0x7f]
+ | comp_maskr[4][(t1 >> 21) & 0x7f]
+ | comp_maskr[5][(t1 >> 14) & 0x7f]
+ | comp_maskr[6][(t1 >> 7) & 0x7f]
+ | comp_maskr[7][t1 & 0x7f];
+ }
+ return(0);
+}
+
+static int
+do_des( u_int32_t l_in, u_int32_t r_in, u_int32_t *l_out, u_int32_t *r_out, int count)
+{
+ /*
+ * l_in, r_in, l_out, and r_out are in pseudo-"big-endian" format.
+ */
+ u_int32_t l, r, *kl, *kr, *kl1, *kr1;
+ u_int32_t f, r48l, r48r;
+ int round;
+
+ if (count == 0) {
+ return(1);
+ } else if (count > 0) {
+ /*
+ * Encrypting
+ */
+ kl1 = en_keysl;
+ kr1 = en_keysr;
+ } else {
+ /*
+ * Decrypting
+ */
+ count = -count;
+ kl1 = de_keysl;
+ kr1 = de_keysr;
+ }
+
+ /*
+ * Do initial permutation (IP).
+ */
+ l = ip_maskl[0][l_in >> 24]
+ | ip_maskl[1][(l_in >> 16) & 0xff]
+ | ip_maskl[2][(l_in >> 8) & 0xff]
+ | ip_maskl[3][l_in & 0xff]
+ | ip_maskl[4][r_in >> 24]
+ | ip_maskl[5][(r_in >> 16) & 0xff]
+ | ip_maskl[6][(r_in >> 8) & 0xff]
+ | ip_maskl[7][r_in & 0xff];
+ r = ip_maskr[0][l_in >> 24]
+ | ip_maskr[1][(l_in >> 16) & 0xff]
+ | ip_maskr[2][(l_in >> 8) & 0xff]
+ | ip_maskr[3][l_in & 0xff]
+ | ip_maskr[4][r_in >> 24]
+ | ip_maskr[5][(r_in >> 16) & 0xff]
+ | ip_maskr[6][(r_in >> 8) & 0xff]
+ | ip_maskr[7][r_in & 0xff];
+
+ while (count--) {
+ /*
+ * Do each round.
+ */
+ kl = kl1;
+ kr = kr1;
+ round = 16;
+ while (round--) {
+ /*
+ * Expand R to 48 bits (simulate the E-box).
+ */
+ r48l = ((r & 0x00000001) << 23)
+ | ((r & 0xf8000000) >> 9)
+ | ((r & 0x1f800000) >> 11)
+ | ((r & 0x01f80000) >> 13)
+ | ((r & 0x001f8000) >> 15);
+
+ r48r = ((r & 0x0001f800) << 7)
+ | ((r & 0x00001f80) << 5)
+ | ((r & 0x000001f8) << 3)
+ | ((r & 0x0000001f) << 1)
+ | ((r & 0x80000000) >> 31);
+ /*
+ * Do salting for crypt() and friends, and
+ * XOR with the permuted key.
+ */
+ f = (r48l ^ r48r) & saltbits;
+ r48l ^= f ^ *kl++;
+ r48r ^= f ^ *kr++;
+ /*
+ * Do sbox lookups (which shrink it back to 32 bits)
+ * and do the pbox permutation at the same time.
+ */
+ f = psbox[0][m_sbox[0][r48l >> 12]]
+ | psbox[1][m_sbox[1][r48l & 0xfff]]
+ | psbox[2][m_sbox[2][r48r >> 12]]
+ | psbox[3][m_sbox[3][r48r & 0xfff]];
+ /*
+ * Now that we've permuted things, complete f().
+ */
+ f ^= l;
+ l = r;
+ r = f;
+ }
+ r = l;
+ l = f;
+ }
+ /*
+ * Do final permutation (inverse of IP).
+ */
+ *l_out = fp_maskl[0][l >> 24]
+ | fp_maskl[1][(l >> 16) & 0xff]
+ | fp_maskl[2][(l >> 8) & 0xff]
+ | fp_maskl[3][l & 0xff]
+ | fp_maskl[4][r >> 24]
+ | fp_maskl[5][(r >> 16) & 0xff]
+ | fp_maskl[6][(r >> 8) & 0xff]
+ | fp_maskl[7][r & 0xff];
+ *r_out = fp_maskr[0][l >> 24]
+ | fp_maskr[1][(l >> 16) & 0xff]
+ | fp_maskr[2][(l >> 8) & 0xff]
+ | fp_maskr[3][l & 0xff]
+ | fp_maskr[4][r >> 24]
+ | fp_maskr[5][(r >> 16) & 0xff]
+ | fp_maskr[6][(r >> 8) & 0xff]
+ | fp_maskr[7][r & 0xff];
+ return(0);
+}
+
+static int
+des_cipher(const char *in, char *out, u_long salt, int count)
+{
+ u_int32_t l_out, r_out, rawl, rawr;
+ int retval;
+ union {
+ u_int32_t *ui32;
+ const char *c;
+ } trans;
+
+ if (!des_initialised)
+ des_init();
+
+ setup_salt(salt);
+
+ trans.c = in;
+ rawl = ntohl(*trans.ui32++);
+ rawr = ntohl(*trans.ui32);
+
+ retval = do_des(rawl, rawr, &l_out, &r_out, count);
+
+ trans.c = out;
+ *trans.ui32++ = htonl(l_out);
+ *trans.ui32 = htonl(r_out);
+ return(retval);
+}
+
+char *
+crypt_des(const char *key, const char *setting)
+{
+ int i;
+ u_int32_t count, salt, l, r0, r1, keybuf[2];
+ u_char *p, *q;
+ static char output[21];
+
+ if (!des_initialised)
+ des_init();
+
+ /*
+ * Copy the key, shifting each character up by one bit
+ * and padding with zeros.
+ */
+ q = (u_char *)keybuf;
+ while (q - (u_char *)keybuf - 8) {
+ *q++ = *key << 1;
+ if (*(q - 1))
+ key++;
+ }
+ if (des_setkey((char *)keybuf))
+ return(NULL);
+
+ if (*setting == _PASSWORD_EFMT1) {
+ /*
+ * "new"-style:
+ * setting - underscore, 4 bytes of count, 4 bytes of salt
+ * key - unlimited characters
+ */
+ for (i = 1, count = 0L; i < 5; i++)
+ count |= ascii_to_bin(setting[i]) << ((i - 1) * 6);
+
+ for (i = 5, salt = 0L; i < 9; i++)
+ salt |= ascii_to_bin(setting[i]) << ((i - 5) * 6);
+
+ while (*key) {
+ /*
+ * Encrypt the key with itself.
+ */
+ if (des_cipher((char *)keybuf, (char *)keybuf, 0L, 1))
+ return(NULL);
+ /*
+ * And XOR with the next 8 characters of the key.
+ */
+ q = (u_char *)keybuf;
+ while (q - (u_char *)keybuf - 8 && *key)
+ *q++ ^= *key++ << 1;
+
+ if (des_setkey((char *)keybuf))
+ return(NULL);
+ }
+ strncpy(output, setting, 9);
+
+ /*
+ * Double check that we weren't given a short setting.
+ * If we were, the above code will probably have created
+ * wierd values for count and salt, but we don't really care.
+ * Just make sure the output string doesn't have an extra
+ * NUL in it.
+ */
+ output[9] = '\0';
+ p = (u_char *)output + strlen(output);
+ } else {
+ /*
+ * "old"-style:
+ * setting - 2 bytes of salt
+ * key - up to 8 characters
+ */
+ count = 25;
+
+ salt = (ascii_to_bin(setting[1]) << 6)
+ | ascii_to_bin(setting[0]);
+
+ output[0] = setting[0];
+ /*
+ * If the encrypted password that the salt was extracted from
+ * is only 1 character long, the salt will be corrupted. We
+ * need to ensure that the output string doesn't have an extra
+ * NUL in it!
+ */
+ output[1] = setting[1] ? setting[1] : output[0];
+
+ p = (u_char *)output + 2;
+ }
+ setup_salt(salt);
+ /*
+ * Do it.
+ */
+ if (do_des(0L, 0L, &r0, &r1, (int)count))
+ return(NULL);
+ /*
+ * Now encode the result...
+ */
+ l = (r0 >> 8);
+ *p++ = ascii64[(l >> 18) & 0x3f];
+ *p++ = ascii64[(l >> 12) & 0x3f];
+ *p++ = ascii64[(l >> 6) & 0x3f];
+ *p++ = ascii64[l & 0x3f];
+
+ l = (r0 << 16) | ((r1 >> 16) & 0xffff);
+ *p++ = ascii64[(l >> 18) & 0x3f];
+ *p++ = ascii64[(l >> 12) & 0x3f];
+ *p++ = ascii64[(l >> 6) & 0x3f];
+ *p++ = ascii64[l & 0x3f];
+
+ l = r1 << 2;
+ *p++ = ascii64[(l >> 12) & 0x3f];
+ *p++ = ascii64[(l >> 6) & 0x3f];
+ *p++ = ascii64[l & 0x3f];
+ *p = 0;
+
+ return(output);
+}
diff --git a/secure/lib/libcrypto/Makefile b/secure/lib/libcrypto/Makefile
new file mode 100644
index 0000000..0a1704c
--- /dev/null
+++ b/secure/lib/libcrypto/Makefile
@@ -0,0 +1,458 @@
+# $FreeBSD$
+
+SHLIBDIR?= /lib
+SUBDIR= engines
+
+.include <bsd.own.mk>
+
+LIB= crypto
+SHLIB_MAJOR= 6
+
+NO_LINT=
+
+.if exists(Makefile.man)
+.include "Makefile.man"
+.endif
+.if defined(NOTYET)
+MAN+= config.5 des_modes.7
+.endif
+
+.include "Makefile.inc"
+
+# base sources
+SRCS= cpt_err.c cryptlib.c cversion.c ebcdic.c ex_data.c mem.c mem_clr.c \
+ mem_dbg.c o_dir.c o_str.c o_time.c tmdiff.c uid.c dyn_lck.c \
+ o_init.c fips_err.c
+INCS= crypto.h ebcdic.h opensslv.h ossl_typ.h symhacks.h tmdiff.h \
+ ../e_os.h ../e_os2.h
+
+# aes
+SRCS+= aes_cbc.c aes_cfb.c aes_core.c aes_ctr.c aes_ecb.c aes_ige.c \
+ aes_misc.c aes_ofb.c aes_wrap.c
+INCS+= aes.h aes_locl.h
+
+# asn1
+SRCS+= a_bitstr.c a_bool.c a_bytes.c a_d2i_fp.c a_digest.c a_dup.c \
+ a_enum.c a_gentm.c a_hdr.c a_i2d_fp.c a_int.c a_mbstr.c \
+ a_meth.c a_object.c a_octet.c a_print.c a_set.c a_sign.c \
+ a_strex.c a_strnid.c a_time.c a_type.c a_utctm.c a_utf8.c \
+ a_verify.c asn1_err.c asn1_gen.c asn1_lib.c asn1_par.c \
+ asn_moid.c asn_mime.c asn_pack.c d2i_pr.c d2i_pu.c evp_asn1.c f_enum.c \
+ f_int.c f_string.c i2d_pr.c i2d_pu.c n_pkey.c nsseq.c p5_pbe.c \
+ p5_pbev2.c p8_pkey.c t_bitst.c t_crl.c t_pkey.c t_req.c \
+ t_spki.c t_x509.c t_x509a.c tasn_dec.c tasn_enc.c tasn_fre.c \
+ tasn_new.c tasn_typ.c tasn_utl.c x_algor.c x_attrib.c \
+ x_bignum.c x_crl.c x_exten.c x_info.c x_long.c x_name.c \
+ x_pkey.c x_pubkey.c x_req.c x_sig.c x_spki.c x_val.c x_x509.c \
+ x_x509a.c
+INCS+= asn1.h asn1_mac.h asn1t.h
+
+# bf
+SRCS+= bf_cfb64.c bf_ecb.c bf_ofb64.c bf_skey.c
+.if ${MACHINE_CPUARCH} == "i386"
+.if ${MACHINE_CPU:Mi686}
+SRCS+= bf-686.s
+.else
+SRCS+= bf-586.s
+.endif
+.else
+SRCS+= bf_enc.c
+.endif
+INCS+= blowfish.h
+
+# bio
+SRCS+= b_dump.c b_print.c b_sock.c bf_buff.c bf_lbuf.c bf_nbio.c \
+ bf_null.c bio_cb.c bio_err.c bio_lib.c bss_acpt.c bss_bio.c \
+ bss_conn.c bss_dgram.c bss_fd.c bss_file.c bss_log.c bss_mem.c \
+ bss_null.c bss_sock.c
+INCS+= bio.h bio_lcl.h
+
+# bn
+SRCS+= bn_add.c bn_blind.c bn_const.c bn_ctx.c bn_depr.c bn_div.c \
+ bn_err.c bn_exp.c bn_exp2.c bn_gcd.c bn_gf2m.c bn_kron.c \
+ bn_lib.c bn_mod.c bn_mont.c bn_mpi.c bn_mul.c bn_nist.c bn_opt.c \
+ bn_prime.c bn_print.c bn_rand.c bn_recp.c bn_shift.c bn_sqr.c \
+ bn_sqrt.c bn_word.c bn_x931p.c
+.if ${MACHINE_CPUARCH} == "i386"
+SRCS+= bn-586.s co-586.s
+.elif ${MACHINE_CPUARCH} == "amd64"
+SRCS+= x86_64-gcc.c
+.else
+SRCS+= bn_asm.c
+.endif
+
+INCS+= bn.h
+
+# buffer
+SRCS+= buf_err.c buf_str.c buffer.c
+INCS+= buffer.h
+
+# cast
+SRCS+= c_cfb64.c c_ecb.c c_ofb64.c c_skey.c
+.if ${MACHINE_CPUARCH} == "i386"
+SRCS+= cast-586.s
+.else
+SRCS+= c_enc.c
+.endif
+INCS+= cast.h
+
+# camellia
+.if ${MACHINE_CPUARCH} == "i386" || ${MACHINE_CPUARCH} == "amd64"
+SRCS+= camellia.c cmll_cbc.c cmll_cfb.c cmll_ctr.c cmll_ecb.c \
+ cmll_misc.c cmll_ofb.c
+INCS+= camellia.h
+.endif
+
+# comp
+SRCS+= c_rle.c c_zlib.c comp_err.c comp_lib.c
+INCS+= comp.h
+
+# conf
+SRCS+= conf_api.c conf_def.c conf_err.c conf_lib.c conf_mall.c conf_mod.c conf_sap.c
+INCS+= conf.h conf_api.h
+
+# des
+SRCS+= cbc3_enc.c cbc_cksm.c cbc_enc.c cfb64ede.c cfb64enc.c cfb_enc.c \
+ des_lib.c des_old.c des_old2.c ecb3_enc.c ecb_enc.c ede_cbcm_enc.c \
+ enc_read.c enc_writ.c fcrypt.c ofb64ede.c ofb64enc.c \
+ ofb_enc.c pcbc_enc.c qud_cksm.c rand_key.c read2pwd.c \
+ rpc_enc.c set_key.c str2key.c xcbc_enc.c
+.if ${MACHINE_CPUARCH} == "i386"
+SRCS+= des-586.s crypt586.s
+.else
+SRCS+= des_enc.c fcrypt_b.c
+.endif
+INCS+= des.h des_old.h
+
+# dh
+SRCS+= dh_asn1.c dh_check.c dh_err.c dh_depr.c dh_gen.c dh_key.c dh_lib.c
+INCS+= dh.h
+
+# dsa
+SRCS+= dsa_asn1.c dsa_err.c dsa_depr.c dsa_gen.c dsa_key.c dsa_lib.c \
+ dsa_ossl.c dsa_sign.c dsa_vrf.c dsa_utl.c
+INCS+= dsa.h
+
+# dso
+SRCS+= dso_dl.c dso_dlfcn.c dso_err.c dso_lib.c dso_null.c dso_openssl.c
+INCS+= dso.h
+
+# ec
+SRCS+= ec_asn1.c ec_check.c ec_curve.c ec_cvt.c ec_err.c ec_key.c \
+ ec_lib.c ec_mult.c ec_print.c ecp_mont.c ecp_nist.c \
+ ecp_smpl.c ec2_mult.c ec2_smpl.c
+INCS+= ec.h
+
+# ecdh
+SRCS+= ech_err.c ech_key.c ech_lib.c ech_ossl.c
+INCS+= ecdh.h
+
+# ecdsa
+SRCS+= ecs_asn1.c ecs_err.c ecs_lib.c ecs_ossl.c ecs_sign.c ecs_vrf.c
+INCS+= ecdsa.h
+
+# engine
+SRCS+= eng_all.c eng_cnf.c eng_cryptodev.c eng_ctrl.c eng_dyn.c \
+ eng_err.c eng_fat.c eng_init.c eng_lib.c eng_list.c \
+ eng_openssl.c eng_padlock.c eng_pkey.c eng_table.c tb_cipher.c \
+ tb_dh.c tb_digest.c tb_dsa.c tb_ecdh.c tb_ecdsa.c tb_rand.c \
+ tb_rsa.c tb_store.c
+INCS+= engine.h
+
+# err
+SRCS+= err.c err_all.c err_prn.c err_def.c err_str.c err_bio.c
+INCS+= err.h
+
+# evp
+SRCS+= bio_b64.c bio_enc.c bio_md.c bio_ok.c c_all.c c_allc.c c_alld.c \
+ dig_eng.c digest.c e_aes.c e_bf.c e_cast.c e_des.c e_des3.c e_idea.c \
+ e_null.c e_old.c e_rc2.c e_rc4.c e_rc5.c e_xcbc_d.c encode.c \
+ evp_acnf.c evp_cnf.c evp_enc.c evp_err.c evp_key.c evp_lib.c evp_pbe.c \
+ evp_pkey.c e_seed.c enc_min.c m_dss.c m_dss1.c m_ecdsa.c m_md2.c m_md4.c m_md5.c \
+ m_mdc2.c m_null.c m_ripemd.c m_sha.c m_sha1.c names.c \
+ openbsd_hw.c p5_crpt.c p5_crpt2.c p_dec.c p_enc.c p_lib.c \
+ p_open.c p_seal.c p_sign.c p_verify.c
+.if ${MACHINE_CPUARCH} == "i386" || ${MACHINE_CPUARCH} == "amd64"
+SRCS+= e_camellia.c
+.endif
+INCS+= evp.h
+
+# fips
+INCS+= fips.h fips_rand.h
+
+# hmac
+SRCS+= hmac.c
+INCS+= hmac.h
+
+# idea
+.if ${MK_IDEA} != "no"
+SRCS+= i_cbc.c i_cfb64.c i_ecb.c i_ofb64.c i_skey.c
+INCS+= idea.h
+.endif
+
+# krb5
+#SRCS+= krb5_asn.c
+INCS+= krb5_asn.h
+
+# lhash
+SRCS+= lh_stats.c lhash.c
+INCS+= lhash.h
+
+# md2
+SRCS+= md2_dgst.c md2_one.c
+INCS+= md2.h
+
+# md4
+SRCS+= md4_dgst.c md4_one.c
+INCS+= md4.h
+
+# md5
+SRCS+= md5_dgst.c md5_one.c
+.if ${MACHINE_CPUARCH} == "i386"
+SRCS+= md5-586.s
+.endif
+INCS+= md5.h
+
+# mdc2
+SRCS+= mdc2_one.c mdc2dgst.c
+INCS+= mdc2.h
+
+# objects
+SRCS+= o_names.c obj_dat.c obj_err.c obj_lib.c
+INCS+= objects.h obj_mac.h
+
+# ocsp
+SRCS+= ocsp_asn.c ocsp_cl.c ocsp_err.c ocsp_ext.c ocsp_ht.c \
+ ocsp_lib.c ocsp_prn.c ocsp_srv.c ocsp_vfy.c
+INCS+= ocsp.h
+
+# pem
+SRCS+= pem_all.c pem_err.c pem_info.c pem_lib.c pem_oth.c pem_pk8.c \
+ pem_pkey.c pem_seal.c pem_sign.c pem_x509.c pem_xaux.c
+INCS+= pem.h pem2.h
+
+# pkcs12
+SRCS+= p12_add.c p12_asn.c p12_attr.c p12_crpt.c p12_crt.c \
+ p12_decr.c p12_init.c p12_key.c p12_kiss.c p12_mutl.c \
+ p12_npas.c p12_p8d.c p12_p8e.c p12_utl.c pk12err.c
+INCS+= pkcs12.h pkcs7.h
+
+# pkcs7
+SRCS+= example.c pk7_asn1.c pk7_attr.c pk7_dgst.c pk7_doit.c \
+ pk7_lib.c pk7_mime.c pk7_smime.c pkcs7err.c
+
+# pqueue
+SRCS+= pqueue.c
+INCS+= pqueue.h pq_compat.h
+
+# rand
+SRCS+= md_rand.c rand_egd.c rand_err.c rand_lib.c rand_unix.c randfile.c rand_eng.c
+INCS+= rand.h
+
+# rc2
+SRCS+= rc2_cbc.c rc2_ecb.c rc2_skey.c rc2cfb64.c rc2ofb64.c
+INCS+= rc2.h
+
+# rc4
+SRCS+= rc4_skey.c rc4_fblk.c
+.if ${MACHINE_CPUARCH} == "i386"
+SRCS+= rc4-586.s
+.else
+SRCS+= rc4_enc.c
+.endif
+INCS+= rc4.h
+
+# rc5
+SRCS+= rc5_ecb.c rc5_skey.c rc5cfb64.c rc5ofb64.c
+.if ${MACHINE_CPUARCH} == "i386"
+SRCS+= rc5-586.s
+.else
+SRCS+= rc5_enc.c
+.endif
+INCS+= rc5.h
+
+# ripemd
+SRCS+= rmd_dgst.c rmd_one.c
+INCS+= ripemd.h
+
+# rsa
+SRCS+= rsa_asn1.c rsa_chk.c rsa_eay.c rsa_err.c rsa_gen.c rsa_lib.c \
+ rsa_none.c rsa_null.c rsa_oaep.c rsa_pk1.c rsa_saos.c \
+ rsa_sign.c rsa_ssl.c rsa_depr.c rsa_pss.c rsa_x931.c rsa_x931g.c \
+ rsa_eng.c
+INCS+= rsa.h
+
+# sha
+SRCS+= sha1_one.c sha1dgst.c sha_dgst.c sha_one.c sha256.c sha512.c
+.if ${MACHINE_CPUARCH} == "i386"
+SRCS+= sha1-586.s
+.endif
+INCS+= sha.h
+
+# stack
+SRCS+= stack.c
+INCS+= stack.h safestack.h
+
+# store
+SRCS+= str_err.c str_lib.c str_meth.c str_mem.c
+INCS+= store.h
+
+# threads
+SRCS+= th-lock.c
+
+# txt_db
+SRCS+= txt_db.c
+INCS+= txt_db.h
+
+# ui
+SRCS+= ui_compat.c ui_err.c ui_lib.c ui_openssl.c ui_util.c
+INCS+= ui.h ui_compat.h ui_locl.h
+
+# x509
+SRCS+= by_dir.c by_file.c x509_att.c x509_cmp.c x509_d2.c \
+ x509_def.c x509_err.c x509_ext.c x509_lu.c x509_obj.c \
+ x509_r2x.c x509_req.c x509_set.c x509_trs.c x509_txt.c \
+ x509_v3.c x509_vfy.c x509cset.c x509name.c x509rset.c \
+ x509spki.c x509type.c x_all.c x509_vpm.c
+INCS+= x509.h x509_vfy.h
+
+# x509v3
+SRCS+= pcy_cache.c pcy_data.c pcy_lib.c pcy_map.c pcy_node.c \
+ pcy_tree.c v3_addr.c v3_akey.c v3_akeya.c v3_alt.c v3_asid.c \
+ v3_bcons.c v3_bitst.c \
+ v3_conf.c v3_cpols.c v3_crld.c v3_enum.c v3_extku.c v3_genn.c \
+ v3_ia5.c v3_info.c v3_int.c v3_lib.c v3_ncons.c v3_ocsp.c \
+ v3_pci.c v3_pcia.c v3_pcons.c v3_pku.c v3_pmaps.c v3_prn.c \
+ v3_purp.c v3_skey.c v3_sxnet.c v3_utl.c v3err.c
+INCS+= x509v3.h
+
+# cms
+#SRCS+= cms_lib.c cms_asn1.c cms_att.c cms_io.c cms_smime.c cms_err.c \
+# cms_sd.c cms_dd.c cms_cd.c cms_env.c cms_enc.c cms_ess.c
+#INCS+= cms.h
+
+# jpake - is marked experimental
+#SRCS+= jpake.c jpake_err.c
+#INCS+= jpake.h
+
+# seed
+#SRCS+= seed.c seed_ecb.c seed_cbc.c seed_cfb.c seed_ofb.c
+#INCS+= seed.h
+
+SRCS+= buildinf.h
+INCS+= opensslconf.h evp.h
+INCSDIR= ${INCLUDEDIR}/openssl
+
+CSTD= gnu89
+
+.if !empty(SRCS:M*.s)
+AFLAGS+= --noexecstack
+.endif
+
+CLEANFILES= buildinf.h opensslconf.h evp.h
+
+buildinf.h: ${.CURDIR}/Makefile
+ ( echo "#ifndef MK1MF_BUILD"; \
+ echo " /* auto-generated by crypto/Makefile.ssl for crypto/cversion.c */"; \
+ echo " #define CFLAGS \"$(CC)\""; \
+ echo " #define PLATFORM \"FreeBSD-${MACHINE_ARCH}\""; \
+ echo "#endif" ) > ${.TARGET}
+
+opensslconf.h: opensslconf-${MACHINE_CPUARCH}.h
+ cp -f ${.ALLSRC} ${.TARGET}
+
+evp.h: ${LCRYPTO_SRC}/crypto/evp/evp.h
+.if ${MK_IDEA} == "no"
+ sed '/^#ifndef OPENSSL_NO_IDEA$$/,/^#endif$$/d' ${.ALLSRC} > ${.TARGET}
+.else
+ cp -f ${.ALLSRC} ${.TARGET}
+.endif
+
+# No FIPS support for now
+fips.h:
+ echo '/* dummy fips.h */' > ${.TARGET}
+
+fips_rand.h:
+ echo '/* dummy fips_rand.h */' > ${.TARGET}
+
+CLEANFILES+= fips.h fips_rand.h
+
+OLDSYMLINKS+= libdes.a libdes.so libdes.so.3 libdes_p.a
+afterinstall:
+ @${ECHO} "Removing stale symlinks."
+ rm -f ${DESTDIR}${INCLUDEDIR}/des.h
+.for symlink in ${OLDSYMLINKS}
+ rm -f ${DESTDIR}${LIBDIR}/${symlink}
+.endfor
+
+.include <bsd.lib.mk>
+
+.if ${MACHINE_CPUARCH} == "i386"
+.PATH: ${.CURDIR}/i386
+.endif
+
+.if ${MACHINE_CPUARCH} == "amd64"
+_bn_asmpath= ${LCRYPTO_SRC}/crypto/bn/asm
+.endif
+
+.if ${MK_IDEA} != "no"
+_ideapath= ${LCRYPTO_SRC}/crypto/idea
+.endif
+
+.PATH: \
+ ${LCRYPTO_SRC}/crypto \
+ ${LCRYPTO_SRC}/crypto/aes \
+ ${LCRYPTO_SRC}/crypto/asn1 \
+ ${LCRYPTO_SRC}/crypto/bf \
+ ${LCRYPTO_SRC}/crypto/bio \
+ ${_bn_asmpath} \
+ ${LCRYPTO_SRC}/crypto/bn \
+ ${LCRYPTO_SRC}/crypto/buffer \
+ ${LCRYPTO_SRC}/crypto/cast \
+ ${LCRYPTO_SRC}/crypto/camellia \
+ ${LCRYPTO_SRC}/crypto/cms \
+ ${LCRYPTO_SRC}/crypto/comp \
+ ${LCRYPTO_SRC}/crypto/conf \
+ ${LCRYPTO_SRC}/crypto/des \
+ ${LCRYPTO_SRC}/crypto/dh \
+ ${LCRYPTO_SRC}/crypto/dsa \
+ ${LCRYPTO_SRC}/crypto/dso \
+ ${LCRYPTO_SRC}/crypto/ec \
+ ${LCRYPTO_SRC}/crypto/ecdh \
+ ${LCRYPTO_SRC}/crypto/ecdsa \
+ ${LCRYPTO_SRC}/crypto/engine \
+ ${LCRYPTO_SRC}/crypto/err \
+ ${LCRYPTO_SRC}/crypto/evp \
+ ${LCRYPTO_SRC}/crypto/hmac \
+ ${_ideapath} \
+ ${LCRYPTO_SRC}/crypto/jpake \
+ ${LCRYPTO_SRC}/crypto/krb5 \
+ ${LCRYPTO_SRC}/crypto/lhash \
+ ${LCRYPTO_SRC}/crypto/md2 \
+ ${LCRYPTO_SRC}/crypto/md4 \
+ ${LCRYPTO_SRC}/crypto/md5 \
+ ${LCRYPTO_SRC}/crypto/mdc2 \
+ ${LCRYPTO_SRC}/crypto/objects \
+ ${LCRYPTO_SRC}/crypto/ocsp \
+ ${LCRYPTO_SRC}/crypto/pem \
+ ${LCRYPTO_SRC}/crypto/pkcs12 \
+ ${LCRYPTO_SRC}/crypto/pkcs7 \
+ ${LCRYPTO_SRC}/crypto/pqueue \
+ ${LCRYPTO_SRC}/crypto/rand \
+ ${LCRYPTO_SRC}/crypto/rc2 \
+ ${LCRYPTO_SRC}/crypto/rc4 \
+ ${LCRYPTO_SRC}/crypto/rc5 \
+ ${LCRYPTO_SRC}/crypto/ripemd \
+ ${LCRYPTO_SRC}/crypto/rsa \
+ ${LCRYPTO_SRC}/crypto/seed \
+ ${LCRYPTO_SRC}/crypto/sha \
+ ${LCRYPTO_SRC}/crypto/stack \
+ ${LCRYPTO_SRC}/crypto/store \
+ ${LCRYPTO_SRC}/crypto/threads \
+ ${LCRYPTO_SRC}/crypto/txt_db \
+ ${LCRYPTO_SRC}/crypto/ui \
+ ${LCRYPTO_SRC}/crypto/x509 \
+ ${LCRYPTO_SRC}/crypto/x509v3 \
+ ${LCRYPTO_SRC}/engines \
+ ${LCRYPTO_SRC} \
+ ${.CURDIR}/man
diff --git a/secure/lib/libcrypto/Makefile.asm b/secure/lib/libcrypto/Makefile.asm
new file mode 100644
index 0000000..50584ee
--- /dev/null
+++ b/secure/lib/libcrypto/Makefile.asm
@@ -0,0 +1,61 @@
+# $FreeBSD$
+# Use this to help generate the asm *.s files after an import. It is not
+# perfect by any means, but does what is needed.
+# Do a 'make -f Makefile.asm all' and it will generate *.s. Move them
+# to the i386 subdir, and correct any exposed paths and $ FreeBSD $ tags.
+
+.if ${MACHINE_ARCH} == "i386"
+
+.include "Makefile.inc"
+
+.PATH: ${LCRYPTO_SRC}/crypto/rc4/asm ${LCRYPTO_SRC}/crypto/rc5/asm \
+ ${LCRYPTO_SRC}/crypto/des/asm ${LCRYPTO_SRC}/crypto/cast/asm \
+ ${LCRYPTO_SRC}/crypto/sha/asm ${LCRYPTO_SRC}/crypto/bn/asm \
+ ${LCRYPTO_SRC}/crypto/bf/asm ${LCRYPTO_SRC}/crypto/md5/asm \
+ ${LCRYPTO_SRC}/crypto/ripemd/asm
+
+PERLPATH= -I${LCRYPTO_SRC}/crypto/des/asm -I${LCRYPTO_SRC}/crypto/perlasm
+
+# blowfish
+SRCS= bf-686.pl bf-586.pl
+
+# bn
+SRCS+= bn-586.pl co-586.pl
+
+# cast
+SRCS+= cast-586.pl
+
+# des
+SRCS+= des-586.pl crypt586.pl
+
+# md5
+SRCS+= md5-586.pl
+
+# rc4
+SRCS+= rc4-586.pl
+
+# rc5
+SRCS+= rc5-586.pl
+
+# ripemd
+SRCS+= rmd-586.pl
+
+# sha
+SRCS+= sha1-586.pl
+
+ASM= ${SRCS:S/.pl/.s/}
+
+all: ${ASM}
+
+CLEANFILES+= ${SRCS:M*.pl:S/.pl$/.cmt/} ${SRCS:M*.pl:S/.pl$/.s/}
+.SUFFIXES: .pl .cmt
+
+.pl.cmt:
+ ( echo ' # $$'FreeBSD'$$' ;\
+ perl ${PERLPATH} ${.IMPSRC} elf ${CPUTYPE:Mi386:S/i//} ) > ${.TARGET}
+
+.cmt.s:
+ tr -d "'" < ${.IMPSRC} > ${.TARGET}
+
+.include <bsd.prog.mk>
+.endif
diff --git a/secure/lib/libcrypto/Makefile.inc b/secure/lib/libcrypto/Makefile.inc
new file mode 100644
index 0000000..24b8d88
--- /dev/null
+++ b/secure/lib/libcrypto/Makefile.inc
@@ -0,0 +1,67 @@
+# $FreeBSD$
+
+.include <bsd.own.mk>
+
+# OpenSSL version used for manual page generation
+OPENSSL_VER= 0.9.8q
+OPENSSL_DATE= 2010-12-02
+
+LCRYPTO_SRC= ${.CURDIR}/../../../crypto/openssl
+LCRYPTO_DOC= ${.CURDIR}/../../../crypto/openssl/doc
+
+CFLAGS+= -DTERMIOS -DANSI_SOURCE
+CFLAGS+= -I${LCRYPTO_SRC} -I${LCRYPTO_SRC}/crypto -I${.OBJDIR}
+CFLAGS+= -DOPENSSL_THREADS -DDSO_DLFCN -DHAVE_DLFCN_H
+
+.if ${MK_IDEA} == "no"
+CFLAGS+= -DOPENSSL_NO_IDEA
+.endif
+
+.if ${MACHINE_ARCH} == "i386" || ${MACHINE_ARCH} == "amd64"
+CFLAGS+= -DL_ENDIAN
+.endif
+
+MANDIR= ${SHAREDIR}/openssl/man/man
+
+.if defined(LIB)
+_docs= ${LIB}
+_skip= des_modes
+_sec= 3
+.else
+_docs= apps
+_skip= config
+_sec= 1
+.endif
+
+man-update:
+.for manpage in ${MAN}
+ @(sec=${manpage:E}; \
+ pod=${manpage:R}.pod; \
+ cp ${LCRYPTO_DOC}/${_docs}/$$pod .; \
+ pod2man --section=$$sec --release="${OPENSSL_VER}" \
+ --date="${OPENSSL_DATE}" --center="OpenSSL" \
+ $$pod > ${.CURDIR}/man/${manpage}; \
+ rm -f $$pod; \
+ ${ECHO} ${manpage})
+.endfor
+
+man-makefile-update:
+ rm -f ${.CURDIR}/Makefile.man
+ echo '# $$'FreeBSD'$$' >> ${.CURDIR}/Makefile.man
+ echo '# DO NOT EDIT: generated from man-makefile-update target' >> \
+ ${.CURDIR}/Makefile.man
+ for i in ${LCRYPTO_DOC}/${_docs}/*.pod; do \
+ fn=`basename $$i .pod`; \
+ if [ "$$fn" != "${_skip}" ]; then \
+ ${ECHO} "MAN+= $$fn.${_sec}" >> ${.CURDIR}/Makefile.man; \
+ fi; \
+ done
+ for i in ${LCRYPTO_DOC}/${_docs}/*.pod; do \
+ fn=`basename $$i .pod`; \
+ if [ "$$fn" != "${_skip}" ]; then \
+ perl ${LCRYPTO_SRC}/util/extract-names.pl < $$i | \
+ awk "/^$$fn\$$/ { next; } \
+ { print \"MLINKS+= $$fn.${_sec} \" \$$1 \".${_sec}\" }" >> \
+ ${.CURDIR}/Makefile.man; \
+ fi; \
+ done
diff --git a/secure/lib/libcrypto/Makefile.man b/secure/lib/libcrypto/Makefile.man
new file mode 100644
index 0000000..58ebff1
--- /dev/null
+++ b/secure/lib/libcrypto/Makefile.man
@@ -0,0 +1,824 @@
+# $FreeBSD$
+# DO NOT EDIT: generated from man-makefile-update target
+MAN+= ASN1_OBJECT_new.3
+MAN+= ASN1_STRING_length.3
+MAN+= ASN1_STRING_new.3
+MAN+= ASN1_STRING_print_ex.3
+MAN+= ASN1_generate_nconf.3
+MAN+= BIO_ctrl.3
+MAN+= BIO_f_base64.3
+MAN+= BIO_f_buffer.3
+MAN+= BIO_f_cipher.3
+MAN+= BIO_f_md.3
+MAN+= BIO_f_null.3
+MAN+= BIO_f_ssl.3
+MAN+= BIO_find_type.3
+MAN+= BIO_new.3
+MAN+= BIO_push.3
+MAN+= BIO_read.3
+MAN+= BIO_s_accept.3
+MAN+= BIO_s_bio.3
+MAN+= BIO_s_connect.3
+MAN+= BIO_s_fd.3
+MAN+= BIO_s_file.3
+MAN+= BIO_s_mem.3
+MAN+= BIO_s_null.3
+MAN+= BIO_s_socket.3
+MAN+= BIO_set_callback.3
+MAN+= BIO_should_retry.3
+MAN+= BN_BLINDING_new.3
+MAN+= BN_CTX_new.3
+MAN+= BN_CTX_start.3
+MAN+= BN_add.3
+MAN+= BN_add_word.3
+MAN+= BN_bn2bin.3
+MAN+= BN_cmp.3
+MAN+= BN_copy.3
+MAN+= BN_generate_prime.3
+MAN+= BN_mod_inverse.3
+MAN+= BN_mod_mul_montgomery.3
+MAN+= BN_mod_mul_reciprocal.3
+MAN+= BN_new.3
+MAN+= BN_num_bytes.3
+MAN+= BN_rand.3
+MAN+= BN_set_bit.3
+MAN+= BN_swap.3
+MAN+= BN_zero.3
+MAN+= CONF_modules_free.3
+MAN+= CONF_modules_load_file.3
+MAN+= CRYPTO_set_ex_data.3
+MAN+= DH_generate_key.3
+MAN+= DH_generate_parameters.3
+MAN+= DH_get_ex_new_index.3
+MAN+= DH_new.3
+MAN+= DH_set_method.3
+MAN+= DH_size.3
+MAN+= DSA_SIG_new.3
+MAN+= DSA_do_sign.3
+MAN+= DSA_dup_DH.3
+MAN+= DSA_generate_key.3
+MAN+= DSA_generate_parameters.3
+MAN+= DSA_get_ex_new_index.3
+MAN+= DSA_new.3
+MAN+= DSA_set_method.3
+MAN+= DSA_sign.3
+MAN+= DSA_size.3
+MAN+= ERR_GET_LIB.3
+MAN+= ERR_clear_error.3
+MAN+= ERR_error_string.3
+MAN+= ERR_get_error.3
+MAN+= ERR_load_crypto_strings.3
+MAN+= ERR_load_strings.3
+MAN+= ERR_print_errors.3
+MAN+= ERR_put_error.3
+MAN+= ERR_remove_state.3
+MAN+= ERR_set_mark.3
+MAN+= EVP_BytesToKey.3
+MAN+= EVP_DigestInit.3
+MAN+= EVP_EncryptInit.3
+MAN+= EVP_OpenInit.3
+MAN+= EVP_PKEY_new.3
+MAN+= EVP_PKEY_set1_RSA.3
+MAN+= EVP_SealInit.3
+MAN+= EVP_SignInit.3
+MAN+= EVP_VerifyInit.3
+MAN+= OBJ_nid2obj.3
+MAN+= OPENSSL_Applink.3
+MAN+= OPENSSL_VERSION_NUMBER.3
+MAN+= OPENSSL_config.3
+MAN+= OPENSSL_ia32cap.3
+MAN+= OPENSSL_load_builtin_modules.3
+MAN+= OpenSSL_add_all_algorithms.3
+MAN+= PKCS12_create.3
+MAN+= PKCS12_parse.3
+MAN+= PKCS7_decrypt.3
+MAN+= PKCS7_encrypt.3
+MAN+= PKCS7_sign.3
+MAN+= PKCS7_verify.3
+MAN+= RAND_add.3
+MAN+= RAND_bytes.3
+MAN+= RAND_cleanup.3
+MAN+= RAND_egd.3
+MAN+= RAND_load_file.3
+MAN+= RAND_set_rand_method.3
+MAN+= RSA_blinding_on.3
+MAN+= RSA_check_key.3
+MAN+= RSA_generate_key.3
+MAN+= RSA_get_ex_new_index.3
+MAN+= RSA_new.3
+MAN+= RSA_padding_add_PKCS1_type_1.3
+MAN+= RSA_print.3
+MAN+= RSA_private_encrypt.3
+MAN+= RSA_public_encrypt.3
+MAN+= RSA_set_method.3
+MAN+= RSA_sign.3
+MAN+= RSA_sign_ASN1_OCTET_STRING.3
+MAN+= RSA_size.3
+MAN+= SMIME_read_PKCS7.3
+MAN+= SMIME_write_PKCS7.3
+MAN+= X509_NAME_ENTRY_get_object.3
+MAN+= X509_NAME_add_entry_by_txt.3
+MAN+= X509_NAME_get_index_by_NID.3
+MAN+= X509_NAME_print_ex.3
+MAN+= X509_new.3
+MAN+= bio.3
+MAN+= blowfish.3
+MAN+= bn.3
+MAN+= bn_internal.3
+MAN+= buffer.3
+MAN+= crypto.3
+MAN+= d2i_ASN1_OBJECT.3
+MAN+= d2i_DHparams.3
+MAN+= d2i_DSAPublicKey.3
+MAN+= d2i_PKCS8PrivateKey.3
+MAN+= d2i_RSAPublicKey.3
+MAN+= d2i_X509.3
+MAN+= d2i_X509_ALGOR.3
+MAN+= d2i_X509_CRL.3
+MAN+= d2i_X509_NAME.3
+MAN+= d2i_X509_REQ.3
+MAN+= d2i_X509_SIG.3
+MAN+= des.3
+MAN+= dh.3
+MAN+= dsa.3
+MAN+= ecdsa.3
+MAN+= engine.3
+MAN+= err.3
+MAN+= evp.3
+MAN+= hmac.3
+MAN+= lh_stats.3
+MAN+= lhash.3
+MAN+= md5.3
+MAN+= mdc2.3
+MAN+= pem.3
+MAN+= rand.3
+MAN+= rc4.3
+MAN+= ripemd.3
+MAN+= rsa.3
+MAN+= sha.3
+MAN+= threads.3
+MAN+= ui.3
+MAN+= ui_compat.3
+MAN+= x509.3
+MLINKS+= ASN1_OBJECT_new.3 ASN1_OBJECT_free.3
+MLINKS+= ASN1_STRING_length.3 ASN1_STRING_dup.3
+MLINKS+= ASN1_STRING_length.3 ASN1_STRING_cmp.3
+MLINKS+= ASN1_STRING_length.3 ASN1_STRING_set.3
+MLINKS+= ASN1_STRING_length.3 ASN1_STRING_length_set.3
+MLINKS+= ASN1_STRING_length.3 ASN1_STRING_type.3
+MLINKS+= ASN1_STRING_length.3 ASN1_STRING_data.3
+MLINKS+= ASN1_STRING_new.3 ASN1_STRING_type_new.3
+MLINKS+= ASN1_STRING_new.3 ASN1_STRING_free.3
+MLINKS+= ASN1_STRING_print_ex.3 ASN1_STRING_print_ex_fp.3
+MLINKS+= ASN1_generate_nconf.3 ASN1_generate_v3.3
+MLINKS+= BIO_ctrl.3 BIO_callback_ctrl.3
+MLINKS+= BIO_ctrl.3 BIO_ptr_ctrl.3
+MLINKS+= BIO_ctrl.3 BIO_int_ctrl.3
+MLINKS+= BIO_ctrl.3 BIO_reset.3
+MLINKS+= BIO_ctrl.3 BIO_seek.3
+MLINKS+= BIO_ctrl.3 BIO_tell.3
+MLINKS+= BIO_ctrl.3 BIO_flush.3
+MLINKS+= BIO_ctrl.3 BIO_eof.3
+MLINKS+= BIO_ctrl.3 BIO_set_close.3
+MLINKS+= BIO_ctrl.3 BIO_get_close.3
+MLINKS+= BIO_ctrl.3 BIO_pending.3
+MLINKS+= BIO_ctrl.3 BIO_wpending.3
+MLINKS+= BIO_ctrl.3 BIO_ctrl_pending.3
+MLINKS+= BIO_ctrl.3 BIO_ctrl_wpending.3
+MLINKS+= BIO_ctrl.3 BIO_get_info_callback.3
+MLINKS+= BIO_ctrl.3 BIO_set_info_callback.3
+MLINKS+= BIO_f_cipher.3 BIO_set_cipher.3
+MLINKS+= BIO_f_cipher.3 BIO_get_cipher_status.3
+MLINKS+= BIO_f_cipher.3 BIO_get_cipher_ctx.3
+MLINKS+= BIO_f_md.3 BIO_set_md.3
+MLINKS+= BIO_f_md.3 BIO_get_md.3
+MLINKS+= BIO_f_md.3 BIO_get_md_ctx.3
+MLINKS+= BIO_f_ssl.3 BIO_set_ssl.3
+MLINKS+= BIO_f_ssl.3 BIO_get_ssl.3
+MLINKS+= BIO_f_ssl.3 BIO_set_ssl_mode.3
+MLINKS+= BIO_f_ssl.3 BIO_set_ssl_renegotiate_bytes.3
+MLINKS+= BIO_f_ssl.3 BIO_get_num_renegotiates.3
+MLINKS+= BIO_f_ssl.3 BIO_set_ssl_renegotiate_timeout.3
+MLINKS+= BIO_f_ssl.3 BIO_new_ssl.3
+MLINKS+= BIO_f_ssl.3 BIO_new_ssl_connect.3
+MLINKS+= BIO_f_ssl.3 BIO_new_buffer_ssl_connect.3
+MLINKS+= BIO_f_ssl.3 BIO_ssl_copy_session_id.3
+MLINKS+= BIO_f_ssl.3 BIO_ssl_shutdown.3
+MLINKS+= BIO_find_type.3 BIO_next.3
+MLINKS+= BIO_new.3 BIO_set.3
+MLINKS+= BIO_new.3 BIO_free.3
+MLINKS+= BIO_new.3 BIO_vfree.3
+MLINKS+= BIO_new.3 BIO_free_all.3
+MLINKS+= BIO_push.3 BIO_pop.3
+MLINKS+= BIO_read.3 BIO_write.3
+MLINKS+= BIO_read.3 BIO_gets.3
+MLINKS+= BIO_read.3 BIO_puts.3
+MLINKS+= BIO_s_accept.3 BIO_set_accept_port.3
+MLINKS+= BIO_s_accept.3 BIO_get_accept_port.3
+MLINKS+= BIO_s_accept.3 BIO_set_nbio_accept.3
+MLINKS+= BIO_s_accept.3 BIO_set_accept_bios.3
+MLINKS+= BIO_s_accept.3 BIO_set_bind_mode.3
+MLINKS+= BIO_s_accept.3 BIO_get_bind_mode.3
+MLINKS+= BIO_s_accept.3 BIO_do_accept.3
+MLINKS+= BIO_s_bio.3 BIO_make_bio_pair.3
+MLINKS+= BIO_s_bio.3 BIO_destroy_bio_pair.3
+MLINKS+= BIO_s_bio.3 BIO_shutdown_wr.3
+MLINKS+= BIO_s_bio.3 BIO_set_write_buf_size.3
+MLINKS+= BIO_s_bio.3 BIO_get_write_buf_size.3
+MLINKS+= BIO_s_bio.3 BIO_new_bio_pair.3
+MLINKS+= BIO_s_bio.3 BIO_get_write_guarantee.3
+MLINKS+= BIO_s_bio.3 BIO_ctrl_get_write_guarantee.3
+MLINKS+= BIO_s_bio.3 BIO_get_read_request.3
+MLINKS+= BIO_s_bio.3 BIO_ctrl_get_read_request.3
+MLINKS+= BIO_s_bio.3 BIO_ctrl_reset_read_request.3
+MLINKS+= BIO_s_connect.3 BIO_set_conn_hostname.3
+MLINKS+= BIO_s_connect.3 BIO_set_conn_port.3
+MLINKS+= BIO_s_connect.3 BIO_set_conn_ip.3
+MLINKS+= BIO_s_connect.3 BIO_set_conn_int_port.3
+MLINKS+= BIO_s_connect.3 BIO_get_conn_hostname.3
+MLINKS+= BIO_s_connect.3 BIO_get_conn_port.3
+MLINKS+= BIO_s_connect.3 BIO_get_conn_ip.3
+MLINKS+= BIO_s_connect.3 BIO_get_conn_int_port.3
+MLINKS+= BIO_s_connect.3 BIO_set_nbio.3
+MLINKS+= BIO_s_connect.3 BIO_do_connect.3
+MLINKS+= BIO_s_fd.3 BIO_set_fd.3
+MLINKS+= BIO_s_fd.3 BIO_get_fd.3
+MLINKS+= BIO_s_fd.3 BIO_new_fd.3
+MLINKS+= BIO_s_file.3 BIO_new_file.3
+MLINKS+= BIO_s_file.3 BIO_new_fp.3
+MLINKS+= BIO_s_file.3 BIO_set_fp.3
+MLINKS+= BIO_s_file.3 BIO_get_fp.3
+MLINKS+= BIO_s_file.3 BIO_read_filename.3
+MLINKS+= BIO_s_file.3 BIO_write_filename.3
+MLINKS+= BIO_s_file.3 BIO_append_filename.3
+MLINKS+= BIO_s_file.3 BIO_rw_filename.3
+MLINKS+= BIO_s_mem.3 BIO_set_mem_eof_return.3
+MLINKS+= BIO_s_mem.3 BIO_get_mem_data.3
+MLINKS+= BIO_s_mem.3 BIO_set_mem_buf.3
+MLINKS+= BIO_s_mem.3 BIO_get_mem_ptr.3
+MLINKS+= BIO_s_mem.3 BIO_new_mem_buf.3
+MLINKS+= BIO_s_socket.3 BIO_new_socket.3
+MLINKS+= BIO_set_callback.3 BIO_get_callback.3
+MLINKS+= BIO_set_callback.3 BIO_set_callback_arg.3
+MLINKS+= BIO_set_callback.3 BIO_get_callback_arg.3
+MLINKS+= BIO_set_callback.3 BIO_debug_callback.3
+MLINKS+= BIO_should_retry.3 BIO_should_read.3
+MLINKS+= BIO_should_retry.3 BIO_should_write.3
+MLINKS+= BIO_should_retry.3 BIO_should_io_special.3
+MLINKS+= BIO_should_retry.3 BIO_retry_type.3
+MLINKS+= BIO_should_retry.3 BIO_get_retry_BIO.3
+MLINKS+= BIO_should_retry.3 BIO_get_retry_reason.3
+MLINKS+= BN_BLINDING_new.3 BN_BLINDING_free.3
+MLINKS+= BN_BLINDING_new.3 BN_BLINDING_update.3
+MLINKS+= BN_BLINDING_new.3 BN_BLINDING_convert.3
+MLINKS+= BN_BLINDING_new.3 BN_BLINDING_invert.3
+MLINKS+= BN_BLINDING_new.3 BN_BLINDING_convert_ex.3
+MLINKS+= BN_BLINDING_new.3 BN_BLINDING_invert_ex.3
+MLINKS+= BN_BLINDING_new.3 BN_BLINDING_get_thread_id.3
+MLINKS+= BN_BLINDING_new.3 BN_BLINDING_set_thread_id.3
+MLINKS+= BN_BLINDING_new.3 BN_BLINDING_get_flags.3
+MLINKS+= BN_BLINDING_new.3 BN_BLINDING_set_flags.3
+MLINKS+= BN_BLINDING_new.3 BN_BLINDING_create_param.3
+MLINKS+= BN_CTX_new.3 BN_CTX_init.3
+MLINKS+= BN_CTX_new.3 BN_CTX_free.3
+MLINKS+= BN_CTX_start.3 BN_CTX_get.3
+MLINKS+= BN_CTX_start.3 BN_CTX_end.3
+MLINKS+= BN_add.3 BN_sub.3
+MLINKS+= BN_add.3 BN_mul.3
+MLINKS+= BN_add.3 BN_sqr.3
+MLINKS+= BN_add.3 BN_div.3
+MLINKS+= BN_add.3 BN_mod.3
+MLINKS+= BN_add.3 BN_nnmod.3
+MLINKS+= BN_add.3 BN_mod_add.3
+MLINKS+= BN_add.3 BN_mod_sub.3
+MLINKS+= BN_add.3 BN_mod_mul.3
+MLINKS+= BN_add.3 BN_mod_sqr.3
+MLINKS+= BN_add.3 BN_exp.3
+MLINKS+= BN_add.3 BN_mod_exp.3
+MLINKS+= BN_add.3 BN_gcd.3
+MLINKS+= BN_add_word.3 BN_sub_word.3
+MLINKS+= BN_add_word.3 BN_mul_word.3
+MLINKS+= BN_add_word.3 BN_div_word.3
+MLINKS+= BN_add_word.3 BN_mod_word.3
+MLINKS+= BN_bn2bin.3 BN_bin2bn.3
+MLINKS+= BN_bn2bin.3 BN_bn2hex.3
+MLINKS+= BN_bn2bin.3 BN_bn2dec.3
+MLINKS+= BN_bn2bin.3 BN_hex2bn.3
+MLINKS+= BN_bn2bin.3 BN_dec2bn.3
+MLINKS+= BN_bn2bin.3 BN_print.3
+MLINKS+= BN_bn2bin.3 BN_print_fp.3
+MLINKS+= BN_bn2bin.3 BN_bn2mpi.3
+MLINKS+= BN_bn2bin.3 BN_mpi2bn.3
+MLINKS+= BN_cmp.3 BN_ucmp.3
+MLINKS+= BN_cmp.3 BN_is_zero.3
+MLINKS+= BN_cmp.3 BN_is_one.3
+MLINKS+= BN_cmp.3 BN_is_word.3
+MLINKS+= BN_cmp.3 BN_is_odd.3
+MLINKS+= BN_copy.3 BN_dup.3
+MLINKS+= BN_generate_prime.3 BN_is_prime.3
+MLINKS+= BN_generate_prime.3 BN_is_prime_fasttest.3
+MLINKS+= BN_mod_mul_montgomery.3 BN_MONT_CTX_new.3
+MLINKS+= BN_mod_mul_montgomery.3 BN_MONT_CTX_init.3
+MLINKS+= BN_mod_mul_montgomery.3 BN_MONT_CTX_free.3
+MLINKS+= BN_mod_mul_montgomery.3 BN_MONT_CTX_set.3
+MLINKS+= BN_mod_mul_montgomery.3 BN_MONT_CTX_copy.3
+MLINKS+= BN_mod_mul_montgomery.3 BN_from_montgomery.3
+MLINKS+= BN_mod_mul_montgomery.3 BN_to_montgomery.3
+MLINKS+= BN_mod_mul_reciprocal.3 BN_div_recp.3
+MLINKS+= BN_mod_mul_reciprocal.3 BN_RECP_CTX_new.3
+MLINKS+= BN_mod_mul_reciprocal.3 BN_RECP_CTX_init.3
+MLINKS+= BN_mod_mul_reciprocal.3 BN_RECP_CTX_free.3
+MLINKS+= BN_mod_mul_reciprocal.3 BN_RECP_CTX_set.3
+MLINKS+= BN_new.3 BN_init.3
+MLINKS+= BN_new.3 BN_clear.3
+MLINKS+= BN_new.3 BN_free.3
+MLINKS+= BN_new.3 BN_clear_free.3
+MLINKS+= BN_num_bytes.3 BN_num_bits.3
+MLINKS+= BN_num_bytes.3 BN_num_bits_word.3
+MLINKS+= BN_rand.3 BN_pseudo_rand.3
+MLINKS+= BN_set_bit.3 BN_clear_bit.3
+MLINKS+= BN_set_bit.3 BN_is_bit_set.3
+MLINKS+= BN_set_bit.3 BN_mask_bits.3
+MLINKS+= BN_set_bit.3 BN_lshift.3
+MLINKS+= BN_set_bit.3 BN_lshift1.3
+MLINKS+= BN_set_bit.3 BN_rshift.3
+MLINKS+= BN_set_bit.3 BN_rshift1.3
+MLINKS+= BN_zero.3 BN_one.3
+MLINKS+= BN_zero.3 BN_value_one.3
+MLINKS+= BN_zero.3 BN_set_word.3
+MLINKS+= BN_zero.3 BN_get_word.3
+MLINKS+= CONF_modules_free.3 CONF_modules_finish.3
+MLINKS+= CONF_modules_free.3 CONF_modules_unload.3
+MLINKS+= CONF_modules_load_file.3 CONF_modules_load.3
+MLINKS+= CRYPTO_set_ex_data.3 CRYPTO_get_ex_data.3
+MLINKS+= DH_generate_key.3 DH_compute_key.3
+MLINKS+= DH_generate_parameters.3 DH_check.3
+MLINKS+= DH_get_ex_new_index.3 DH_set_ex_data.3
+MLINKS+= DH_get_ex_new_index.3 DH_get_ex_data.3
+MLINKS+= DH_new.3 DH_free.3
+MLINKS+= DH_set_method.3 DH_set_default_method.3
+MLINKS+= DH_set_method.3 DH_get_default_method.3
+MLINKS+= DH_set_method.3 DH_new_method.3
+MLINKS+= DH_set_method.3 DH_OpenSSL.3
+MLINKS+= DSA_SIG_new.3 DSA_SIG_free.3
+MLINKS+= DSA_do_sign.3 DSA_do_verify.3
+MLINKS+= DSA_get_ex_new_index.3 DSA_set_ex_data.3
+MLINKS+= DSA_get_ex_new_index.3 DSA_get_ex_data.3
+MLINKS+= DSA_new.3 DSA_free.3
+MLINKS+= DSA_set_method.3 DSA_set_default_method.3
+MLINKS+= DSA_set_method.3 DSA_get_default_method.3
+MLINKS+= DSA_set_method.3 DSA_new_method.3
+MLINKS+= DSA_set_method.3 DSA_OpenSSL.3
+MLINKS+= DSA_sign.3 DSA_sign_setup.3
+MLINKS+= DSA_sign.3 DSA_verify.3
+MLINKS+= ERR_GET_LIB.3 ERR_GET_FUNC.3
+MLINKS+= ERR_GET_LIB.3 ERR_GET_REASON.3
+MLINKS+= ERR_error_string.3 ERR_error_string_n.3
+MLINKS+= ERR_error_string.3 ERR_lib_error_string.3
+MLINKS+= ERR_error_string.3 ERR_func_error_string.3
+MLINKS+= ERR_error_string.3 ERR_reason_error_string.3
+MLINKS+= ERR_get_error.3 ERR_peek_error.3
+MLINKS+= ERR_get_error.3 ERR_peek_last_error.3
+MLINKS+= ERR_get_error.3 ERR_get_error_line.3
+MLINKS+= ERR_get_error.3 ERR_peek_error_line.3
+MLINKS+= ERR_get_error.3 ERR_peek_last_error_line.3
+MLINKS+= ERR_get_error.3 ERR_get_error_line_data.3
+MLINKS+= ERR_get_error.3 ERR_peek_error_line_data.3
+MLINKS+= ERR_get_error.3 ERR_peek_last_error_line_data.3
+MLINKS+= ERR_load_crypto_strings.3 SSL_load_error_strings.3
+MLINKS+= ERR_load_crypto_strings.3 ERR_free_strings.3
+MLINKS+= ERR_load_strings.3 ERR_PACK.3
+MLINKS+= ERR_load_strings.3 ERR_get_next_error_library.3
+MLINKS+= ERR_print_errors.3 ERR_print_errors_fp.3
+MLINKS+= ERR_put_error.3 ERR_add_error_data.3
+MLINKS+= ERR_set_mark.3 ERR_pop_to_mark.3
+MLINKS+= EVP_DigestInit.3 EVP_MD_CTX_init.3
+MLINKS+= EVP_DigestInit.3 EVP_MD_CTX_create.3
+MLINKS+= EVP_DigestInit.3 EVP_DigestInit_ex.3
+MLINKS+= EVP_DigestInit.3 EVP_DigestUpdate.3
+MLINKS+= EVP_DigestInit.3 EVP_DigestFinal_ex.3
+MLINKS+= EVP_DigestInit.3 EVP_MD_CTX_cleanup.3
+MLINKS+= EVP_DigestInit.3 EVP_MD_CTX_destroy.3
+MLINKS+= EVP_DigestInit.3 EVP_MAX_MD_SIZE.3
+MLINKS+= EVP_DigestInit.3 EVP_MD_CTX_copy_ex.3
+MLINKS+= EVP_DigestInit.3 EVP_MD_CTX_copy.3
+MLINKS+= EVP_DigestInit.3 EVP_MD_type.3
+MLINKS+= EVP_DigestInit.3 EVP_MD_pkey_type.3
+MLINKS+= EVP_DigestInit.3 EVP_MD_size.3
+MLINKS+= EVP_DigestInit.3 EVP_MD_block_size.3
+MLINKS+= EVP_DigestInit.3 EVP_MD_CTX_md.3
+MLINKS+= EVP_DigestInit.3 EVP_MD_CTX_size.3
+MLINKS+= EVP_DigestInit.3 EVP_MD_CTX_block_size.3
+MLINKS+= EVP_DigestInit.3 EVP_MD_CTX_type.3
+MLINKS+= EVP_DigestInit.3 EVP_md_null.3
+MLINKS+= EVP_DigestInit.3 EVP_md2.3
+MLINKS+= EVP_DigestInit.3 EVP_md5.3
+MLINKS+= EVP_DigestInit.3 EVP_sha.3
+MLINKS+= EVP_DigestInit.3 EVP_sha1.3
+MLINKS+= EVP_DigestInit.3 EVP_dss.3
+MLINKS+= EVP_DigestInit.3 EVP_dss1.3
+MLINKS+= EVP_DigestInit.3 EVP_mdc2.3
+MLINKS+= EVP_DigestInit.3 EVP_ripemd160.3
+MLINKS+= EVP_DigestInit.3 EVP_get_digestbyname.3
+MLINKS+= EVP_DigestInit.3 EVP_get_digestbynid.3
+MLINKS+= EVP_DigestInit.3 EVP_get_digestbyobj.3
+MLINKS+= EVP_EncryptInit.3 EVP_CIPHER_CTX_init.3
+MLINKS+= EVP_EncryptInit.3 EVP_EncryptInit_ex.3
+MLINKS+= EVP_EncryptInit.3 EVP_EncryptUpdate.3
+MLINKS+= EVP_EncryptInit.3 EVP_EncryptFinal_ex.3
+MLINKS+= EVP_EncryptInit.3 EVP_DecryptInit_ex.3
+MLINKS+= EVP_EncryptInit.3 EVP_DecryptUpdate.3
+MLINKS+= EVP_EncryptInit.3 EVP_DecryptFinal_ex.3
+MLINKS+= EVP_EncryptInit.3 EVP_CipherInit_ex.3
+MLINKS+= EVP_EncryptInit.3 EVP_CipherUpdate.3
+MLINKS+= EVP_EncryptInit.3 EVP_CipherFinal_ex.3
+MLINKS+= EVP_EncryptInit.3 EVP_CIPHER_CTX_set_key_length.3
+MLINKS+= EVP_EncryptInit.3 EVP_CIPHER_CTX_ctrl.3
+MLINKS+= EVP_EncryptInit.3 EVP_CIPHER_CTX_cleanup.3
+MLINKS+= EVP_EncryptInit.3 EVP_EncryptFinal.3
+MLINKS+= EVP_EncryptInit.3 EVP_DecryptInit.3
+MLINKS+= EVP_EncryptInit.3 EVP_DecryptFinal.3
+MLINKS+= EVP_EncryptInit.3 EVP_CipherInit.3
+MLINKS+= EVP_EncryptInit.3 EVP_CipherFinal.3
+MLINKS+= EVP_EncryptInit.3 EVP_get_cipherbyname.3
+MLINKS+= EVP_EncryptInit.3 EVP_get_cipherbynid.3
+MLINKS+= EVP_EncryptInit.3 EVP_get_cipherbyobj.3
+MLINKS+= EVP_EncryptInit.3 EVP_CIPHER_nid.3
+MLINKS+= EVP_EncryptInit.3 EVP_CIPHER_block_size.3
+MLINKS+= EVP_EncryptInit.3 EVP_CIPHER_key_length.3
+MLINKS+= EVP_EncryptInit.3 EVP_CIPHER_iv_length.3
+MLINKS+= EVP_EncryptInit.3 EVP_CIPHER_flags.3
+MLINKS+= EVP_EncryptInit.3 EVP_CIPHER_mode.3
+MLINKS+= EVP_EncryptInit.3 EVP_CIPHER_type.3
+MLINKS+= EVP_EncryptInit.3 EVP_CIPHER_CTX_cipher.3
+MLINKS+= EVP_EncryptInit.3 EVP_CIPHER_CTX_nid.3
+MLINKS+= EVP_EncryptInit.3 EVP_CIPHER_CTX_block_size.3
+MLINKS+= EVP_EncryptInit.3 EVP_CIPHER_CTX_key_length.3
+MLINKS+= EVP_EncryptInit.3 EVP_CIPHER_CTX_iv_length.3
+MLINKS+= EVP_EncryptInit.3 EVP_CIPHER_CTX_get_app_data.3
+MLINKS+= EVP_EncryptInit.3 EVP_CIPHER_CTX_set_app_data.3
+MLINKS+= EVP_EncryptInit.3 EVP_CIPHER_CTX_type.3
+MLINKS+= EVP_EncryptInit.3 EVP_CIPHER_CTX_flags.3
+MLINKS+= EVP_EncryptInit.3 EVP_CIPHER_CTX_mode.3
+MLINKS+= EVP_EncryptInit.3 EVP_CIPHER_param_to_asn1.3
+MLINKS+= EVP_EncryptInit.3 EVP_CIPHER_asn1_to_param.3
+MLINKS+= EVP_EncryptInit.3 EVP_CIPHER_CTX_set_padding.3
+MLINKS+= EVP_OpenInit.3 EVP_OpenUpdate.3
+MLINKS+= EVP_OpenInit.3 EVP_OpenFinal.3
+MLINKS+= EVP_PKEY_new.3 EVP_PKEY_free.3
+MLINKS+= EVP_PKEY_set1_RSA.3 EVP_PKEY_set1_DSA.3
+MLINKS+= EVP_PKEY_set1_RSA.3 EVP_PKEY_set1_DH.3
+MLINKS+= EVP_PKEY_set1_RSA.3 EVP_PKEY_set1_EC_KEY.3
+MLINKS+= EVP_PKEY_set1_RSA.3 EVP_PKEY_get1_RSA.3
+MLINKS+= EVP_PKEY_set1_RSA.3 EVP_PKEY_get1_DSA.3
+MLINKS+= EVP_PKEY_set1_RSA.3 EVP_PKEY_get1_DH.3
+MLINKS+= EVP_PKEY_set1_RSA.3 EVP_PKEY_get1_EC_KEY.3
+MLINKS+= EVP_PKEY_set1_RSA.3 EVP_PKEY_assign_RSA.3
+MLINKS+= EVP_PKEY_set1_RSA.3 EVP_PKEY_assign_DSA.3
+MLINKS+= EVP_PKEY_set1_RSA.3 EVP_PKEY_assign_DH.3
+MLINKS+= EVP_PKEY_set1_RSA.3 EVP_PKEY_assign_EC_KEY.3
+MLINKS+= EVP_PKEY_set1_RSA.3 EVP_PKEY_type.3
+MLINKS+= EVP_SealInit.3 EVP_SealUpdate.3
+MLINKS+= EVP_SealInit.3 EVP_SealFinal.3
+MLINKS+= EVP_SignInit.3 EVP_SignUpdate.3
+MLINKS+= EVP_SignInit.3 EVP_SignFinal.3
+MLINKS+= EVP_VerifyInit.3 EVP_VerifyUpdate.3
+MLINKS+= EVP_VerifyInit.3 EVP_VerifyFinal.3
+MLINKS+= OBJ_nid2obj.3 OBJ_nid2ln.3
+MLINKS+= OBJ_nid2obj.3 OBJ_nid2sn.3
+MLINKS+= OBJ_nid2obj.3 OBJ_obj2nid.3
+MLINKS+= OBJ_nid2obj.3 OBJ_txt2nid.3
+MLINKS+= OBJ_nid2obj.3 OBJ_ln2nid.3
+MLINKS+= OBJ_nid2obj.3 OBJ_sn2nid.3
+MLINKS+= OBJ_nid2obj.3 OBJ_cmp.3
+MLINKS+= OBJ_nid2obj.3 OBJ_dup.3
+MLINKS+= OBJ_nid2obj.3 OBJ_txt2obj.3
+MLINKS+= OBJ_nid2obj.3 OBJ_obj2txt.3
+MLINKS+= OBJ_nid2obj.3 OBJ_create.3
+MLINKS+= OBJ_nid2obj.3 OBJ_cleanup.3
+MLINKS+= OPENSSL_VERSION_NUMBER.3 SSLeay.3
+MLINKS+= OPENSSL_VERSION_NUMBER.3 SSLeay_version.3
+MLINKS+= OPENSSL_config.3 OPENSSL_no_config.3
+MLINKS+= OpenSSL_add_all_algorithms.3 OpenSSL_add_all_ciphers.3
+MLINKS+= OpenSSL_add_all_algorithms.3 OpenSSL_add_all_digests.3
+MLINKS+= RAND_add.3 RAND_seed.3
+MLINKS+= RAND_add.3 RAND_status.3
+MLINKS+= RAND_add.3 RAND_event.3
+MLINKS+= RAND_add.3 RAND_screen.3
+MLINKS+= RAND_bytes.3 RAND_pseudo_bytes.3
+MLINKS+= RAND_load_file.3 RAND_write_file.3
+MLINKS+= RAND_load_file.3 RAND_file_name.3
+MLINKS+= RAND_set_rand_method.3 RAND_get_rand_method.3
+MLINKS+= RAND_set_rand_method.3 RAND_SSLeay.3
+MLINKS+= RSA_blinding_on.3 RSA_blinding_off.3
+MLINKS+= RSA_get_ex_new_index.3 RSA_set_ex_data.3
+MLINKS+= RSA_get_ex_new_index.3 RSA_get_ex_data.3
+MLINKS+= RSA_new.3 RSA_free.3
+MLINKS+= RSA_padding_add_PKCS1_type_1.3 RSA_padding_check_PKCS1_type_1.3
+MLINKS+= RSA_padding_add_PKCS1_type_1.3 RSA_padding_add_PKCS1_type_2.3
+MLINKS+= RSA_padding_add_PKCS1_type_1.3 RSA_padding_check_PKCS1_type_2.3
+MLINKS+= RSA_padding_add_PKCS1_type_1.3 RSA_padding_add_PKCS1_OAEP.3
+MLINKS+= RSA_padding_add_PKCS1_type_1.3 RSA_padding_check_PKCS1_OAEP.3
+MLINKS+= RSA_padding_add_PKCS1_type_1.3 RSA_padding_add_SSLv23.3
+MLINKS+= RSA_padding_add_PKCS1_type_1.3 RSA_padding_check_SSLv23.3
+MLINKS+= RSA_padding_add_PKCS1_type_1.3 RSA_padding_add_none.3
+MLINKS+= RSA_padding_add_PKCS1_type_1.3 RSA_padding_check_none.3
+MLINKS+= RSA_print.3 RSA_print_fp.3
+MLINKS+= RSA_print.3 DSAparams_print.3
+MLINKS+= RSA_print.3 DSAparams_print_fp.3
+MLINKS+= RSA_print.3 DSA_print.3
+MLINKS+= RSA_print.3 DSA_print_fp.3
+MLINKS+= RSA_print.3 DHparams_print.3
+MLINKS+= RSA_print.3 DHparams_print_fp.3
+MLINKS+= RSA_private_encrypt.3 RSA_public_decrypt.3
+MLINKS+= RSA_public_encrypt.3 RSA_private_decrypt.3
+MLINKS+= RSA_set_method.3 RSA_set_default_method.3
+MLINKS+= RSA_set_method.3 RSA_get_default_method.3
+MLINKS+= RSA_set_method.3 RSA_get_method.3
+MLINKS+= RSA_set_method.3 RSA_PKCS1_SSLeay.3
+MLINKS+= RSA_set_method.3 RSA_null_method.3
+MLINKS+= RSA_set_method.3 RSA_flags.3
+MLINKS+= RSA_set_method.3 RSA_new_method.3
+MLINKS+= RSA_sign.3 RSA_verify.3
+MLINKS+= RSA_sign_ASN1_OCTET_STRING.3 RSA_verify_ASN1_OCTET_STRING.3
+MLINKS+= X509_NAME_ENTRY_get_object.3 X509_NAME_ENTRY_get_data.3
+MLINKS+= X509_NAME_ENTRY_get_object.3 X509_NAME_ENTRY_set_object.3
+MLINKS+= X509_NAME_ENTRY_get_object.3 X509_NAME_ENTRY_set_data.3
+MLINKS+= X509_NAME_ENTRY_get_object.3 X509_NAME_ENTRY_create_by_txt.3
+MLINKS+= X509_NAME_ENTRY_get_object.3 X509_NAME_ENTRY_create_by_NID.3
+MLINKS+= X509_NAME_ENTRY_get_object.3 X509_NAME_ENTRY_create_by_OBJ.3
+MLINKS+= X509_NAME_add_entry_by_txt.3 X509_NAME_add_entry_by_OBJ.3
+MLINKS+= X509_NAME_add_entry_by_txt.3 X509_NAME_add_entry_by_NID.3
+MLINKS+= X509_NAME_add_entry_by_txt.3 X509_NAME_add_entry.3
+MLINKS+= X509_NAME_add_entry_by_txt.3 X509_NAME_delete_entry.3
+MLINKS+= X509_NAME_get_index_by_NID.3 X509_NAME_get_index_by_OBJ.3
+MLINKS+= X509_NAME_get_index_by_NID.3 X509_NAME_get_entry.3
+MLINKS+= X509_NAME_get_index_by_NID.3 X509_NAME_entry_count.3
+MLINKS+= X509_NAME_get_index_by_NID.3 X509_NAME_get_text_by_NID.3
+MLINKS+= X509_NAME_get_index_by_NID.3 X509_NAME_get_text_by_OBJ.3
+MLINKS+= X509_NAME_print_ex.3 X509_NAME_print_ex_fp.3
+MLINKS+= X509_NAME_print_ex.3 X509_NAME_print.3
+MLINKS+= X509_NAME_print_ex.3 X509_NAME_oneline.3
+MLINKS+= X509_new.3 X509_free.3
+MLINKS+= blowfish.3 BF_set_key.3
+MLINKS+= blowfish.3 BF_encrypt.3
+MLINKS+= blowfish.3 BF_decrypt.3
+MLINKS+= blowfish.3 BF_ecb_encrypt.3
+MLINKS+= blowfish.3 BF_cbc_encrypt.3
+MLINKS+= blowfish.3 BF_cfb64_encrypt.3
+MLINKS+= blowfish.3 BF_ofb64_encrypt.3
+MLINKS+= blowfish.3 BF_options.3
+MLINKS+= bn_internal.3 bn_mul_words.3
+MLINKS+= bn_internal.3 bn_mul_add_words.3
+MLINKS+= bn_internal.3 bn_sqr_words.3
+MLINKS+= bn_internal.3 bn_div_words.3
+MLINKS+= bn_internal.3 bn_add_words.3
+MLINKS+= bn_internal.3 bn_sub_words.3
+MLINKS+= bn_internal.3 bn_mul_comba4.3
+MLINKS+= bn_internal.3 bn_mul_comba8.3
+MLINKS+= bn_internal.3 bn_sqr_comba4.3
+MLINKS+= bn_internal.3 bn_sqr_comba8.3
+MLINKS+= bn_internal.3 bn_cmp_words.3
+MLINKS+= bn_internal.3 bn_mul_normal.3
+MLINKS+= bn_internal.3 bn_mul_low_normal.3
+MLINKS+= bn_internal.3 bn_mul_recursive.3
+MLINKS+= bn_internal.3 bn_mul_part_recursive.3
+MLINKS+= bn_internal.3 bn_mul_low_recursive.3
+MLINKS+= bn_internal.3 bn_mul_high.3
+MLINKS+= bn_internal.3 bn_sqr_normal.3
+MLINKS+= bn_internal.3 bn_sqr_recursive.3
+MLINKS+= bn_internal.3 bn_expand.3
+MLINKS+= bn_internal.3 bn_wexpand.3
+MLINKS+= bn_internal.3 bn_expand2.3
+MLINKS+= bn_internal.3 bn_fix_top.3
+MLINKS+= bn_internal.3 bn_check_top.3
+MLINKS+= bn_internal.3 bn_print.3
+MLINKS+= bn_internal.3 bn_dump.3
+MLINKS+= bn_internal.3 bn_set_max.3
+MLINKS+= bn_internal.3 bn_set_high.3
+MLINKS+= bn_internal.3 bn_set_low.3
+MLINKS+= buffer.3 BUF_MEM_new.3
+MLINKS+= buffer.3 BUF_MEM_free.3
+MLINKS+= buffer.3 BUF_MEM_grow.3
+MLINKS+= buffer.3 BUF_strdup.3
+MLINKS+= d2i_ASN1_OBJECT.3 i2d_ASN1_OBJECT.3
+MLINKS+= d2i_DHparams.3 i2d_DHparams.3
+MLINKS+= d2i_DSAPublicKey.3 i2d_DSAPublicKey.3
+MLINKS+= d2i_DSAPublicKey.3 d2i_DSAPrivateKey.3
+MLINKS+= d2i_DSAPublicKey.3 i2d_DSAPrivateKey.3
+MLINKS+= d2i_DSAPublicKey.3 d2i_DSA_PUBKEY.3
+MLINKS+= d2i_DSAPublicKey.3 i2d_DSA_PUBKEY.3
+MLINKS+= d2i_DSAPublicKey.3 d2i_DSA_SIG.3
+MLINKS+= d2i_DSAPublicKey.3 i2d_DSA_SIG.3
+MLINKS+= d2i_PKCS8PrivateKey.3 d2i_PKCS8PrivateKey_bio.3
+MLINKS+= d2i_PKCS8PrivateKey.3 d2i_PKCS8PrivateKey_fp.3
+MLINKS+= d2i_PKCS8PrivateKey.3 i2d_PKCS8PrivateKey_bio.3
+MLINKS+= d2i_PKCS8PrivateKey.3 i2d_PKCS8PrivateKey_fp.3
+MLINKS+= d2i_PKCS8PrivateKey.3 i2d_PKCS8PrivateKey_nid_bio.3
+MLINKS+= d2i_PKCS8PrivateKey.3 i2d_PKCS8PrivateKey_nid_fp.3
+MLINKS+= d2i_RSAPublicKey.3 i2d_RSAPublicKey.3
+MLINKS+= d2i_RSAPublicKey.3 d2i_RSAPrivateKey.3
+MLINKS+= d2i_RSAPublicKey.3 i2d_RSAPrivateKey.3
+MLINKS+= d2i_RSAPublicKey.3 d2i_RSA_PUBKEY.3
+MLINKS+= d2i_RSAPublicKey.3 i2d_RSA_PUBKEY.3
+MLINKS+= d2i_RSAPublicKey.3 i2d_Netscape_RSA.3
+MLINKS+= d2i_RSAPublicKey.3 d2i_Netscape_RSA.3
+MLINKS+= d2i_X509.3 i2d_X509.3
+MLINKS+= d2i_X509.3 d2i_X509_bio.3
+MLINKS+= d2i_X509.3 d2i_X509_fp.3
+MLINKS+= d2i_X509.3 i2d_X509_bio.3
+MLINKS+= d2i_X509.3 i2d_X509_fp.3
+MLINKS+= d2i_X509_ALGOR.3 i2d_X509_ALGOR.3
+MLINKS+= d2i_X509_CRL.3 i2d_X509_CRL.3
+MLINKS+= d2i_X509_CRL.3 d2i_X509_CRL_bio.3
+MLINKS+= d2i_X509_CRL.3 d2i_509_CRL_fp.3
+MLINKS+= d2i_X509_CRL.3 i2d_X509_CRL_bio.3
+MLINKS+= d2i_X509_CRL.3 i2d_X509_CRL_fp.3
+MLINKS+= d2i_X509_NAME.3 i2d_X509_NAME.3
+MLINKS+= d2i_X509_REQ.3 i2d_X509_REQ.3
+MLINKS+= d2i_X509_REQ.3 d2i_X509_REQ_bio.3
+MLINKS+= d2i_X509_REQ.3 d2i_X509_REQ_fp.3
+MLINKS+= d2i_X509_REQ.3 i2d_X509_REQ_bio.3
+MLINKS+= d2i_X509_REQ.3 i2d_X509_REQ_fp.3
+MLINKS+= d2i_X509_SIG.3 i2d_X509_SIG.3
+MLINKS+= des.3 DES_random_key.3
+MLINKS+= des.3 DES_set_key.3
+MLINKS+= des.3 DES_key_sched.3
+MLINKS+= des.3 DES_set_key_checked.3
+MLINKS+= des.3 DES_set_key_unchecked.3
+MLINKS+= des.3 DES_set_odd_parity.3
+MLINKS+= des.3 DES_is_weak_key.3
+MLINKS+= des.3 DES_ecb_encrypt.3
+MLINKS+= des.3 DES_ecb2_encrypt.3
+MLINKS+= des.3 DES_ecb3_encrypt.3
+MLINKS+= des.3 DES_ncbc_encrypt.3
+MLINKS+= des.3 DES_cfb_encrypt.3
+MLINKS+= des.3 DES_ofb_encrypt.3
+MLINKS+= des.3 DES_pcbc_encrypt.3
+MLINKS+= des.3 DES_cfb64_encrypt.3
+MLINKS+= des.3 DES_ofb64_encrypt.3
+MLINKS+= des.3 DES_xcbc_encrypt.3
+MLINKS+= des.3 DES_ede2_cbc_encrypt.3
+MLINKS+= des.3 DES_ede2_cfb64_encrypt.3
+MLINKS+= des.3 DES_ede2_ofb64_encrypt.3
+MLINKS+= des.3 DES_ede3_cbc_encrypt.3
+MLINKS+= des.3 DES_ede3_cbcm_encrypt.3
+MLINKS+= des.3 DES_ede3_cfb64_encrypt.3
+MLINKS+= des.3 DES_ede3_ofb64_encrypt.3
+MLINKS+= des.3 DES_cbc_cksum.3
+MLINKS+= des.3 DES_quad_cksum.3
+MLINKS+= des.3 DES_string_to_key.3
+MLINKS+= des.3 DES_string_to_2keys.3
+MLINKS+= des.3 DES_fcrypt.3
+MLINKS+= des.3 DES_crypt.3
+MLINKS+= des.3 DES_enc_read.3
+MLINKS+= des.3 DES_enc_write.3
+MLINKS+= hmac.3 HMAC.3
+MLINKS+= hmac.3 HMAC_Init.3
+MLINKS+= hmac.3 HMAC_Update.3
+MLINKS+= hmac.3 HMAC_Final.3
+MLINKS+= hmac.3 HMAC_cleanup.3
+MLINKS+= lh_stats.3 lh_node_stats.3
+MLINKS+= lh_stats.3 lh_node_usage_stats.3
+MLINKS+= lh_stats.3 lh_stats_bio.3
+MLINKS+= lh_stats.3 lh_node_stats_bio.3
+MLINKS+= lh_stats.3 lh_node_usage_stats_bio.3
+MLINKS+= lhash.3 lh_new.3
+MLINKS+= lhash.3 lh_free.3
+MLINKS+= lhash.3 lh_insert.3
+MLINKS+= lhash.3 lh_delete.3
+MLINKS+= lhash.3 lh_retrieve.3
+MLINKS+= lhash.3 lh_doall.3
+MLINKS+= lhash.3 lh_doall_arg.3
+MLINKS+= lhash.3 lh_error.3
+MLINKS+= md5.3 MD2.3
+MLINKS+= md5.3 MD4.3
+MLINKS+= md5.3 MD5.3
+MLINKS+= md5.3 MD2_Init.3
+MLINKS+= md5.3 MD2_Update.3
+MLINKS+= md5.3 MD2_Final.3
+MLINKS+= md5.3 MD4_Init.3
+MLINKS+= md5.3 MD4_Update.3
+MLINKS+= md5.3 MD4_Final.3
+MLINKS+= md5.3 MD5_Init.3
+MLINKS+= md5.3 MD5_Update.3
+MLINKS+= md5.3 MD5_Final.3
+MLINKS+= mdc2.3 MDC2.3
+MLINKS+= mdc2.3 MDC2_Init.3
+MLINKS+= mdc2.3 MDC2_Update.3
+MLINKS+= mdc2.3 MDC2_Final.3
+MLINKS+= pem.3 PEM.3
+MLINKS+= pem.3 PEM_read_bio_PrivateKey.3
+MLINKS+= pem.3 PEM_read_PrivateKey.3
+MLINKS+= pem.3 PEM_write_bio_PrivateKey.3
+MLINKS+= pem.3 PEM_write_PrivateKey.3
+MLINKS+= pem.3 PEM_write_bio_PKCS8PrivateKey.3
+MLINKS+= pem.3 PEM_write_PKCS8PrivateKey.3
+MLINKS+= pem.3 PEM_write_bio_PKCS8PrivateKey_nid.3
+MLINKS+= pem.3 PEM_write_PKCS8PrivateKey_nid.3
+MLINKS+= pem.3 PEM_read_bio_PUBKEY.3
+MLINKS+= pem.3 PEM_read_PUBKEY.3
+MLINKS+= pem.3 PEM_write_bio_PUBKEY.3
+MLINKS+= pem.3 PEM_write_PUBKEY.3
+MLINKS+= pem.3 PEM_read_bio_RSAPrivateKey.3
+MLINKS+= pem.3 PEM_read_RSAPrivateKey.3
+MLINKS+= pem.3 PEM_write_bio_RSAPrivateKey.3
+MLINKS+= pem.3 PEM_write_RSAPrivateKey.3
+MLINKS+= pem.3 PEM_read_bio_RSAPublicKey.3
+MLINKS+= pem.3 PEM_read_RSAPublicKey.3
+MLINKS+= pem.3 PEM_write_bio_RSAPublicKey.3
+MLINKS+= pem.3 PEM_write_RSAPublicKey.3
+MLINKS+= pem.3 PEM_read_bio_RSA_PUBKEY.3
+MLINKS+= pem.3 PEM_read_RSA_PUBKEY.3
+MLINKS+= pem.3 PEM_write_bio_RSA_PUBKEY.3
+MLINKS+= pem.3 PEM_write_RSA_PUBKEY.3
+MLINKS+= pem.3 PEM_read_bio_DSAPrivateKey.3
+MLINKS+= pem.3 PEM_read_DSAPrivateKey.3
+MLINKS+= pem.3 PEM_write_bio_DSAPrivateKey.3
+MLINKS+= pem.3 PEM_write_DSAPrivateKey.3
+MLINKS+= pem.3 PEM_read_bio_DSA_PUBKEY.3
+MLINKS+= pem.3 PEM_read_DSA_PUBKEY.3
+MLINKS+= pem.3 PEM_write_bio_DSA_PUBKEY.3
+MLINKS+= pem.3 PEM_write_DSA_PUBKEY.3
+MLINKS+= pem.3 PEM_read_bio_DSAparams.3
+MLINKS+= pem.3 PEM_read_DSAparams.3
+MLINKS+= pem.3 PEM_write_bio_DSAparams.3
+MLINKS+= pem.3 PEM_write_DSAparams.3
+MLINKS+= pem.3 PEM_read_bio_DHparams.3
+MLINKS+= pem.3 PEM_read_DHparams.3
+MLINKS+= pem.3 PEM_write_bio_DHparams.3
+MLINKS+= pem.3 PEM_write_DHparams.3
+MLINKS+= pem.3 PEM_read_bio_X509.3
+MLINKS+= pem.3 PEM_read_X509.3
+MLINKS+= pem.3 PEM_write_bio_X509.3
+MLINKS+= pem.3 PEM_write_X509.3
+MLINKS+= pem.3 PEM_read_bio_X509_AUX.3
+MLINKS+= pem.3 PEM_read_X509_AUX.3
+MLINKS+= pem.3 PEM_write_bio_X509_AUX.3
+MLINKS+= pem.3 PEM_write_X509_AUX.3
+MLINKS+= pem.3 PEM_read_bio_X509_REQ.3
+MLINKS+= pem.3 PEM_read_X509_REQ.3
+MLINKS+= pem.3 PEM_write_bio_X509_REQ.3
+MLINKS+= pem.3 PEM_write_X509_REQ.3
+MLINKS+= pem.3 PEM_write_bio_X509_REQ_NEW.3
+MLINKS+= pem.3 PEM_write_X509_REQ_NEW.3
+MLINKS+= pem.3 PEM_read_bio_X509_CRL.3
+MLINKS+= pem.3 PEM_read_X509_CRL.3
+MLINKS+= pem.3 PEM_write_bio_X509_CRL.3
+MLINKS+= pem.3 PEM_write_X509_CRL.3
+MLINKS+= pem.3 PEM_read_bio_PKCS7.3
+MLINKS+= pem.3 PEM_read_PKCS7.3
+MLINKS+= pem.3 PEM_write_bio_PKCS7.3
+MLINKS+= pem.3 PEM_write_PKCS7.3
+MLINKS+= pem.3 PEM_read_bio_NETSCAPE_CERT_SEQUENCE.3
+MLINKS+= pem.3 PEM_read_NETSCAPE_CERT_SEQUENCE.3
+MLINKS+= pem.3 PEM_write_bio_NETSCAPE_CERT_SEQUENCE.3
+MLINKS+= pem.3 PEM_write_NETSCAPE_CERT_SEQUENCE.3
+MLINKS+= rc4.3 RC4_set_key.3
+MLINKS+= rc4.3 RC4.3
+MLINKS+= ripemd.3 RIPEMD160.3
+MLINKS+= ripemd.3 RIPEMD160_Init.3
+MLINKS+= ripemd.3 RIPEMD160_Update.3
+MLINKS+= ripemd.3 RIPEMD160_Final.3
+MLINKS+= sha.3 SHA1.3
+MLINKS+= sha.3 SHA1_Init.3
+MLINKS+= sha.3 SHA1_Update.3
+MLINKS+= sha.3 SHA1_Final.3
+MLINKS+= threads.3 CRYPTO_set_locking_callback.3
+MLINKS+= threads.3 CRYPTO_set_id_callback.3
+MLINKS+= threads.3 CRYPTO_num_locks.3
+MLINKS+= threads.3 CRYPTO_set_dynlock_create_callback.3
+MLINKS+= threads.3 CRYPTO_set_dynlock_lock_callback.3
+MLINKS+= threads.3 CRYPTO_set_dynlock_destroy_callback.3
+MLINKS+= threads.3 CRYPTO_get_new_dynlockid.3
+MLINKS+= threads.3 CRYPTO_destroy_dynlockid.3
+MLINKS+= threads.3 CRYPTO_lock.3
+MLINKS+= ui.3 UI_new.3
+MLINKS+= ui.3 UI_new_method.3
+MLINKS+= ui.3 UI_free.3
+MLINKS+= ui.3 UI_add_input_string.3
+MLINKS+= ui.3 UI_dup_input_string.3
+MLINKS+= ui.3 UI_add_verify_string.3
+MLINKS+= ui.3 UI_dup_verify_string.3
+MLINKS+= ui.3 UI_add_input_boolean.3
+MLINKS+= ui.3 UI_dup_input_boolean.3
+MLINKS+= ui.3 UI_add_info_string.3
+MLINKS+= ui.3 UI_dup_info_string.3
+MLINKS+= ui.3 UI_add_error_string.3
+MLINKS+= ui.3 UI_dup_error_string.3
+MLINKS+= ui.3 UI_construct_prompt.3
+MLINKS+= ui.3 UI_add_user_data.3
+MLINKS+= ui.3 UI_get0_user_data.3
+MLINKS+= ui.3 UI_get0_result.3
+MLINKS+= ui.3 UI_process.3
+MLINKS+= ui.3 UI_ctrl.3
+MLINKS+= ui.3 UI_set_default_method.3
+MLINKS+= ui.3 UI_get_default_method.3
+MLINKS+= ui.3 UI_get_method.3
+MLINKS+= ui.3 UI_set_method.3
+MLINKS+= ui.3 UI_OpenSSL.3
+MLINKS+= ui.3 ERR_load_UI_strings.3
+MLINKS+= ui_compat.3 des_read_password.3
+MLINKS+= ui_compat.3 des_read_2passwords.3
+MLINKS+= ui_compat.3 des_read_pw_string.3
+MLINKS+= ui_compat.3 des_read_pw.3
diff --git a/secure/lib/libcrypto/engines/Makefile b/secure/lib/libcrypto/engines/Makefile
new file mode 100644
index 0000000..6250527
--- /dev/null
+++ b/secure/lib/libcrypto/engines/Makefile
@@ -0,0 +1,6 @@
+# $FreeBSD$
+
+SUBDIR= lib4758cca libaep libatalla libcswift libchil libnuron \
+ libsureware libubsec
+
+.include <bsd.subdir.mk>
diff --git a/secure/lib/libcrypto/engines/Makefile.inc b/secure/lib/libcrypto/engines/Makefile.inc
new file mode 100644
index 0000000..a71820f
--- /dev/null
+++ b/secure/lib/libcrypto/engines/Makefile.inc
@@ -0,0 +1,6 @@
+# $FreeBSD$
+
+LCRYPTO_SRC= ${.CURDIR}/../../../../../crypto/openssl
+.PATH: ${LCRYPTO_SRC}/engines
+
+SHLIBDIR?= /usr/lib/engines
diff --git a/secure/lib/libcrypto/engines/lib4758cca/Makefile b/secure/lib/libcrypto/engines/lib4758cca/Makefile
new file mode 100644
index 0000000..4144034
--- /dev/null
+++ b/secure/lib/libcrypto/engines/lib4758cca/Makefile
@@ -0,0 +1,7 @@
+# $FreeBSD$
+
+SHLIB_NAME?= lib4758cca.so
+SRCS= e_4758cca.c
+NO_MAN= # For now
+
+.include <bsd.lib.mk>
diff --git a/secure/lib/libcrypto/engines/libaep/Makefile b/secure/lib/libcrypto/engines/libaep/Makefile
new file mode 100644
index 0000000..66997df
--- /dev/null
+++ b/secure/lib/libcrypto/engines/libaep/Makefile
@@ -0,0 +1,6 @@
+# $FreeBSD$
+
+SHLIB_NAME?= libaep.so
+SRCS= e_aep.c
+
+.include <bsd.lib.mk>
diff --git a/secure/lib/libcrypto/engines/libatalla/Makefile b/secure/lib/libcrypto/engines/libatalla/Makefile
new file mode 100644
index 0000000..6223dea
--- /dev/null
+++ b/secure/lib/libcrypto/engines/libatalla/Makefile
@@ -0,0 +1,6 @@
+# $FreeBSD$
+
+SHLIB_NAME?= libatalla.so
+SRCS= e_atalla.c
+
+.include <bsd.lib.mk>
diff --git a/secure/lib/libcrypto/engines/libchil/Makefile b/secure/lib/libcrypto/engines/libchil/Makefile
new file mode 100644
index 0000000..14972c9
--- /dev/null
+++ b/secure/lib/libcrypto/engines/libchil/Makefile
@@ -0,0 +1,6 @@
+# $FreeBSD$
+
+SHLIB_NAME?= libchil.so
+SRCS= e_chil.c
+
+.include <bsd.lib.mk>
diff --git a/secure/lib/libcrypto/engines/libcswift/Makefile b/secure/lib/libcrypto/engines/libcswift/Makefile
new file mode 100644
index 0000000..38b0045
--- /dev/null
+++ b/secure/lib/libcrypto/engines/libcswift/Makefile
@@ -0,0 +1,6 @@
+# $FreeBSD$
+
+SHLIB_NAME?= libcswift.so
+SRCS= e_cswift.c
+
+.include <bsd.lib.mk>
diff --git a/secure/lib/libcrypto/engines/libnuron/Makefile b/secure/lib/libcrypto/engines/libnuron/Makefile
new file mode 100644
index 0000000..82aab9b
--- /dev/null
+++ b/secure/lib/libcrypto/engines/libnuron/Makefile
@@ -0,0 +1,6 @@
+# $FreeBSD$
+
+SHLIB_NAME?= libnuron.so
+SRCS= e_nuron.c
+
+.include <bsd.lib.mk>
diff --git a/secure/lib/libcrypto/engines/libsureware/Makefile b/secure/lib/libcrypto/engines/libsureware/Makefile
new file mode 100644
index 0000000..4d176ee
--- /dev/null
+++ b/secure/lib/libcrypto/engines/libsureware/Makefile
@@ -0,0 +1,6 @@
+# $FreeBSD$
+
+SHLIB_NAME?= libsureware.so
+SRCS= e_sureware.c
+
+.include <bsd.lib.mk>
diff --git a/secure/lib/libcrypto/engines/libubsec/Makefile b/secure/lib/libcrypto/engines/libubsec/Makefile
new file mode 100644
index 0000000..e02efab
--- /dev/null
+++ b/secure/lib/libcrypto/engines/libubsec/Makefile
@@ -0,0 +1,6 @@
+# $FreeBSD$
+
+SHLIB_NAME?= libubsec.so
+SRCS= e_ubsec.c
+
+.include <bsd.lib.mk>
diff --git a/secure/lib/libcrypto/i386/bf-586.s b/secure/lib/libcrypto/i386/bf-586.s
new file mode 100644
index 0000000..73e0042
--- /dev/null
+++ b/secure/lib/libcrypto/i386/bf-586.s
@@ -0,0 +1,927 @@
+ # $FreeBSD$
+
+
+
+
+
+
+ .file "bf-586.s"
+ .version "01.01"
+gcc2_compiled.:
+.text
+ .align 16
+.globl BF_encrypt
+ .type BF_encrypt,@function
+BF_encrypt:
+
+ pushl %ebp
+ pushl %ebx
+ movl 12(%esp), %ebx
+ movl 16(%esp), %ebp
+ pushl %esi
+ pushl %edi
+
+ movl (%ebx), %edi
+ movl 4(%ebx), %esi
+ xorl %eax, %eax
+ movl (%ebp), %ebx
+ xorl %ecx, %ecx
+ xorl %ebx, %edi
+
+
+ movl 4(%ebp), %edx
+ movl %edi, %ebx
+ xorl %edx, %esi
+ shrl $16, %ebx
+ movl %edi, %edx
+ movb %bh, %al
+ andl $255, %ebx
+ movb %dh, %cl
+ andl $255, %edx
+ movl 72(%ebp,%eax,4),%eax
+ movl 1096(%ebp,%ebx,4),%ebx
+ addl %eax, %ebx
+ movl 2120(%ebp,%ecx,4),%eax
+ xorl %eax, %ebx
+ movl 3144(%ebp,%edx,4),%edx
+ addl %edx, %ebx
+ xorl %eax, %eax
+ xorl %ebx, %esi
+
+
+ movl 8(%ebp), %edx
+ movl %esi, %ebx
+ xorl %edx, %edi
+ shrl $16, %ebx
+ movl %esi, %edx
+ movb %bh, %al
+ andl $255, %ebx
+ movb %dh, %cl
+ andl $255, %edx
+ movl 72(%ebp,%eax,4),%eax
+ movl 1096(%ebp,%ebx,4),%ebx
+ addl %eax, %ebx
+ movl 2120(%ebp,%ecx,4),%eax
+ xorl %eax, %ebx
+ movl 3144(%ebp,%edx,4),%edx
+ addl %edx, %ebx
+ xorl %eax, %eax
+ xorl %ebx, %edi
+
+
+ movl 12(%ebp), %edx
+ movl %edi, %ebx
+ xorl %edx, %esi
+ shrl $16, %ebx
+ movl %edi, %edx
+ movb %bh, %al
+ andl $255, %ebx
+ movb %dh, %cl
+ andl $255, %edx
+ movl 72(%ebp,%eax,4),%eax
+ movl 1096(%ebp,%ebx,4),%ebx
+ addl %eax, %ebx
+ movl 2120(%ebp,%ecx,4),%eax
+ xorl %eax, %ebx
+ movl 3144(%ebp,%edx,4),%edx
+ addl %edx, %ebx
+ xorl %eax, %eax
+ xorl %ebx, %esi
+
+
+ movl 16(%ebp), %edx
+ movl %esi, %ebx
+ xorl %edx, %edi
+ shrl $16, %ebx
+ movl %esi, %edx
+ movb %bh, %al
+ andl $255, %ebx
+ movb %dh, %cl
+ andl $255, %edx
+ movl 72(%ebp,%eax,4),%eax
+ movl 1096(%ebp,%ebx,4),%ebx
+ addl %eax, %ebx
+ movl 2120(%ebp,%ecx,4),%eax
+ xorl %eax, %ebx
+ movl 3144(%ebp,%edx,4),%edx
+ addl %edx, %ebx
+ xorl %eax, %eax
+ xorl %ebx, %edi
+
+
+ movl 20(%ebp), %edx
+ movl %edi, %ebx
+ xorl %edx, %esi
+ shrl $16, %ebx
+ movl %edi, %edx
+ movb %bh, %al
+ andl $255, %ebx
+ movb %dh, %cl
+ andl $255, %edx
+ movl 72(%ebp,%eax,4),%eax
+ movl 1096(%ebp,%ebx,4),%ebx
+ addl %eax, %ebx
+ movl 2120(%ebp,%ecx,4),%eax
+ xorl %eax, %ebx
+ movl 3144(%ebp,%edx,4),%edx
+ addl %edx, %ebx
+ xorl %eax, %eax
+ xorl %ebx, %esi
+
+
+ movl 24(%ebp), %edx
+ movl %esi, %ebx
+ xorl %edx, %edi
+ shrl $16, %ebx
+ movl %esi, %edx
+ movb %bh, %al
+ andl $255, %ebx
+ movb %dh, %cl
+ andl $255, %edx
+ movl 72(%ebp,%eax,4),%eax
+ movl 1096(%ebp,%ebx,4),%ebx
+ addl %eax, %ebx
+ movl 2120(%ebp,%ecx,4),%eax
+ xorl %eax, %ebx
+ movl 3144(%ebp,%edx,4),%edx
+ addl %edx, %ebx
+ xorl %eax, %eax
+ xorl %ebx, %edi
+
+
+ movl 28(%ebp), %edx
+ movl %edi, %ebx
+ xorl %edx, %esi
+ shrl $16, %ebx
+ movl %edi, %edx
+ movb %bh, %al
+ andl $255, %ebx
+ movb %dh, %cl
+ andl $255, %edx
+ movl 72(%ebp,%eax,4),%eax
+ movl 1096(%ebp,%ebx,4),%ebx
+ addl %eax, %ebx
+ movl 2120(%ebp,%ecx,4),%eax
+ xorl %eax, %ebx
+ movl 3144(%ebp,%edx,4),%edx
+ addl %edx, %ebx
+ xorl %eax, %eax
+ xorl %ebx, %esi
+
+
+ movl 32(%ebp), %edx
+ movl %esi, %ebx
+ xorl %edx, %edi
+ shrl $16, %ebx
+ movl %esi, %edx
+ movb %bh, %al
+ andl $255, %ebx
+ movb %dh, %cl
+ andl $255, %edx
+ movl 72(%ebp,%eax,4),%eax
+ movl 1096(%ebp,%ebx,4),%ebx
+ addl %eax, %ebx
+ movl 2120(%ebp,%ecx,4),%eax
+ xorl %eax, %ebx
+ movl 3144(%ebp,%edx,4),%edx
+ addl %edx, %ebx
+ xorl %eax, %eax
+ xorl %ebx, %edi
+
+
+ movl 36(%ebp), %edx
+ movl %edi, %ebx
+ xorl %edx, %esi
+ shrl $16, %ebx
+ movl %edi, %edx
+ movb %bh, %al
+ andl $255, %ebx
+ movb %dh, %cl
+ andl $255, %edx
+ movl 72(%ebp,%eax,4),%eax
+ movl 1096(%ebp,%ebx,4),%ebx
+ addl %eax, %ebx
+ movl 2120(%ebp,%ecx,4),%eax
+ xorl %eax, %ebx
+ movl 3144(%ebp,%edx,4),%edx
+ addl %edx, %ebx
+ xorl %eax, %eax
+ xorl %ebx, %esi
+
+
+ movl 40(%ebp), %edx
+ movl %esi, %ebx
+ xorl %edx, %edi
+ shrl $16, %ebx
+ movl %esi, %edx
+ movb %bh, %al
+ andl $255, %ebx
+ movb %dh, %cl
+ andl $255, %edx
+ movl 72(%ebp,%eax,4),%eax
+ movl 1096(%ebp,%ebx,4),%ebx
+ addl %eax, %ebx
+ movl 2120(%ebp,%ecx,4),%eax
+ xorl %eax, %ebx
+ movl 3144(%ebp,%edx,4),%edx
+ addl %edx, %ebx
+ xorl %eax, %eax
+ xorl %ebx, %edi
+
+
+ movl 44(%ebp), %edx
+ movl %edi, %ebx
+ xorl %edx, %esi
+ shrl $16, %ebx
+ movl %edi, %edx
+ movb %bh, %al
+ andl $255, %ebx
+ movb %dh, %cl
+ andl $255, %edx
+ movl 72(%ebp,%eax,4),%eax
+ movl 1096(%ebp,%ebx,4),%ebx
+ addl %eax, %ebx
+ movl 2120(%ebp,%ecx,4),%eax
+ xorl %eax, %ebx
+ movl 3144(%ebp,%edx,4),%edx
+ addl %edx, %ebx
+ xorl %eax, %eax
+ xorl %ebx, %esi
+
+
+ movl 48(%ebp), %edx
+ movl %esi, %ebx
+ xorl %edx, %edi
+ shrl $16, %ebx
+ movl %esi, %edx
+ movb %bh, %al
+ andl $255, %ebx
+ movb %dh, %cl
+ andl $255, %edx
+ movl 72(%ebp,%eax,4),%eax
+ movl 1096(%ebp,%ebx,4),%ebx
+ addl %eax, %ebx
+ movl 2120(%ebp,%ecx,4),%eax
+ xorl %eax, %ebx
+ movl 3144(%ebp,%edx,4),%edx
+ addl %edx, %ebx
+ xorl %eax, %eax
+ xorl %ebx, %edi
+
+
+ movl 52(%ebp), %edx
+ movl %edi, %ebx
+ xorl %edx, %esi
+ shrl $16, %ebx
+ movl %edi, %edx
+ movb %bh, %al
+ andl $255, %ebx
+ movb %dh, %cl
+ andl $255, %edx
+ movl 72(%ebp,%eax,4),%eax
+ movl 1096(%ebp,%ebx,4),%ebx
+ addl %eax, %ebx
+ movl 2120(%ebp,%ecx,4),%eax
+ xorl %eax, %ebx
+ movl 3144(%ebp,%edx,4),%edx
+ addl %edx, %ebx
+ xorl %eax, %eax
+ xorl %ebx, %esi
+
+
+ movl 56(%ebp), %edx
+ movl %esi, %ebx
+ xorl %edx, %edi
+ shrl $16, %ebx
+ movl %esi, %edx
+ movb %bh, %al
+ andl $255, %ebx
+ movb %dh, %cl
+ andl $255, %edx
+ movl 72(%ebp,%eax,4),%eax
+ movl 1096(%ebp,%ebx,4),%ebx
+ addl %eax, %ebx
+ movl 2120(%ebp,%ecx,4),%eax
+ xorl %eax, %ebx
+ movl 3144(%ebp,%edx,4),%edx
+ addl %edx, %ebx
+ xorl %eax, %eax
+ xorl %ebx, %edi
+
+
+ movl 60(%ebp), %edx
+ movl %edi, %ebx
+ xorl %edx, %esi
+ shrl $16, %ebx
+ movl %edi, %edx
+ movb %bh, %al
+ andl $255, %ebx
+ movb %dh, %cl
+ andl $255, %edx
+ movl 72(%ebp,%eax,4),%eax
+ movl 1096(%ebp,%ebx,4),%ebx
+ addl %eax, %ebx
+ movl 2120(%ebp,%ecx,4),%eax
+ xorl %eax, %ebx
+ movl 3144(%ebp,%edx,4),%edx
+ addl %edx, %ebx
+ xorl %eax, %eax
+ xorl %ebx, %esi
+
+
+ movl 64(%ebp), %edx
+ movl %esi, %ebx
+ xorl %edx, %edi
+ shrl $16, %ebx
+ movl %esi, %edx
+ movb %bh, %al
+ andl $255, %ebx
+ movb %dh, %cl
+ andl $255, %edx
+ movl 72(%ebp,%eax,4),%eax
+ movl 1096(%ebp,%ebx,4),%ebx
+ addl %eax, %ebx
+ movl 2120(%ebp,%ecx,4),%eax
+ xorl %eax, %ebx
+ movl 3144(%ebp,%edx,4),%edx
+ addl %edx, %ebx
+
+ movl 20(%esp), %eax
+ xorl %ebx, %edi
+ movl 68(%ebp), %edx
+ xorl %edx, %esi
+ movl %edi, 4(%eax)
+ movl %esi, (%eax)
+ popl %edi
+ popl %esi
+ popl %ebx
+ popl %ebp
+ ret
+.L_BF_encrypt_end:
+ .size BF_encrypt,.L_BF_encrypt_end-BF_encrypt
+.ident "BF_encrypt"
+.text
+ .align 16
+.globl BF_decrypt
+ .type BF_decrypt,@function
+BF_decrypt:
+
+ pushl %ebp
+ pushl %ebx
+ movl 12(%esp), %ebx
+ movl 16(%esp), %ebp
+ pushl %esi
+ pushl %edi
+
+ movl (%ebx), %edi
+ movl 4(%ebx), %esi
+ xorl %eax, %eax
+ movl 68(%ebp), %ebx
+ xorl %ecx, %ecx
+ xorl %ebx, %edi
+
+
+ movl 64(%ebp), %edx
+ movl %edi, %ebx
+ xorl %edx, %esi
+ shrl $16, %ebx
+ movl %edi, %edx
+ movb %bh, %al
+ andl $255, %ebx
+ movb %dh, %cl
+ andl $255, %edx
+ movl 72(%ebp,%eax,4),%eax
+ movl 1096(%ebp,%ebx,4),%ebx
+ addl %eax, %ebx
+ movl 2120(%ebp,%ecx,4),%eax
+ xorl %eax, %ebx
+ movl 3144(%ebp,%edx,4),%edx
+ addl %edx, %ebx
+ xorl %eax, %eax
+ xorl %ebx, %esi
+
+
+ movl 60(%ebp), %edx
+ movl %esi, %ebx
+ xorl %edx, %edi
+ shrl $16, %ebx
+ movl %esi, %edx
+ movb %bh, %al
+ andl $255, %ebx
+ movb %dh, %cl
+ andl $255, %edx
+ movl 72(%ebp,%eax,4),%eax
+ movl 1096(%ebp,%ebx,4),%ebx
+ addl %eax, %ebx
+ movl 2120(%ebp,%ecx,4),%eax
+ xorl %eax, %ebx
+ movl 3144(%ebp,%edx,4),%edx
+ addl %edx, %ebx
+ xorl %eax, %eax
+ xorl %ebx, %edi
+
+
+ movl 56(%ebp), %edx
+ movl %edi, %ebx
+ xorl %edx, %esi
+ shrl $16, %ebx
+ movl %edi, %edx
+ movb %bh, %al
+ andl $255, %ebx
+ movb %dh, %cl
+ andl $255, %edx
+ movl 72(%ebp,%eax,4),%eax
+ movl 1096(%ebp,%ebx,4),%ebx
+ addl %eax, %ebx
+ movl 2120(%ebp,%ecx,4),%eax
+ xorl %eax, %ebx
+ movl 3144(%ebp,%edx,4),%edx
+ addl %edx, %ebx
+ xorl %eax, %eax
+ xorl %ebx, %esi
+
+
+ movl 52(%ebp), %edx
+ movl %esi, %ebx
+ xorl %edx, %edi
+ shrl $16, %ebx
+ movl %esi, %edx
+ movb %bh, %al
+ andl $255, %ebx
+ movb %dh, %cl
+ andl $255, %edx
+ movl 72(%ebp,%eax,4),%eax
+ movl 1096(%ebp,%ebx,4),%ebx
+ addl %eax, %ebx
+ movl 2120(%ebp,%ecx,4),%eax
+ xorl %eax, %ebx
+ movl 3144(%ebp,%edx,4),%edx
+ addl %edx, %ebx
+ xorl %eax, %eax
+ xorl %ebx, %edi
+
+
+ movl 48(%ebp), %edx
+ movl %edi, %ebx
+ xorl %edx, %esi
+ shrl $16, %ebx
+ movl %edi, %edx
+ movb %bh, %al
+ andl $255, %ebx
+ movb %dh, %cl
+ andl $255, %edx
+ movl 72(%ebp,%eax,4),%eax
+ movl 1096(%ebp,%ebx,4),%ebx
+ addl %eax, %ebx
+ movl 2120(%ebp,%ecx,4),%eax
+ xorl %eax, %ebx
+ movl 3144(%ebp,%edx,4),%edx
+ addl %edx, %ebx
+ xorl %eax, %eax
+ xorl %ebx, %esi
+
+
+ movl 44(%ebp), %edx
+ movl %esi, %ebx
+ xorl %edx, %edi
+ shrl $16, %ebx
+ movl %esi, %edx
+ movb %bh, %al
+ andl $255, %ebx
+ movb %dh, %cl
+ andl $255, %edx
+ movl 72(%ebp,%eax,4),%eax
+ movl 1096(%ebp,%ebx,4),%ebx
+ addl %eax, %ebx
+ movl 2120(%ebp,%ecx,4),%eax
+ xorl %eax, %ebx
+ movl 3144(%ebp,%edx,4),%edx
+ addl %edx, %ebx
+ xorl %eax, %eax
+ xorl %ebx, %edi
+
+
+ movl 40(%ebp), %edx
+ movl %edi, %ebx
+ xorl %edx, %esi
+ shrl $16, %ebx
+ movl %edi, %edx
+ movb %bh, %al
+ andl $255, %ebx
+ movb %dh, %cl
+ andl $255, %edx
+ movl 72(%ebp,%eax,4),%eax
+ movl 1096(%ebp,%ebx,4),%ebx
+ addl %eax, %ebx
+ movl 2120(%ebp,%ecx,4),%eax
+ xorl %eax, %ebx
+ movl 3144(%ebp,%edx,4),%edx
+ addl %edx, %ebx
+ xorl %eax, %eax
+ xorl %ebx, %esi
+
+
+ movl 36(%ebp), %edx
+ movl %esi, %ebx
+ xorl %edx, %edi
+ shrl $16, %ebx
+ movl %esi, %edx
+ movb %bh, %al
+ andl $255, %ebx
+ movb %dh, %cl
+ andl $255, %edx
+ movl 72(%ebp,%eax,4),%eax
+ movl 1096(%ebp,%ebx,4),%ebx
+ addl %eax, %ebx
+ movl 2120(%ebp,%ecx,4),%eax
+ xorl %eax, %ebx
+ movl 3144(%ebp,%edx,4),%edx
+ addl %edx, %ebx
+ xorl %eax, %eax
+ xorl %ebx, %edi
+
+
+ movl 32(%ebp), %edx
+ movl %edi, %ebx
+ xorl %edx, %esi
+ shrl $16, %ebx
+ movl %edi, %edx
+ movb %bh, %al
+ andl $255, %ebx
+ movb %dh, %cl
+ andl $255, %edx
+ movl 72(%ebp,%eax,4),%eax
+ movl 1096(%ebp,%ebx,4),%ebx
+ addl %eax, %ebx
+ movl 2120(%ebp,%ecx,4),%eax
+ xorl %eax, %ebx
+ movl 3144(%ebp,%edx,4),%edx
+ addl %edx, %ebx
+ xorl %eax, %eax
+ xorl %ebx, %esi
+
+
+ movl 28(%ebp), %edx
+ movl %esi, %ebx
+ xorl %edx, %edi
+ shrl $16, %ebx
+ movl %esi, %edx
+ movb %bh, %al
+ andl $255, %ebx
+ movb %dh, %cl
+ andl $255, %edx
+ movl 72(%ebp,%eax,4),%eax
+ movl 1096(%ebp,%ebx,4),%ebx
+ addl %eax, %ebx
+ movl 2120(%ebp,%ecx,4),%eax
+ xorl %eax, %ebx
+ movl 3144(%ebp,%edx,4),%edx
+ addl %edx, %ebx
+ xorl %eax, %eax
+ xorl %ebx, %edi
+
+
+ movl 24(%ebp), %edx
+ movl %edi, %ebx
+ xorl %edx, %esi
+ shrl $16, %ebx
+ movl %edi, %edx
+ movb %bh, %al
+ andl $255, %ebx
+ movb %dh, %cl
+ andl $255, %edx
+ movl 72(%ebp,%eax,4),%eax
+ movl 1096(%ebp,%ebx,4),%ebx
+ addl %eax, %ebx
+ movl 2120(%ebp,%ecx,4),%eax
+ xorl %eax, %ebx
+ movl 3144(%ebp,%edx,4),%edx
+ addl %edx, %ebx
+ xorl %eax, %eax
+ xorl %ebx, %esi
+
+
+ movl 20(%ebp), %edx
+ movl %esi, %ebx
+ xorl %edx, %edi
+ shrl $16, %ebx
+ movl %esi, %edx
+ movb %bh, %al
+ andl $255, %ebx
+ movb %dh, %cl
+ andl $255, %edx
+ movl 72(%ebp,%eax,4),%eax
+ movl 1096(%ebp,%ebx,4),%ebx
+ addl %eax, %ebx
+ movl 2120(%ebp,%ecx,4),%eax
+ xorl %eax, %ebx
+ movl 3144(%ebp,%edx,4),%edx
+ addl %edx, %ebx
+ xorl %eax, %eax
+ xorl %ebx, %edi
+
+
+ movl 16(%ebp), %edx
+ movl %edi, %ebx
+ xorl %edx, %esi
+ shrl $16, %ebx
+ movl %edi, %edx
+ movb %bh, %al
+ andl $255, %ebx
+ movb %dh, %cl
+ andl $255, %edx
+ movl 72(%ebp,%eax,4),%eax
+ movl 1096(%ebp,%ebx,4),%ebx
+ addl %eax, %ebx
+ movl 2120(%ebp,%ecx,4),%eax
+ xorl %eax, %ebx
+ movl 3144(%ebp,%edx,4),%edx
+ addl %edx, %ebx
+ xorl %eax, %eax
+ xorl %ebx, %esi
+
+
+ movl 12(%ebp), %edx
+ movl %esi, %ebx
+ xorl %edx, %edi
+ shrl $16, %ebx
+ movl %esi, %edx
+ movb %bh, %al
+ andl $255, %ebx
+ movb %dh, %cl
+ andl $255, %edx
+ movl 72(%ebp,%eax,4),%eax
+ movl 1096(%ebp,%ebx,4),%ebx
+ addl %eax, %ebx
+ movl 2120(%ebp,%ecx,4),%eax
+ xorl %eax, %ebx
+ movl 3144(%ebp,%edx,4),%edx
+ addl %edx, %ebx
+ xorl %eax, %eax
+ xorl %ebx, %edi
+
+
+ movl 8(%ebp), %edx
+ movl %edi, %ebx
+ xorl %edx, %esi
+ shrl $16, %ebx
+ movl %edi, %edx
+ movb %bh, %al
+ andl $255, %ebx
+ movb %dh, %cl
+ andl $255, %edx
+ movl 72(%ebp,%eax,4),%eax
+ movl 1096(%ebp,%ebx,4),%ebx
+ addl %eax, %ebx
+ movl 2120(%ebp,%ecx,4),%eax
+ xorl %eax, %ebx
+ movl 3144(%ebp,%edx,4),%edx
+ addl %edx, %ebx
+ xorl %eax, %eax
+ xorl %ebx, %esi
+
+
+ movl 4(%ebp), %edx
+ movl %esi, %ebx
+ xorl %edx, %edi
+ shrl $16, %ebx
+ movl %esi, %edx
+ movb %bh, %al
+ andl $255, %ebx
+ movb %dh, %cl
+ andl $255, %edx
+ movl 72(%ebp,%eax,4),%eax
+ movl 1096(%ebp,%ebx,4),%ebx
+ addl %eax, %ebx
+ movl 2120(%ebp,%ecx,4),%eax
+ xorl %eax, %ebx
+ movl 3144(%ebp,%edx,4),%edx
+ addl %edx, %ebx
+
+ movl 20(%esp), %eax
+ xorl %ebx, %edi
+ movl (%ebp), %edx
+ xorl %edx, %esi
+ movl %edi, 4(%eax)
+ movl %esi, (%eax)
+ popl %edi
+ popl %esi
+ popl %ebx
+ popl %ebp
+ ret
+.L_BF_decrypt_end:
+ .size BF_decrypt,.L_BF_decrypt_end-BF_decrypt
+.ident "BF_decrypt"
+.text
+ .align 16
+.globl BF_cbc_encrypt
+ .type BF_cbc_encrypt,@function
+BF_cbc_encrypt:
+
+ pushl %ebp
+ pushl %ebx
+ pushl %esi
+ pushl %edi
+ movl 28(%esp), %ebp
+
+ movl 36(%esp), %ebx
+ movl (%ebx), %esi
+ movl 4(%ebx), %edi
+ pushl %edi
+ pushl %esi
+ pushl %edi
+ pushl %esi
+ movl %esp, %ebx
+ movl 36(%esp), %esi
+ movl 40(%esp), %edi
+
+ movl 56(%esp), %ecx
+
+ movl 48(%esp), %eax
+ pushl %eax
+ pushl %ebx
+ cmpl $0, %ecx
+ jz .L000decrypt
+ andl $4294967288, %ebp
+ movl 8(%esp), %eax
+ movl 12(%esp), %ebx
+ jz .L001encrypt_finish
+.L002encrypt_loop:
+ movl (%esi), %ecx
+ movl 4(%esi), %edx
+ xorl %ecx, %eax
+ xorl %edx, %ebx
+.byte 15
+.byte 200
+.byte 15
+.byte 203
+ movl %eax, 8(%esp)
+ movl %ebx, 12(%esp)
+ call BF_encrypt
+ movl 8(%esp), %eax
+ movl 12(%esp), %ebx
+.byte 15
+.byte 200
+.byte 15
+.byte 203
+ movl %eax, (%edi)
+ movl %ebx, 4(%edi)
+ addl $8, %esi
+ addl $8, %edi
+ subl $8, %ebp
+ jnz .L002encrypt_loop
+.L001encrypt_finish:
+ movl 52(%esp), %ebp
+ andl $7, %ebp
+ jz .L003finish
+ call .L004PIC_point
+.L004PIC_point:
+ popl %edx
+ leal .L005cbc_enc_jmp_table-.L004PIC_point(%edx),%ecx
+ movl (%ecx,%ebp,4), %ebp
+ addl %edx, %ebp
+ xorl %ecx, %ecx
+ xorl %edx, %edx
+ jmp *%ebp
+.L006ej7:
+ movb 6(%esi), %dh
+ sall $8, %edx
+.L007ej6:
+ movb 5(%esi), %dh
+.L008ej5:
+ movb 4(%esi), %dl
+.L009ej4:
+ movl (%esi), %ecx
+ jmp .L010ejend
+.L011ej3:
+ movb 2(%esi), %ch
+ sall $8, %ecx
+.L012ej2:
+ movb 1(%esi), %ch
+.L013ej1:
+ movb (%esi), %cl
+.L010ejend:
+ xorl %ecx, %eax
+ xorl %edx, %ebx
+.byte 15
+.byte 200
+.byte 15
+.byte 203
+ movl %eax, 8(%esp)
+ movl %ebx, 12(%esp)
+ call BF_encrypt
+ movl 8(%esp), %eax
+ movl 12(%esp), %ebx
+.byte 15
+.byte 200
+.byte 15
+.byte 203
+ movl %eax, (%edi)
+ movl %ebx, 4(%edi)
+ jmp .L003finish
+.align 16
+.L000decrypt:
+ andl $4294967288, %ebp
+ movl 16(%esp), %eax
+ movl 20(%esp), %ebx
+ jz .L014decrypt_finish
+.L015decrypt_loop:
+ movl (%esi), %eax
+ movl 4(%esi), %ebx
+.byte 15
+.byte 200
+.byte 15
+.byte 203
+ movl %eax, 8(%esp)
+ movl %ebx, 12(%esp)
+ call BF_decrypt
+ movl 8(%esp), %eax
+ movl 12(%esp), %ebx
+.byte 15
+.byte 200
+.byte 15
+.byte 203
+ movl 16(%esp), %ecx
+ movl 20(%esp), %edx
+ xorl %eax, %ecx
+ xorl %ebx, %edx
+ movl (%esi), %eax
+ movl 4(%esi), %ebx
+ movl %ecx, (%edi)
+ movl %edx, 4(%edi)
+ movl %eax, 16(%esp)
+ movl %ebx, 20(%esp)
+ addl $8, %esi
+ addl $8, %edi
+ subl $8, %ebp
+ jnz .L015decrypt_loop
+.L014decrypt_finish:
+ movl 52(%esp), %ebp
+ andl $7, %ebp
+ jz .L003finish
+ movl (%esi), %eax
+ movl 4(%esi), %ebx
+.byte 15
+.byte 200
+.byte 15
+.byte 203
+ movl %eax, 8(%esp)
+ movl %ebx, 12(%esp)
+ call BF_decrypt
+ movl 8(%esp), %eax
+ movl 12(%esp), %ebx
+.byte 15
+.byte 200
+.byte 15
+.byte 203
+ movl 16(%esp), %ecx
+ movl 20(%esp), %edx
+ xorl %eax, %ecx
+ xorl %ebx, %edx
+ movl (%esi), %eax
+ movl 4(%esi), %ebx
+.L016dj7:
+ rorl $16, %edx
+ movb %dl, 6(%edi)
+ shrl $16, %edx
+.L017dj6:
+ movb %dh, 5(%edi)
+.L018dj5:
+ movb %dl, 4(%edi)
+.L019dj4:
+ movl %ecx, (%edi)
+ jmp .L020djend
+.L021dj3:
+ rorl $16, %ecx
+ movb %cl, 2(%edi)
+ sall $16, %ecx
+.L022dj2:
+ movb %ch, 1(%esi)
+.L023dj1:
+ movb %cl, (%esi)
+.L020djend:
+ jmp .L003finish
+.align 16
+.L003finish:
+ movl 60(%esp), %ecx
+ addl $24, %esp
+ movl %eax, (%ecx)
+ movl %ebx, 4(%ecx)
+ popl %edi
+ popl %esi
+ popl %ebx
+ popl %ebp
+ ret
+.align 16
+.L005cbc_enc_jmp_table:
+ .long 0
+ .long .L013ej1-.L004PIC_point
+ .long .L012ej2-.L004PIC_point
+ .long .L011ej3-.L004PIC_point
+ .long .L009ej4-.L004PIC_point
+ .long .L008ej5-.L004PIC_point
+ .long .L007ej6-.L004PIC_point
+ .long .L006ej7-.L004PIC_point
+.L_BF_cbc_encrypt_end:
+ .size BF_cbc_encrypt,.L_BF_cbc_encrypt_end-BF_cbc_encrypt
+.ident "desasm.pl"
diff --git a/secure/lib/libcrypto/i386/bf-686.s b/secure/lib/libcrypto/i386/bf-686.s
new file mode 100644
index 0000000..d3b4cb8
--- /dev/null
+++ b/secure/lib/libcrypto/i386/bf-686.s
@@ -0,0 +1,897 @@
+ # $FreeBSD$
+
+
+
+
+
+
+ .file "bf-686.s"
+ .version "01.01"
+gcc2_compiled.:
+.text
+ .align 16
+.globl BF_encrypt
+ .type BF_encrypt,@function
+BF_encrypt:
+ pushl %ebp
+ pushl %ebx
+ pushl %esi
+ pushl %edi
+
+
+
+ movl 20(%esp), %eax
+ movl (%eax), %ecx
+ movl 4(%eax), %edx
+
+
+ movl 24(%esp), %edi
+ xorl %eax, %eax
+ xorl %ebx, %ebx
+ xorl (%edi), %ecx
+
+
+ rorl $16, %ecx
+ movl 4(%edi), %esi
+ movb %ch, %al
+ movb %cl, %bl
+ rorl $16, %ecx
+ xorl %esi, %edx
+ movl 72(%edi,%eax,4),%esi
+ movl 1096(%edi,%ebx,4),%ebp
+ movb %ch, %al
+ movb %cl, %bl
+ addl %ebp, %esi
+ movl 2120(%edi,%eax,4),%eax
+ xorl %eax, %esi
+ movl 3144(%edi,%ebx,4),%ebp
+ addl %ebp, %esi
+ xorl %eax, %eax
+ xorl %esi, %edx
+
+
+ rorl $16, %edx
+ movl 8(%edi), %esi
+ movb %dh, %al
+ movb %dl, %bl
+ rorl $16, %edx
+ xorl %esi, %ecx
+ movl 72(%edi,%eax,4),%esi
+ movl 1096(%edi,%ebx,4),%ebp
+ movb %dh, %al
+ movb %dl, %bl
+ addl %ebp, %esi
+ movl 2120(%edi,%eax,4),%eax
+ xorl %eax, %esi
+ movl 3144(%edi,%ebx,4),%ebp
+ addl %ebp, %esi
+ xorl %eax, %eax
+ xorl %esi, %ecx
+
+
+ rorl $16, %ecx
+ movl 12(%edi), %esi
+ movb %ch, %al
+ movb %cl, %bl
+ rorl $16, %ecx
+ xorl %esi, %edx
+ movl 72(%edi,%eax,4),%esi
+ movl 1096(%edi,%ebx,4),%ebp
+ movb %ch, %al
+ movb %cl, %bl
+ addl %ebp, %esi
+ movl 2120(%edi,%eax,4),%eax
+ xorl %eax, %esi
+ movl 3144(%edi,%ebx,4),%ebp
+ addl %ebp, %esi
+ xorl %eax, %eax
+ xorl %esi, %edx
+
+
+ rorl $16, %edx
+ movl 16(%edi), %esi
+ movb %dh, %al
+ movb %dl, %bl
+ rorl $16, %edx
+ xorl %esi, %ecx
+ movl 72(%edi,%eax,4),%esi
+ movl 1096(%edi,%ebx,4),%ebp
+ movb %dh, %al
+ movb %dl, %bl
+ addl %ebp, %esi
+ movl 2120(%edi,%eax,4),%eax
+ xorl %eax, %esi
+ movl 3144(%edi,%ebx,4),%ebp
+ addl %ebp, %esi
+ xorl %eax, %eax
+ xorl %esi, %ecx
+
+
+ rorl $16, %ecx
+ movl 20(%edi), %esi
+ movb %ch, %al
+ movb %cl, %bl
+ rorl $16, %ecx
+ xorl %esi, %edx
+ movl 72(%edi,%eax,4),%esi
+ movl 1096(%edi,%ebx,4),%ebp
+ movb %ch, %al
+ movb %cl, %bl
+ addl %ebp, %esi
+ movl 2120(%edi,%eax,4),%eax
+ xorl %eax, %esi
+ movl 3144(%edi,%ebx,4),%ebp
+ addl %ebp, %esi
+ xorl %eax, %eax
+ xorl %esi, %edx
+
+
+ rorl $16, %edx
+ movl 24(%edi), %esi
+ movb %dh, %al
+ movb %dl, %bl
+ rorl $16, %edx
+ xorl %esi, %ecx
+ movl 72(%edi,%eax,4),%esi
+ movl 1096(%edi,%ebx,4),%ebp
+ movb %dh, %al
+ movb %dl, %bl
+ addl %ebp, %esi
+ movl 2120(%edi,%eax,4),%eax
+ xorl %eax, %esi
+ movl 3144(%edi,%ebx,4),%ebp
+ addl %ebp, %esi
+ xorl %eax, %eax
+ xorl %esi, %ecx
+
+
+ rorl $16, %ecx
+ movl 28(%edi), %esi
+ movb %ch, %al
+ movb %cl, %bl
+ rorl $16, %ecx
+ xorl %esi, %edx
+ movl 72(%edi,%eax,4),%esi
+ movl 1096(%edi,%ebx,4),%ebp
+ movb %ch, %al
+ movb %cl, %bl
+ addl %ebp, %esi
+ movl 2120(%edi,%eax,4),%eax
+ xorl %eax, %esi
+ movl 3144(%edi,%ebx,4),%ebp
+ addl %ebp, %esi
+ xorl %eax, %eax
+ xorl %esi, %edx
+
+
+ rorl $16, %edx
+ movl 32(%edi), %esi
+ movb %dh, %al
+ movb %dl, %bl
+ rorl $16, %edx
+ xorl %esi, %ecx
+ movl 72(%edi,%eax,4),%esi
+ movl 1096(%edi,%ebx,4),%ebp
+ movb %dh, %al
+ movb %dl, %bl
+ addl %ebp, %esi
+ movl 2120(%edi,%eax,4),%eax
+ xorl %eax, %esi
+ movl 3144(%edi,%ebx,4),%ebp
+ addl %ebp, %esi
+ xorl %eax, %eax
+ xorl %esi, %ecx
+
+
+ rorl $16, %ecx
+ movl 36(%edi), %esi
+ movb %ch, %al
+ movb %cl, %bl
+ rorl $16, %ecx
+ xorl %esi, %edx
+ movl 72(%edi,%eax,4),%esi
+ movl 1096(%edi,%ebx,4),%ebp
+ movb %ch, %al
+ movb %cl, %bl
+ addl %ebp, %esi
+ movl 2120(%edi,%eax,4),%eax
+ xorl %eax, %esi
+ movl 3144(%edi,%ebx,4),%ebp
+ addl %ebp, %esi
+ xorl %eax, %eax
+ xorl %esi, %edx
+
+
+ rorl $16, %edx
+ movl 40(%edi), %esi
+ movb %dh, %al
+ movb %dl, %bl
+ rorl $16, %edx
+ xorl %esi, %ecx
+ movl 72(%edi,%eax,4),%esi
+ movl 1096(%edi,%ebx,4),%ebp
+ movb %dh, %al
+ movb %dl, %bl
+ addl %ebp, %esi
+ movl 2120(%edi,%eax,4),%eax
+ xorl %eax, %esi
+ movl 3144(%edi,%ebx,4),%ebp
+ addl %ebp, %esi
+ xorl %eax, %eax
+ xorl %esi, %ecx
+
+
+ rorl $16, %ecx
+ movl 44(%edi), %esi
+ movb %ch, %al
+ movb %cl, %bl
+ rorl $16, %ecx
+ xorl %esi, %edx
+ movl 72(%edi,%eax,4),%esi
+ movl 1096(%edi,%ebx,4),%ebp
+ movb %ch, %al
+ movb %cl, %bl
+ addl %ebp, %esi
+ movl 2120(%edi,%eax,4),%eax
+ xorl %eax, %esi
+ movl 3144(%edi,%ebx,4),%ebp
+ addl %ebp, %esi
+ xorl %eax, %eax
+ xorl %esi, %edx
+
+
+ rorl $16, %edx
+ movl 48(%edi), %esi
+ movb %dh, %al
+ movb %dl, %bl
+ rorl $16, %edx
+ xorl %esi, %ecx
+ movl 72(%edi,%eax,4),%esi
+ movl 1096(%edi,%ebx,4),%ebp
+ movb %dh, %al
+ movb %dl, %bl
+ addl %ebp, %esi
+ movl 2120(%edi,%eax,4),%eax
+ xorl %eax, %esi
+ movl 3144(%edi,%ebx,4),%ebp
+ addl %ebp, %esi
+ xorl %eax, %eax
+ xorl %esi, %ecx
+
+
+ rorl $16, %ecx
+ movl 52(%edi), %esi
+ movb %ch, %al
+ movb %cl, %bl
+ rorl $16, %ecx
+ xorl %esi, %edx
+ movl 72(%edi,%eax,4),%esi
+ movl 1096(%edi,%ebx,4),%ebp
+ movb %ch, %al
+ movb %cl, %bl
+ addl %ebp, %esi
+ movl 2120(%edi,%eax,4),%eax
+ xorl %eax, %esi
+ movl 3144(%edi,%ebx,4),%ebp
+ addl %ebp, %esi
+ xorl %eax, %eax
+ xorl %esi, %edx
+
+
+ rorl $16, %edx
+ movl 56(%edi), %esi
+ movb %dh, %al
+ movb %dl, %bl
+ rorl $16, %edx
+ xorl %esi, %ecx
+ movl 72(%edi,%eax,4),%esi
+ movl 1096(%edi,%ebx,4),%ebp
+ movb %dh, %al
+ movb %dl, %bl
+ addl %ebp, %esi
+ movl 2120(%edi,%eax,4),%eax
+ xorl %eax, %esi
+ movl 3144(%edi,%ebx,4),%ebp
+ addl %ebp, %esi
+ xorl %eax, %eax
+ xorl %esi, %ecx
+
+
+ rorl $16, %ecx
+ movl 60(%edi), %esi
+ movb %ch, %al
+ movb %cl, %bl
+ rorl $16, %ecx
+ xorl %esi, %edx
+ movl 72(%edi,%eax,4),%esi
+ movl 1096(%edi,%ebx,4),%ebp
+ movb %ch, %al
+ movb %cl, %bl
+ addl %ebp, %esi
+ movl 2120(%edi,%eax,4),%eax
+ xorl %eax, %esi
+ movl 3144(%edi,%ebx,4),%ebp
+ addl %ebp, %esi
+ xorl %eax, %eax
+ xorl %esi, %edx
+
+
+ rorl $16, %edx
+ movl 64(%edi), %esi
+ movb %dh, %al
+ movb %dl, %bl
+ rorl $16, %edx
+ xorl %esi, %ecx
+ movl 72(%edi,%eax,4),%esi
+ movl 1096(%edi,%ebx,4),%ebp
+ movb %dh, %al
+ movb %dl, %bl
+ addl %ebp, %esi
+ movl 2120(%edi,%eax,4),%eax
+ xorl %eax, %esi
+ movl 3144(%edi,%ebx,4),%ebp
+ addl %ebp, %esi
+ xorl %eax, %eax
+ xorl %esi, %ecx
+ xorl 68(%edi), %edx
+ movl 20(%esp), %eax
+ movl %edx, (%eax)
+ movl %ecx, 4(%eax)
+ popl %edi
+ popl %esi
+ popl %ebx
+ popl %ebp
+ ret
+.L_BF_encrypt_end:
+ .size BF_encrypt,.L_BF_encrypt_end-BF_encrypt
+.ident "desasm.pl"
+.text
+ .align 16
+.globl BF_decrypt
+ .type BF_decrypt,@function
+BF_decrypt:
+ pushl %ebp
+ pushl %ebx
+ pushl %esi
+ pushl %edi
+
+
+
+ movl 20(%esp), %eax
+ movl (%eax), %ecx
+ movl 4(%eax), %edx
+
+
+ movl 24(%esp), %edi
+ xorl %eax, %eax
+ xorl %ebx, %ebx
+ xorl 68(%edi), %ecx
+
+
+ rorl $16, %ecx
+ movl 64(%edi), %esi
+ movb %ch, %al
+ movb %cl, %bl
+ rorl $16, %ecx
+ xorl %esi, %edx
+ movl 72(%edi,%eax,4),%esi
+ movl 1096(%edi,%ebx,4),%ebp
+ movb %ch, %al
+ movb %cl, %bl
+ addl %ebp, %esi
+ movl 2120(%edi,%eax,4),%eax
+ xorl %eax, %esi
+ movl 3144(%edi,%ebx,4),%ebp
+ addl %ebp, %esi
+ xorl %eax, %eax
+ xorl %esi, %edx
+
+
+ rorl $16, %edx
+ movl 60(%edi), %esi
+ movb %dh, %al
+ movb %dl, %bl
+ rorl $16, %edx
+ xorl %esi, %ecx
+ movl 72(%edi,%eax,4),%esi
+ movl 1096(%edi,%ebx,4),%ebp
+ movb %dh, %al
+ movb %dl, %bl
+ addl %ebp, %esi
+ movl 2120(%edi,%eax,4),%eax
+ xorl %eax, %esi
+ movl 3144(%edi,%ebx,4),%ebp
+ addl %ebp, %esi
+ xorl %eax, %eax
+ xorl %esi, %ecx
+
+
+ rorl $16, %ecx
+ movl 56(%edi), %esi
+ movb %ch, %al
+ movb %cl, %bl
+ rorl $16, %ecx
+ xorl %esi, %edx
+ movl 72(%edi,%eax,4),%esi
+ movl 1096(%edi,%ebx,4),%ebp
+ movb %ch, %al
+ movb %cl, %bl
+ addl %ebp, %esi
+ movl 2120(%edi,%eax,4),%eax
+ xorl %eax, %esi
+ movl 3144(%edi,%ebx,4),%ebp
+ addl %ebp, %esi
+ xorl %eax, %eax
+ xorl %esi, %edx
+
+
+ rorl $16, %edx
+ movl 52(%edi), %esi
+ movb %dh, %al
+ movb %dl, %bl
+ rorl $16, %edx
+ xorl %esi, %ecx
+ movl 72(%edi,%eax,4),%esi
+ movl 1096(%edi,%ebx,4),%ebp
+ movb %dh, %al
+ movb %dl, %bl
+ addl %ebp, %esi
+ movl 2120(%edi,%eax,4),%eax
+ xorl %eax, %esi
+ movl 3144(%edi,%ebx,4),%ebp
+ addl %ebp, %esi
+ xorl %eax, %eax
+ xorl %esi, %ecx
+
+
+ rorl $16, %ecx
+ movl 48(%edi), %esi
+ movb %ch, %al
+ movb %cl, %bl
+ rorl $16, %ecx
+ xorl %esi, %edx
+ movl 72(%edi,%eax,4),%esi
+ movl 1096(%edi,%ebx,4),%ebp
+ movb %ch, %al
+ movb %cl, %bl
+ addl %ebp, %esi
+ movl 2120(%edi,%eax,4),%eax
+ xorl %eax, %esi
+ movl 3144(%edi,%ebx,4),%ebp
+ addl %ebp, %esi
+ xorl %eax, %eax
+ xorl %esi, %edx
+
+
+ rorl $16, %edx
+ movl 44(%edi), %esi
+ movb %dh, %al
+ movb %dl, %bl
+ rorl $16, %edx
+ xorl %esi, %ecx
+ movl 72(%edi,%eax,4),%esi
+ movl 1096(%edi,%ebx,4),%ebp
+ movb %dh, %al
+ movb %dl, %bl
+ addl %ebp, %esi
+ movl 2120(%edi,%eax,4),%eax
+ xorl %eax, %esi
+ movl 3144(%edi,%ebx,4),%ebp
+ addl %ebp, %esi
+ xorl %eax, %eax
+ xorl %esi, %ecx
+
+
+ rorl $16, %ecx
+ movl 40(%edi), %esi
+ movb %ch, %al
+ movb %cl, %bl
+ rorl $16, %ecx
+ xorl %esi, %edx
+ movl 72(%edi,%eax,4),%esi
+ movl 1096(%edi,%ebx,4),%ebp
+ movb %ch, %al
+ movb %cl, %bl
+ addl %ebp, %esi
+ movl 2120(%edi,%eax,4),%eax
+ xorl %eax, %esi
+ movl 3144(%edi,%ebx,4),%ebp
+ addl %ebp, %esi
+ xorl %eax, %eax
+ xorl %esi, %edx
+
+
+ rorl $16, %edx
+ movl 36(%edi), %esi
+ movb %dh, %al
+ movb %dl, %bl
+ rorl $16, %edx
+ xorl %esi, %ecx
+ movl 72(%edi,%eax,4),%esi
+ movl 1096(%edi,%ebx,4),%ebp
+ movb %dh, %al
+ movb %dl, %bl
+ addl %ebp, %esi
+ movl 2120(%edi,%eax,4),%eax
+ xorl %eax, %esi
+ movl 3144(%edi,%ebx,4),%ebp
+ addl %ebp, %esi
+ xorl %eax, %eax
+ xorl %esi, %ecx
+
+
+ rorl $16, %ecx
+ movl 32(%edi), %esi
+ movb %ch, %al
+ movb %cl, %bl
+ rorl $16, %ecx
+ xorl %esi, %edx
+ movl 72(%edi,%eax,4),%esi
+ movl 1096(%edi,%ebx,4),%ebp
+ movb %ch, %al
+ movb %cl, %bl
+ addl %ebp, %esi
+ movl 2120(%edi,%eax,4),%eax
+ xorl %eax, %esi
+ movl 3144(%edi,%ebx,4),%ebp
+ addl %ebp, %esi
+ xorl %eax, %eax
+ xorl %esi, %edx
+
+
+ rorl $16, %edx
+ movl 28(%edi), %esi
+ movb %dh, %al
+ movb %dl, %bl
+ rorl $16, %edx
+ xorl %esi, %ecx
+ movl 72(%edi,%eax,4),%esi
+ movl 1096(%edi,%ebx,4),%ebp
+ movb %dh, %al
+ movb %dl, %bl
+ addl %ebp, %esi
+ movl 2120(%edi,%eax,4),%eax
+ xorl %eax, %esi
+ movl 3144(%edi,%ebx,4),%ebp
+ addl %ebp, %esi
+ xorl %eax, %eax
+ xorl %esi, %ecx
+
+
+ rorl $16, %ecx
+ movl 24(%edi), %esi
+ movb %ch, %al
+ movb %cl, %bl
+ rorl $16, %ecx
+ xorl %esi, %edx
+ movl 72(%edi,%eax,4),%esi
+ movl 1096(%edi,%ebx,4),%ebp
+ movb %ch, %al
+ movb %cl, %bl
+ addl %ebp, %esi
+ movl 2120(%edi,%eax,4),%eax
+ xorl %eax, %esi
+ movl 3144(%edi,%ebx,4),%ebp
+ addl %ebp, %esi
+ xorl %eax, %eax
+ xorl %esi, %edx
+
+
+ rorl $16, %edx
+ movl 20(%edi), %esi
+ movb %dh, %al
+ movb %dl, %bl
+ rorl $16, %edx
+ xorl %esi, %ecx
+ movl 72(%edi,%eax,4),%esi
+ movl 1096(%edi,%ebx,4),%ebp
+ movb %dh, %al
+ movb %dl, %bl
+ addl %ebp, %esi
+ movl 2120(%edi,%eax,4),%eax
+ xorl %eax, %esi
+ movl 3144(%edi,%ebx,4),%ebp
+ addl %ebp, %esi
+ xorl %eax, %eax
+ xorl %esi, %ecx
+
+
+ rorl $16, %ecx
+ movl 16(%edi), %esi
+ movb %ch, %al
+ movb %cl, %bl
+ rorl $16, %ecx
+ xorl %esi, %edx
+ movl 72(%edi,%eax,4),%esi
+ movl 1096(%edi,%ebx,4),%ebp
+ movb %ch, %al
+ movb %cl, %bl
+ addl %ebp, %esi
+ movl 2120(%edi,%eax,4),%eax
+ xorl %eax, %esi
+ movl 3144(%edi,%ebx,4),%ebp
+ addl %ebp, %esi
+ xorl %eax, %eax
+ xorl %esi, %edx
+
+
+ rorl $16, %edx
+ movl 12(%edi), %esi
+ movb %dh, %al
+ movb %dl, %bl
+ rorl $16, %edx
+ xorl %esi, %ecx
+ movl 72(%edi,%eax,4),%esi
+ movl 1096(%edi,%ebx,4),%ebp
+ movb %dh, %al
+ movb %dl, %bl
+ addl %ebp, %esi
+ movl 2120(%edi,%eax,4),%eax
+ xorl %eax, %esi
+ movl 3144(%edi,%ebx,4),%ebp
+ addl %ebp, %esi
+ xorl %eax, %eax
+ xorl %esi, %ecx
+
+
+ rorl $16, %ecx
+ movl 8(%edi), %esi
+ movb %ch, %al
+ movb %cl, %bl
+ rorl $16, %ecx
+ xorl %esi, %edx
+ movl 72(%edi,%eax,4),%esi
+ movl 1096(%edi,%ebx,4),%ebp
+ movb %ch, %al
+ movb %cl, %bl
+ addl %ebp, %esi
+ movl 2120(%edi,%eax,4),%eax
+ xorl %eax, %esi
+ movl 3144(%edi,%ebx,4),%ebp
+ addl %ebp, %esi
+ xorl %eax, %eax
+ xorl %esi, %edx
+
+
+ rorl $16, %edx
+ movl 4(%edi), %esi
+ movb %dh, %al
+ movb %dl, %bl
+ rorl $16, %edx
+ xorl %esi, %ecx
+ movl 72(%edi,%eax,4),%esi
+ movl 1096(%edi,%ebx,4),%ebp
+ movb %dh, %al
+ movb %dl, %bl
+ addl %ebp, %esi
+ movl 2120(%edi,%eax,4),%eax
+ xorl %eax, %esi
+ movl 3144(%edi,%ebx,4),%ebp
+ addl %ebp, %esi
+ xorl %eax, %eax
+ xorl %esi, %ecx
+ xorl (%edi), %edx
+ movl 20(%esp), %eax
+ movl %edx, (%eax)
+ movl %ecx, 4(%eax)
+ popl %edi
+ popl %esi
+ popl %ebx
+ popl %ebp
+ ret
+.L_BF_decrypt_end:
+ .size BF_decrypt,.L_BF_decrypt_end-BF_decrypt
+.ident "desasm.pl"
+.text
+ .align 16
+.globl BF_cbc_encrypt
+ .type BF_cbc_encrypt,@function
+BF_cbc_encrypt:
+
+ pushl %ebp
+ pushl %ebx
+ pushl %esi
+ pushl %edi
+ movl 28(%esp), %ebp
+
+ movl 36(%esp), %ebx
+ movl (%ebx), %esi
+ movl 4(%ebx), %edi
+ pushl %edi
+ pushl %esi
+ pushl %edi
+ pushl %esi
+ movl %esp, %ebx
+ movl 36(%esp), %esi
+ movl 40(%esp), %edi
+
+ movl 56(%esp), %ecx
+
+ movl 48(%esp), %eax
+ pushl %eax
+ pushl %ebx
+ cmpl $0, %ecx
+ jz .L000decrypt
+ andl $4294967288, %ebp
+ movl 8(%esp), %eax
+ movl 12(%esp), %ebx
+ jz .L001encrypt_finish
+.L002encrypt_loop:
+ movl (%esi), %ecx
+ movl 4(%esi), %edx
+ xorl %ecx, %eax
+ xorl %edx, %ebx
+.byte 15
+.byte 200
+.byte 15
+.byte 203
+ movl %eax, 8(%esp)
+ movl %ebx, 12(%esp)
+ call BF_encrypt
+ movl 8(%esp), %eax
+ movl 12(%esp), %ebx
+.byte 15
+.byte 200
+.byte 15
+.byte 203
+ movl %eax, (%edi)
+ movl %ebx, 4(%edi)
+ addl $8, %esi
+ addl $8, %edi
+ subl $8, %ebp
+ jnz .L002encrypt_loop
+.L001encrypt_finish:
+ movl 52(%esp), %ebp
+ andl $7, %ebp
+ jz .L003finish
+ call .L004PIC_point
+.L004PIC_point:
+ popl %edx
+ leal .L005cbc_enc_jmp_table-.L004PIC_point(%edx),%ecx
+ movl (%ecx,%ebp,4), %ebp
+ addl %edx, %ebp
+ xorl %ecx, %ecx
+ xorl %edx, %edx
+ jmp *%ebp
+.L006ej7:
+ movb 6(%esi), %dh
+ sall $8, %edx
+.L007ej6:
+ movb 5(%esi), %dh
+.L008ej5:
+ movb 4(%esi), %dl
+.L009ej4:
+ movl (%esi), %ecx
+ jmp .L010ejend
+.L011ej3:
+ movb 2(%esi), %ch
+ sall $8, %ecx
+.L012ej2:
+ movb 1(%esi), %ch
+.L013ej1:
+ movb (%esi), %cl
+.L010ejend:
+ xorl %ecx, %eax
+ xorl %edx, %ebx
+.byte 15
+.byte 200
+.byte 15
+.byte 203
+ movl %eax, 8(%esp)
+ movl %ebx, 12(%esp)
+ call BF_encrypt
+ movl 8(%esp), %eax
+ movl 12(%esp), %ebx
+.byte 15
+.byte 200
+.byte 15
+.byte 203
+ movl %eax, (%edi)
+ movl %ebx, 4(%edi)
+ jmp .L003finish
+.align 16
+.L000decrypt:
+ andl $4294967288, %ebp
+ movl 16(%esp), %eax
+ movl 20(%esp), %ebx
+ jz .L014decrypt_finish
+.L015decrypt_loop:
+ movl (%esi), %eax
+ movl 4(%esi), %ebx
+.byte 15
+.byte 200
+.byte 15
+.byte 203
+ movl %eax, 8(%esp)
+ movl %ebx, 12(%esp)
+ call BF_decrypt
+ movl 8(%esp), %eax
+ movl 12(%esp), %ebx
+.byte 15
+.byte 200
+.byte 15
+.byte 203
+ movl 16(%esp), %ecx
+ movl 20(%esp), %edx
+ xorl %eax, %ecx
+ xorl %ebx, %edx
+ movl (%esi), %eax
+ movl 4(%esi), %ebx
+ movl %ecx, (%edi)
+ movl %edx, 4(%edi)
+ movl %eax, 16(%esp)
+ movl %ebx, 20(%esp)
+ addl $8, %esi
+ addl $8, %edi
+ subl $8, %ebp
+ jnz .L015decrypt_loop
+.L014decrypt_finish:
+ movl 52(%esp), %ebp
+ andl $7, %ebp
+ jz .L003finish
+ movl (%esi), %eax
+ movl 4(%esi), %ebx
+.byte 15
+.byte 200
+.byte 15
+.byte 203
+ movl %eax, 8(%esp)
+ movl %ebx, 12(%esp)
+ call BF_decrypt
+ movl 8(%esp), %eax
+ movl 12(%esp), %ebx
+.byte 15
+.byte 200
+.byte 15
+.byte 203
+ movl 16(%esp), %ecx
+ movl 20(%esp), %edx
+ xorl %eax, %ecx
+ xorl %ebx, %edx
+ movl (%esi), %eax
+ movl 4(%esi), %ebx
+.L016dj7:
+ rorl $16, %edx
+ movb %dl, 6(%edi)
+ shrl $16, %edx
+.L017dj6:
+ movb %dh, 5(%edi)
+.L018dj5:
+ movb %dl, 4(%edi)
+.L019dj4:
+ movl %ecx, (%edi)
+ jmp .L020djend
+.L021dj3:
+ rorl $16, %ecx
+ movb %cl, 2(%edi)
+ sall $16, %ecx
+.L022dj2:
+ movb %ch, 1(%esi)
+.L023dj1:
+ movb %cl, (%esi)
+.L020djend:
+ jmp .L003finish
+.align 16
+.L003finish:
+ movl 60(%esp), %ecx
+ addl $24, %esp
+ movl %eax, (%ecx)
+ movl %ebx, 4(%ecx)
+ popl %edi
+ popl %esi
+ popl %ebx
+ popl %ebp
+ ret
+.align 16
+.L005cbc_enc_jmp_table:
+ .long 0
+ .long .L013ej1-.L004PIC_point
+ .long .L012ej2-.L004PIC_point
+ .long .L011ej3-.L004PIC_point
+ .long .L009ej4-.L004PIC_point
+ .long .L008ej5-.L004PIC_point
+ .long .L007ej6-.L004PIC_point
+ .long .L006ej7-.L004PIC_point
+.L_BF_cbc_encrypt_end:
+ .size BF_cbc_encrypt,.L_BF_cbc_encrypt_end-BF_cbc_encrypt
+.ident "desasm.pl"
diff --git a/secure/lib/libcrypto/i386/bn-586.s b/secure/lib/libcrypto/i386/bn-586.s
new file mode 100644
index 0000000..88c73fa
--- /dev/null
+++ b/secure/lib/libcrypto/i386/bn-586.s
@@ -0,0 +1,890 @@
+ # $FreeBSD$
+
+
+
+
+
+
+ .file "/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/bn/asm/bn-586.s"
+ .version "01.01"
+gcc2_compiled.:
+.text
+ .align 16
+.globl bn_mul_add_words
+ .type bn_mul_add_words,@function
+bn_mul_add_words:
+ pushl %ebp
+ pushl %ebx
+ pushl %esi
+ pushl %edi
+
+
+ xorl %esi, %esi
+ movl 20(%esp), %edi
+ movl 28(%esp), %ecx
+ movl 24(%esp), %ebx
+ andl $4294967288, %ecx
+ movl 32(%esp), %ebp
+ pushl %ecx
+ jz .L000maw_finish
+.L001maw_loop:
+ movl %ecx, (%esp)
+
+ movl (%ebx), %eax
+ mull %ebp
+ addl %esi, %eax
+ movl (%edi), %esi
+ adcl $0, %edx
+ addl %esi, %eax
+ adcl $0, %edx
+ movl %eax, (%edi)
+ movl %edx, %esi
+
+ movl 4(%ebx), %eax
+ mull %ebp
+ addl %esi, %eax
+ movl 4(%edi), %esi
+ adcl $0, %edx
+ addl %esi, %eax
+ adcl $0, %edx
+ movl %eax, 4(%edi)
+ movl %edx, %esi
+
+ movl 8(%ebx), %eax
+ mull %ebp
+ addl %esi, %eax
+ movl 8(%edi), %esi
+ adcl $0, %edx
+ addl %esi, %eax
+ adcl $0, %edx
+ movl %eax, 8(%edi)
+ movl %edx, %esi
+
+ movl 12(%ebx), %eax
+ mull %ebp
+ addl %esi, %eax
+ movl 12(%edi), %esi
+ adcl $0, %edx
+ addl %esi, %eax
+ adcl $0, %edx
+ movl %eax, 12(%edi)
+ movl %edx, %esi
+
+ movl 16(%ebx), %eax
+ mull %ebp
+ addl %esi, %eax
+ movl 16(%edi), %esi
+ adcl $0, %edx
+ addl %esi, %eax
+ adcl $0, %edx
+ movl %eax, 16(%edi)
+ movl %edx, %esi
+
+ movl 20(%ebx), %eax
+ mull %ebp
+ addl %esi, %eax
+ movl 20(%edi), %esi
+ adcl $0, %edx
+ addl %esi, %eax
+ adcl $0, %edx
+ movl %eax, 20(%edi)
+ movl %edx, %esi
+
+ movl 24(%ebx), %eax
+ mull %ebp
+ addl %esi, %eax
+ movl 24(%edi), %esi
+ adcl $0, %edx
+ addl %esi, %eax
+ adcl $0, %edx
+ movl %eax, 24(%edi)
+ movl %edx, %esi
+
+ movl 28(%ebx), %eax
+ mull %ebp
+ addl %esi, %eax
+ movl 28(%edi), %esi
+ adcl $0, %edx
+ addl %esi, %eax
+ adcl $0, %edx
+ movl %eax, 28(%edi)
+ movl %edx, %esi
+
+ movl (%esp), %ecx
+ addl $32, %ebx
+ addl $32, %edi
+ subl $8, %ecx
+ jnz .L001maw_loop
+.L000maw_finish:
+ movl 32(%esp), %ecx
+ andl $7, %ecx
+ jnz .L002maw_finish2
+ jmp .L003maw_end
+.align 16
+.L002maw_finish2:
+
+ movl (%ebx), %eax
+ mull %ebp
+ addl %esi, %eax
+ movl (%edi), %esi
+ adcl $0, %edx
+ addl %esi, %eax
+ adcl $0, %edx
+ decl %ecx
+ movl %eax, (%edi)
+ movl %edx, %esi
+ jz .L003maw_end
+
+ movl 4(%ebx), %eax
+ mull %ebp
+ addl %esi, %eax
+ movl 4(%edi), %esi
+ adcl $0, %edx
+ addl %esi, %eax
+ adcl $0, %edx
+ decl %ecx
+ movl %eax, 4(%edi)
+ movl %edx, %esi
+ jz .L003maw_end
+
+ movl 8(%ebx), %eax
+ mull %ebp
+ addl %esi, %eax
+ movl 8(%edi), %esi
+ adcl $0, %edx
+ addl %esi, %eax
+ adcl $0, %edx
+ decl %ecx
+ movl %eax, 8(%edi)
+ movl %edx, %esi
+ jz .L003maw_end
+
+ movl 12(%ebx), %eax
+ mull %ebp
+ addl %esi, %eax
+ movl 12(%edi), %esi
+ adcl $0, %edx
+ addl %esi, %eax
+ adcl $0, %edx
+ decl %ecx
+ movl %eax, 12(%edi)
+ movl %edx, %esi
+ jz .L003maw_end
+
+ movl 16(%ebx), %eax
+ mull %ebp
+ addl %esi, %eax
+ movl 16(%edi), %esi
+ adcl $0, %edx
+ addl %esi, %eax
+ adcl $0, %edx
+ decl %ecx
+ movl %eax, 16(%edi)
+ movl %edx, %esi
+ jz .L003maw_end
+
+ movl 20(%ebx), %eax
+ mull %ebp
+ addl %esi, %eax
+ movl 20(%edi), %esi
+ adcl $0, %edx
+ addl %esi, %eax
+ adcl $0, %edx
+ decl %ecx
+ movl %eax, 20(%edi)
+ movl %edx, %esi
+ jz .L003maw_end
+
+ movl 24(%ebx), %eax
+ mull %ebp
+ addl %esi, %eax
+ movl 24(%edi), %esi
+ adcl $0, %edx
+ addl %esi, %eax
+ adcl $0, %edx
+ movl %eax, 24(%edi)
+ movl %edx, %esi
+.L003maw_end:
+ movl %esi, %eax
+ popl %ecx
+ popl %edi
+ popl %esi
+ popl %ebx
+ popl %ebp
+ ret
+.L_bn_mul_add_words_end:
+ .size bn_mul_add_words,.L_bn_mul_add_words_end-bn_mul_add_words
+.ident "bn_mul_add_words"
+.text
+ .align 16
+.globl bn_mul_words
+ .type bn_mul_words,@function
+bn_mul_words:
+ pushl %ebp
+ pushl %ebx
+ pushl %esi
+ pushl %edi
+
+
+ xorl %esi, %esi
+ movl 20(%esp), %edi
+ movl 24(%esp), %ebx
+ movl 28(%esp), %ebp
+ movl 32(%esp), %ecx
+ andl $4294967288, %ebp
+ jz .L004mw_finish
+.L005mw_loop:
+
+ movl (%ebx), %eax
+ mull %ecx
+ addl %esi, %eax
+ adcl $0, %edx
+ movl %eax, (%edi)
+ movl %edx, %esi
+
+ movl 4(%ebx), %eax
+ mull %ecx
+ addl %esi, %eax
+ adcl $0, %edx
+ movl %eax, 4(%edi)
+ movl %edx, %esi
+
+ movl 8(%ebx), %eax
+ mull %ecx
+ addl %esi, %eax
+ adcl $0, %edx
+ movl %eax, 8(%edi)
+ movl %edx, %esi
+
+ movl 12(%ebx), %eax
+ mull %ecx
+ addl %esi, %eax
+ adcl $0, %edx
+ movl %eax, 12(%edi)
+ movl %edx, %esi
+
+ movl 16(%ebx), %eax
+ mull %ecx
+ addl %esi, %eax
+ adcl $0, %edx
+ movl %eax, 16(%edi)
+ movl %edx, %esi
+
+ movl 20(%ebx), %eax
+ mull %ecx
+ addl %esi, %eax
+ adcl $0, %edx
+ movl %eax, 20(%edi)
+ movl %edx, %esi
+
+ movl 24(%ebx), %eax
+ mull %ecx
+ addl %esi, %eax
+ adcl $0, %edx
+ movl %eax, 24(%edi)
+ movl %edx, %esi
+
+ movl 28(%ebx), %eax
+ mull %ecx
+ addl %esi, %eax
+ adcl $0, %edx
+ movl %eax, 28(%edi)
+ movl %edx, %esi
+
+ addl $32, %ebx
+ addl $32, %edi
+ subl $8, %ebp
+ jz .L004mw_finish
+ jmp .L005mw_loop
+.L004mw_finish:
+ movl 28(%esp), %ebp
+ andl $7, %ebp
+ jnz .L006mw_finish2
+ jmp .L007mw_end
+.align 16
+.L006mw_finish2:
+
+ movl (%ebx), %eax
+ mull %ecx
+ addl %esi, %eax
+ adcl $0, %edx
+ movl %eax, (%edi)
+ movl %edx, %esi
+ decl %ebp
+ jz .L007mw_end
+
+ movl 4(%ebx), %eax
+ mull %ecx
+ addl %esi, %eax
+ adcl $0, %edx
+ movl %eax, 4(%edi)
+ movl %edx, %esi
+ decl %ebp
+ jz .L007mw_end
+
+ movl 8(%ebx), %eax
+ mull %ecx
+ addl %esi, %eax
+ adcl $0, %edx
+ movl %eax, 8(%edi)
+ movl %edx, %esi
+ decl %ebp
+ jz .L007mw_end
+
+ movl 12(%ebx), %eax
+ mull %ecx
+ addl %esi, %eax
+ adcl $0, %edx
+ movl %eax, 12(%edi)
+ movl %edx, %esi
+ decl %ebp
+ jz .L007mw_end
+
+ movl 16(%ebx), %eax
+ mull %ecx
+ addl %esi, %eax
+ adcl $0, %edx
+ movl %eax, 16(%edi)
+ movl %edx, %esi
+ decl %ebp
+ jz .L007mw_end
+
+ movl 20(%ebx), %eax
+ mull %ecx
+ addl %esi, %eax
+ adcl $0, %edx
+ movl %eax, 20(%edi)
+ movl %edx, %esi
+ decl %ebp
+ jz .L007mw_end
+
+ movl 24(%ebx), %eax
+ mull %ecx
+ addl %esi, %eax
+ adcl $0, %edx
+ movl %eax, 24(%edi)
+ movl %edx, %esi
+.L007mw_end:
+ movl %esi, %eax
+ popl %edi
+ popl %esi
+ popl %ebx
+ popl %ebp
+ ret
+.L_bn_mul_words_end:
+ .size bn_mul_words,.L_bn_mul_words_end-bn_mul_words
+.ident "bn_mul_words"
+.text
+ .align 16
+.globl bn_sqr_words
+ .type bn_sqr_words,@function
+bn_sqr_words:
+ pushl %ebp
+ pushl %ebx
+ pushl %esi
+ pushl %edi
+
+
+ movl 20(%esp), %esi
+ movl 24(%esp), %edi
+ movl 28(%esp), %ebx
+ andl $4294967288, %ebx
+ jz .L008sw_finish
+.L009sw_loop:
+
+ movl (%edi), %eax
+ mull %eax
+ movl %eax, (%esi)
+ movl %edx, 4(%esi)
+
+ movl 4(%edi), %eax
+ mull %eax
+ movl %eax, 8(%esi)
+ movl %edx, 12(%esi)
+
+ movl 8(%edi), %eax
+ mull %eax
+ movl %eax, 16(%esi)
+ movl %edx, 20(%esi)
+
+ movl 12(%edi), %eax
+ mull %eax
+ movl %eax, 24(%esi)
+ movl %edx, 28(%esi)
+
+ movl 16(%edi), %eax
+ mull %eax
+ movl %eax, 32(%esi)
+ movl %edx, 36(%esi)
+
+ movl 20(%edi), %eax
+ mull %eax
+ movl %eax, 40(%esi)
+ movl %edx, 44(%esi)
+
+ movl 24(%edi), %eax
+ mull %eax
+ movl %eax, 48(%esi)
+ movl %edx, 52(%esi)
+
+ movl 28(%edi), %eax
+ mull %eax
+ movl %eax, 56(%esi)
+ movl %edx, 60(%esi)
+
+ addl $32, %edi
+ addl $64, %esi
+ subl $8, %ebx
+ jnz .L009sw_loop
+.L008sw_finish:
+ movl 28(%esp), %ebx
+ andl $7, %ebx
+ jz .L010sw_end
+
+ movl (%edi), %eax
+ mull %eax
+ movl %eax, (%esi)
+ decl %ebx
+ movl %edx, 4(%esi)
+ jz .L010sw_end
+
+ movl 4(%edi), %eax
+ mull %eax
+ movl %eax, 8(%esi)
+ decl %ebx
+ movl %edx, 12(%esi)
+ jz .L010sw_end
+
+ movl 8(%edi), %eax
+ mull %eax
+ movl %eax, 16(%esi)
+ decl %ebx
+ movl %edx, 20(%esi)
+ jz .L010sw_end
+
+ movl 12(%edi), %eax
+ mull %eax
+ movl %eax, 24(%esi)
+ decl %ebx
+ movl %edx, 28(%esi)
+ jz .L010sw_end
+
+ movl 16(%edi), %eax
+ mull %eax
+ movl %eax, 32(%esi)
+ decl %ebx
+ movl %edx, 36(%esi)
+ jz .L010sw_end
+
+ movl 20(%edi), %eax
+ mull %eax
+ movl %eax, 40(%esi)
+ decl %ebx
+ movl %edx, 44(%esi)
+ jz .L010sw_end
+
+ movl 24(%edi), %eax
+ mull %eax
+ movl %eax, 48(%esi)
+ movl %edx, 52(%esi)
+.L010sw_end:
+ popl %edi
+ popl %esi
+ popl %ebx
+ popl %ebp
+ ret
+.L_bn_sqr_words_end:
+ .size bn_sqr_words,.L_bn_sqr_words_end-bn_sqr_words
+.ident "bn_sqr_words"
+.text
+ .align 16
+.globl bn_div_words
+ .type bn_div_words,@function
+bn_div_words:
+ pushl %ebp
+ pushl %ebx
+ pushl %esi
+ pushl %edi
+
+ movl 20(%esp), %edx
+ movl 24(%esp), %eax
+ movl 28(%esp), %ebx
+ divl %ebx
+ popl %edi
+ popl %esi
+ popl %ebx
+ popl %ebp
+ ret
+.L_bn_div_words_end:
+ .size bn_div_words,.L_bn_div_words_end-bn_div_words
+.ident "bn_div_words"
+.text
+ .align 16
+.globl bn_add_words
+ .type bn_add_words,@function
+bn_add_words:
+ pushl %ebp
+ pushl %ebx
+ pushl %esi
+ pushl %edi
+
+
+ movl 20(%esp), %ebx
+ movl 24(%esp), %esi
+ movl 28(%esp), %edi
+ movl 32(%esp), %ebp
+ xorl %eax, %eax
+ andl $4294967288, %ebp
+ jz .L011aw_finish
+.L012aw_loop:
+
+ movl (%esi), %ecx
+ movl (%edi), %edx
+ addl %eax, %ecx
+ movl $0, %eax
+ adcl %eax, %eax
+ addl %edx, %ecx
+ adcl $0, %eax
+ movl %ecx, (%ebx)
+
+ movl 4(%esi), %ecx
+ movl 4(%edi), %edx
+ addl %eax, %ecx
+ movl $0, %eax
+ adcl %eax, %eax
+ addl %edx, %ecx
+ adcl $0, %eax
+ movl %ecx, 4(%ebx)
+
+ movl 8(%esi), %ecx
+ movl 8(%edi), %edx
+ addl %eax, %ecx
+ movl $0, %eax
+ adcl %eax, %eax
+ addl %edx, %ecx
+ adcl $0, %eax
+ movl %ecx, 8(%ebx)
+
+ movl 12(%esi), %ecx
+ movl 12(%edi), %edx
+ addl %eax, %ecx
+ movl $0, %eax
+ adcl %eax, %eax
+ addl %edx, %ecx
+ adcl $0, %eax
+ movl %ecx, 12(%ebx)
+
+ movl 16(%esi), %ecx
+ movl 16(%edi), %edx
+ addl %eax, %ecx
+ movl $0, %eax
+ adcl %eax, %eax
+ addl %edx, %ecx
+ adcl $0, %eax
+ movl %ecx, 16(%ebx)
+
+ movl 20(%esi), %ecx
+ movl 20(%edi), %edx
+ addl %eax, %ecx
+ movl $0, %eax
+ adcl %eax, %eax
+ addl %edx, %ecx
+ adcl $0, %eax
+ movl %ecx, 20(%ebx)
+
+ movl 24(%esi), %ecx
+ movl 24(%edi), %edx
+ addl %eax, %ecx
+ movl $0, %eax
+ adcl %eax, %eax
+ addl %edx, %ecx
+ adcl $0, %eax
+ movl %ecx, 24(%ebx)
+
+ movl 28(%esi), %ecx
+ movl 28(%edi), %edx
+ addl %eax, %ecx
+ movl $0, %eax
+ adcl %eax, %eax
+ addl %edx, %ecx
+ adcl $0, %eax
+ movl %ecx, 28(%ebx)
+
+ addl $32, %esi
+ addl $32, %edi
+ addl $32, %ebx
+ subl $8, %ebp
+ jnz .L012aw_loop
+.L011aw_finish:
+ movl 32(%esp), %ebp
+ andl $7, %ebp
+ jz .L013aw_end
+
+ movl (%esi), %ecx
+ movl (%edi), %edx
+ addl %eax, %ecx
+ movl $0, %eax
+ adcl %eax, %eax
+ addl %edx, %ecx
+ adcl $0, %eax
+ decl %ebp
+ movl %ecx, (%ebx)
+ jz .L013aw_end
+
+ movl 4(%esi), %ecx
+ movl 4(%edi), %edx
+ addl %eax, %ecx
+ movl $0, %eax
+ adcl %eax, %eax
+ addl %edx, %ecx
+ adcl $0, %eax
+ decl %ebp
+ movl %ecx, 4(%ebx)
+ jz .L013aw_end
+
+ movl 8(%esi), %ecx
+ movl 8(%edi), %edx
+ addl %eax, %ecx
+ movl $0, %eax
+ adcl %eax, %eax
+ addl %edx, %ecx
+ adcl $0, %eax
+ decl %ebp
+ movl %ecx, 8(%ebx)
+ jz .L013aw_end
+
+ movl 12(%esi), %ecx
+ movl 12(%edi), %edx
+ addl %eax, %ecx
+ movl $0, %eax
+ adcl %eax, %eax
+ addl %edx, %ecx
+ adcl $0, %eax
+ decl %ebp
+ movl %ecx, 12(%ebx)
+ jz .L013aw_end
+
+ movl 16(%esi), %ecx
+ movl 16(%edi), %edx
+ addl %eax, %ecx
+ movl $0, %eax
+ adcl %eax, %eax
+ addl %edx, %ecx
+ adcl $0, %eax
+ decl %ebp
+ movl %ecx, 16(%ebx)
+ jz .L013aw_end
+
+ movl 20(%esi), %ecx
+ movl 20(%edi), %edx
+ addl %eax, %ecx
+ movl $0, %eax
+ adcl %eax, %eax
+ addl %edx, %ecx
+ adcl $0, %eax
+ decl %ebp
+ movl %ecx, 20(%ebx)
+ jz .L013aw_end
+
+ movl 24(%esi), %ecx
+ movl 24(%edi), %edx
+ addl %eax, %ecx
+ movl $0, %eax
+ adcl %eax, %eax
+ addl %edx, %ecx
+ adcl $0, %eax
+ movl %ecx, 24(%ebx)
+.L013aw_end:
+ popl %edi
+ popl %esi
+ popl %ebx
+ popl %ebp
+ ret
+.L_bn_add_words_end:
+ .size bn_add_words,.L_bn_add_words_end-bn_add_words
+.ident "bn_add_words"
+.text
+ .align 16
+.globl bn_sub_words
+ .type bn_sub_words,@function
+bn_sub_words:
+ pushl %ebp
+ pushl %ebx
+ pushl %esi
+ pushl %edi
+
+
+ movl 20(%esp), %ebx
+ movl 24(%esp), %esi
+ movl 28(%esp), %edi
+ movl 32(%esp), %ebp
+ xorl %eax, %eax
+ andl $4294967288, %ebp
+ jz .L014aw_finish
+.L015aw_loop:
+
+ movl (%esi), %ecx
+ movl (%edi), %edx
+ subl %eax, %ecx
+ movl $0, %eax
+ adcl %eax, %eax
+ subl %edx, %ecx
+ adcl $0, %eax
+ movl %ecx, (%ebx)
+
+ movl 4(%esi), %ecx
+ movl 4(%edi), %edx
+ subl %eax, %ecx
+ movl $0, %eax
+ adcl %eax, %eax
+ subl %edx, %ecx
+ adcl $0, %eax
+ movl %ecx, 4(%ebx)
+
+ movl 8(%esi), %ecx
+ movl 8(%edi), %edx
+ subl %eax, %ecx
+ movl $0, %eax
+ adcl %eax, %eax
+ subl %edx, %ecx
+ adcl $0, %eax
+ movl %ecx, 8(%ebx)
+
+ movl 12(%esi), %ecx
+ movl 12(%edi), %edx
+ subl %eax, %ecx
+ movl $0, %eax
+ adcl %eax, %eax
+ subl %edx, %ecx
+ adcl $0, %eax
+ movl %ecx, 12(%ebx)
+
+ movl 16(%esi), %ecx
+ movl 16(%edi), %edx
+ subl %eax, %ecx
+ movl $0, %eax
+ adcl %eax, %eax
+ subl %edx, %ecx
+ adcl $0, %eax
+ movl %ecx, 16(%ebx)
+
+ movl 20(%esi), %ecx
+ movl 20(%edi), %edx
+ subl %eax, %ecx
+ movl $0, %eax
+ adcl %eax, %eax
+ subl %edx, %ecx
+ adcl $0, %eax
+ movl %ecx, 20(%ebx)
+
+ movl 24(%esi), %ecx
+ movl 24(%edi), %edx
+ subl %eax, %ecx
+ movl $0, %eax
+ adcl %eax, %eax
+ subl %edx, %ecx
+ adcl $0, %eax
+ movl %ecx, 24(%ebx)
+
+ movl 28(%esi), %ecx
+ movl 28(%edi), %edx
+ subl %eax, %ecx
+ movl $0, %eax
+ adcl %eax, %eax
+ subl %edx, %ecx
+ adcl $0, %eax
+ movl %ecx, 28(%ebx)
+
+ addl $32, %esi
+ addl $32, %edi
+ addl $32, %ebx
+ subl $8, %ebp
+ jnz .L015aw_loop
+.L014aw_finish:
+ movl 32(%esp), %ebp
+ andl $7, %ebp
+ jz .L016aw_end
+
+ movl (%esi), %ecx
+ movl (%edi), %edx
+ subl %eax, %ecx
+ movl $0, %eax
+ adcl %eax, %eax
+ subl %edx, %ecx
+ adcl $0, %eax
+ decl %ebp
+ movl %ecx, (%ebx)
+ jz .L016aw_end
+
+ movl 4(%esi), %ecx
+ movl 4(%edi), %edx
+ subl %eax, %ecx
+ movl $0, %eax
+ adcl %eax, %eax
+ subl %edx, %ecx
+ adcl $0, %eax
+ decl %ebp
+ movl %ecx, 4(%ebx)
+ jz .L016aw_end
+
+ movl 8(%esi), %ecx
+ movl 8(%edi), %edx
+ subl %eax, %ecx
+ movl $0, %eax
+ adcl %eax, %eax
+ subl %edx, %ecx
+ adcl $0, %eax
+ decl %ebp
+ movl %ecx, 8(%ebx)
+ jz .L016aw_end
+
+ movl 12(%esi), %ecx
+ movl 12(%edi), %edx
+ subl %eax, %ecx
+ movl $0, %eax
+ adcl %eax, %eax
+ subl %edx, %ecx
+ adcl $0, %eax
+ decl %ebp
+ movl %ecx, 12(%ebx)
+ jz .L016aw_end
+
+ movl 16(%esi), %ecx
+ movl 16(%edi), %edx
+ subl %eax, %ecx
+ movl $0, %eax
+ adcl %eax, %eax
+ subl %edx, %ecx
+ adcl $0, %eax
+ decl %ebp
+ movl %ecx, 16(%ebx)
+ jz .L016aw_end
+
+ movl 20(%esi), %ecx
+ movl 20(%edi), %edx
+ subl %eax, %ecx
+ movl $0, %eax
+ adcl %eax, %eax
+ subl %edx, %ecx
+ adcl $0, %eax
+ decl %ebp
+ movl %ecx, 20(%ebx)
+ jz .L016aw_end
+
+ movl 24(%esi), %ecx
+ movl 24(%edi), %edx
+ subl %eax, %ecx
+ movl $0, %eax
+ adcl %eax, %eax
+ subl %edx, %ecx
+ adcl $0, %eax
+ movl %ecx, 24(%ebx)
+.L016aw_end:
+ popl %edi
+ popl %esi
+ popl %ebx
+ popl %ebp
+ ret
+.L_bn_sub_words_end:
+ .size bn_sub_words,.L_bn_sub_words_end-bn_sub_words
+.ident "bn_sub_words"
diff --git a/secure/lib/libcrypto/i386/cast-586.s b/secure/lib/libcrypto/i386/cast-586.s
new file mode 100644
index 0000000..bb31376
--- /dev/null
+++ b/secure/lib/libcrypto/i386/cast-586.s
@@ -0,0 +1,966 @@
+ # $FreeBSD$
+
+
+
+
+
+
+ .file "cast-586.s"
+ .version "01.01"
+gcc2_compiled.:
+.text
+ .align 16
+.globl CAST_encrypt
+ .type CAST_encrypt,@function
+CAST_encrypt:
+
+ pushl %ebp
+ pushl %ebx
+ movl 12(%esp), %ebx
+ movl 16(%esp), %ebp
+ pushl %esi
+ pushl %edi
+
+ movl (%ebx), %edi
+ movl 4(%ebx), %esi
+
+ movl 128(%ebp), %eax
+ pushl %eax
+ xorl %eax, %eax
+
+ movl (%ebp), %edx
+ movl 4(%ebp), %ecx
+ addl %esi, %edx
+ roll %cl, %edx
+ movl %edx, %ebx
+ xorl %ecx, %ecx
+ movb %dh, %cl
+ andl $255, %ebx
+ shrl $16, %edx
+ xorl %eax, %eax
+ movb %dh, %al
+ andl $255, %edx
+ movl CAST_S_table0(,%ecx,4),%ecx
+ movl CAST_S_table1(,%ebx,4),%ebx
+ xorl %ebx, %ecx
+ movl CAST_S_table2(,%eax,4),%ebx
+ subl %ebx, %ecx
+ movl CAST_S_table3(,%edx,4),%ebx
+ addl %ebx, %ecx
+ xorl %ecx, %edi
+
+ movl 8(%ebp), %edx
+ movl 12(%ebp), %ecx
+ xorl %edi, %edx
+ roll %cl, %edx
+ movl %edx, %ebx
+ xorl %ecx, %ecx
+ movb %dh, %cl
+ andl $255, %ebx
+ shrl $16, %edx
+ xorl %eax, %eax
+ movb %dh, %al
+ andl $255, %edx
+ movl CAST_S_table0(,%ecx,4),%ecx
+ movl CAST_S_table1(,%ebx,4),%ebx
+ subl %ebx, %ecx
+ movl CAST_S_table2(,%eax,4),%ebx
+ addl %ebx, %ecx
+ movl CAST_S_table3(,%edx,4),%ebx
+ xorl %ebx, %ecx
+ xorl %ecx, %esi
+
+ movl 16(%ebp), %edx
+ movl 20(%ebp), %ecx
+ subl %esi, %edx
+ roll %cl, %edx
+ movl %edx, %ebx
+ xorl %ecx, %ecx
+ movb %dh, %cl
+ andl $255, %ebx
+ shrl $16, %edx
+ xorl %eax, %eax
+ movb %dh, %al
+ andl $255, %edx
+ movl CAST_S_table0(,%ecx,4),%ecx
+ movl CAST_S_table1(,%ebx,4),%ebx
+ addl %ebx, %ecx
+ movl CAST_S_table2(,%eax,4),%ebx
+ xorl %ebx, %ecx
+ movl CAST_S_table3(,%edx,4),%ebx
+ subl %ebx, %ecx
+ xorl %ecx, %edi
+
+ movl 24(%ebp), %edx
+ movl 28(%ebp), %ecx
+ addl %edi, %edx
+ roll %cl, %edx
+ movl %edx, %ebx
+ xorl %ecx, %ecx
+ movb %dh, %cl
+ andl $255, %ebx
+ shrl $16, %edx
+ xorl %eax, %eax
+ movb %dh, %al
+ andl $255, %edx
+ movl CAST_S_table0(,%ecx,4),%ecx
+ movl CAST_S_table1(,%ebx,4),%ebx
+ xorl %ebx, %ecx
+ movl CAST_S_table2(,%eax,4),%ebx
+ subl %ebx, %ecx
+ movl CAST_S_table3(,%edx,4),%ebx
+ addl %ebx, %ecx
+ xorl %ecx, %esi
+
+ movl 32(%ebp), %edx
+ movl 36(%ebp), %ecx
+ xorl %esi, %edx
+ roll %cl, %edx
+ movl %edx, %ebx
+ xorl %ecx, %ecx
+ movb %dh, %cl
+ andl $255, %ebx
+ shrl $16, %edx
+ xorl %eax, %eax
+ movb %dh, %al
+ andl $255, %edx
+ movl CAST_S_table0(,%ecx,4),%ecx
+ movl CAST_S_table1(,%ebx,4),%ebx
+ subl %ebx, %ecx
+ movl CAST_S_table2(,%eax,4),%ebx
+ addl %ebx, %ecx
+ movl CAST_S_table3(,%edx,4),%ebx
+ xorl %ebx, %ecx
+ xorl %ecx, %edi
+
+ movl 40(%ebp), %edx
+ movl 44(%ebp), %ecx
+ subl %edi, %edx
+ roll %cl, %edx
+ movl %edx, %ebx
+ xorl %ecx, %ecx
+ movb %dh, %cl
+ andl $255, %ebx
+ shrl $16, %edx
+ xorl %eax, %eax
+ movb %dh, %al
+ andl $255, %edx
+ movl CAST_S_table0(,%ecx,4),%ecx
+ movl CAST_S_table1(,%ebx,4),%ebx
+ addl %ebx, %ecx
+ movl CAST_S_table2(,%eax,4),%ebx
+ xorl %ebx, %ecx
+ movl CAST_S_table3(,%edx,4),%ebx
+ subl %ebx, %ecx
+ xorl %ecx, %esi
+
+ movl 48(%ebp), %edx
+ movl 52(%ebp), %ecx
+ addl %esi, %edx
+ roll %cl, %edx
+ movl %edx, %ebx
+ xorl %ecx, %ecx
+ movb %dh, %cl
+ andl $255, %ebx
+ shrl $16, %edx
+ xorl %eax, %eax
+ movb %dh, %al
+ andl $255, %edx
+ movl CAST_S_table0(,%ecx,4),%ecx
+ movl CAST_S_table1(,%ebx,4),%ebx
+ xorl %ebx, %ecx
+ movl CAST_S_table2(,%eax,4),%ebx
+ subl %ebx, %ecx
+ movl CAST_S_table3(,%edx,4),%ebx
+ addl %ebx, %ecx
+ xorl %ecx, %edi
+
+ movl 56(%ebp), %edx
+ movl 60(%ebp), %ecx
+ xorl %edi, %edx
+ roll %cl, %edx
+ movl %edx, %ebx
+ xorl %ecx, %ecx
+ movb %dh, %cl
+ andl $255, %ebx
+ shrl $16, %edx
+ xorl %eax, %eax
+ movb %dh, %al
+ andl $255, %edx
+ movl CAST_S_table0(,%ecx,4),%ecx
+ movl CAST_S_table1(,%ebx,4),%ebx
+ subl %ebx, %ecx
+ movl CAST_S_table2(,%eax,4),%ebx
+ addl %ebx, %ecx
+ movl CAST_S_table3(,%edx,4),%ebx
+ xorl %ebx, %ecx
+ xorl %ecx, %esi
+
+ movl 64(%ebp), %edx
+ movl 68(%ebp), %ecx
+ subl %esi, %edx
+ roll %cl, %edx
+ movl %edx, %ebx
+ xorl %ecx, %ecx
+ movb %dh, %cl
+ andl $255, %ebx
+ shrl $16, %edx
+ xorl %eax, %eax
+ movb %dh, %al
+ andl $255, %edx
+ movl CAST_S_table0(,%ecx,4),%ecx
+ movl CAST_S_table1(,%ebx,4),%ebx
+ addl %ebx, %ecx
+ movl CAST_S_table2(,%eax,4),%ebx
+ xorl %ebx, %ecx
+ movl CAST_S_table3(,%edx,4),%ebx
+ subl %ebx, %ecx
+ xorl %ecx, %edi
+
+ movl 72(%ebp), %edx
+ movl 76(%ebp), %ecx
+ addl %edi, %edx
+ roll %cl, %edx
+ movl %edx, %ebx
+ xorl %ecx, %ecx
+ movb %dh, %cl
+ andl $255, %ebx
+ shrl $16, %edx
+ xorl %eax, %eax
+ movb %dh, %al
+ andl $255, %edx
+ movl CAST_S_table0(,%ecx,4),%ecx
+ movl CAST_S_table1(,%ebx,4),%ebx
+ xorl %ebx, %ecx
+ movl CAST_S_table2(,%eax,4),%ebx
+ subl %ebx, %ecx
+ movl CAST_S_table3(,%edx,4),%ebx
+ addl %ebx, %ecx
+ xorl %ecx, %esi
+
+ movl 80(%ebp), %edx
+ movl 84(%ebp), %ecx
+ xorl %esi, %edx
+ roll %cl, %edx
+ movl %edx, %ebx
+ xorl %ecx, %ecx
+ movb %dh, %cl
+ andl $255, %ebx
+ shrl $16, %edx
+ xorl %eax, %eax
+ movb %dh, %al
+ andl $255, %edx
+ movl CAST_S_table0(,%ecx,4),%ecx
+ movl CAST_S_table1(,%ebx,4),%ebx
+ subl %ebx, %ecx
+ movl CAST_S_table2(,%eax,4),%ebx
+ addl %ebx, %ecx
+ movl CAST_S_table3(,%edx,4),%ebx
+ xorl %ebx, %ecx
+ xorl %ecx, %edi
+
+ movl 88(%ebp), %edx
+ movl 92(%ebp), %ecx
+ subl %edi, %edx
+ roll %cl, %edx
+ movl %edx, %ebx
+ xorl %ecx, %ecx
+ movb %dh, %cl
+ andl $255, %ebx
+ shrl $16, %edx
+ xorl %eax, %eax
+ movb %dh, %al
+ andl $255, %edx
+ movl CAST_S_table0(,%ecx,4),%ecx
+ movl CAST_S_table1(,%ebx,4),%ebx
+ addl %ebx, %ecx
+ movl CAST_S_table2(,%eax,4),%ebx
+ xorl %ebx, %ecx
+ movl CAST_S_table3(,%edx,4),%ebx
+ subl %ebx, %ecx
+ xorl %ecx, %esi
+
+ popl %edx
+ orl %edx, %edx
+ jnz .L000cast_enc_done
+
+ movl 96(%ebp), %edx
+ movl 100(%ebp), %ecx
+ addl %esi, %edx
+ roll %cl, %edx
+ movl %edx, %ebx
+ xorl %ecx, %ecx
+ movb %dh, %cl
+ andl $255, %ebx
+ shrl $16, %edx
+ xorl %eax, %eax
+ movb %dh, %al
+ andl $255, %edx
+ movl CAST_S_table0(,%ecx,4),%ecx
+ movl CAST_S_table1(,%ebx,4),%ebx
+ xorl %ebx, %ecx
+ movl CAST_S_table2(,%eax,4),%ebx
+ subl %ebx, %ecx
+ movl CAST_S_table3(,%edx,4),%ebx
+ addl %ebx, %ecx
+ xorl %ecx, %edi
+
+ movl 104(%ebp), %edx
+ movl 108(%ebp), %ecx
+ xorl %edi, %edx
+ roll %cl, %edx
+ movl %edx, %ebx
+ xorl %ecx, %ecx
+ movb %dh, %cl
+ andl $255, %ebx
+ shrl $16, %edx
+ xorl %eax, %eax
+ movb %dh, %al
+ andl $255, %edx
+ movl CAST_S_table0(,%ecx,4),%ecx
+ movl CAST_S_table1(,%ebx,4),%ebx
+ subl %ebx, %ecx
+ movl CAST_S_table2(,%eax,4),%ebx
+ addl %ebx, %ecx
+ movl CAST_S_table3(,%edx,4),%ebx
+ xorl %ebx, %ecx
+ xorl %ecx, %esi
+
+ movl 112(%ebp), %edx
+ movl 116(%ebp), %ecx
+ subl %esi, %edx
+ roll %cl, %edx
+ movl %edx, %ebx
+ xorl %ecx, %ecx
+ movb %dh, %cl
+ andl $255, %ebx
+ shrl $16, %edx
+ xorl %eax, %eax
+ movb %dh, %al
+ andl $255, %edx
+ movl CAST_S_table0(,%ecx,4),%ecx
+ movl CAST_S_table1(,%ebx,4),%ebx
+ addl %ebx, %ecx
+ movl CAST_S_table2(,%eax,4),%ebx
+ xorl %ebx, %ecx
+ movl CAST_S_table3(,%edx,4),%ebx
+ subl %ebx, %ecx
+ xorl %ecx, %edi
+
+ movl 120(%ebp), %edx
+ movl 124(%ebp), %ecx
+ addl %edi, %edx
+ roll %cl, %edx
+ movl %edx, %ebx
+ xorl %ecx, %ecx
+ movb %dh, %cl
+ andl $255, %ebx
+ shrl $16, %edx
+ xorl %eax, %eax
+ movb %dh, %al
+ andl $255, %edx
+ movl CAST_S_table0(,%ecx,4),%ecx
+ movl CAST_S_table1(,%ebx,4),%ebx
+ xorl %ebx, %ecx
+ movl CAST_S_table2(,%eax,4),%ebx
+ subl %ebx, %ecx
+ movl CAST_S_table3(,%edx,4),%ebx
+ addl %ebx, %ecx
+ xorl %ecx, %esi
+.L000cast_enc_done:
+ nop
+ movl 20(%esp), %eax
+ movl %edi, 4(%eax)
+ movl %esi, (%eax)
+ popl %edi
+ popl %esi
+ popl %ebx
+ popl %ebp
+ ret
+.L_CAST_encrypt_end:
+ .size CAST_encrypt,.L_CAST_encrypt_end-CAST_encrypt
+.ident "CAST_encrypt"
+.text
+ .align 16
+.globl CAST_decrypt
+ .type CAST_decrypt,@function
+CAST_decrypt:
+
+ pushl %ebp
+ pushl %ebx
+ movl 12(%esp), %ebx
+ movl 16(%esp), %ebp
+ pushl %esi
+ pushl %edi
+
+ movl (%ebx), %edi
+ movl 4(%ebx), %esi
+
+ movl 128(%ebp), %eax
+ orl %eax, %eax
+ jnz .L001cast_dec_skip
+ xorl %eax, %eax
+
+ movl 120(%ebp), %edx
+ movl 124(%ebp), %ecx
+ addl %esi, %edx
+ roll %cl, %edx
+ movl %edx, %ebx
+ xorl %ecx, %ecx
+ movb %dh, %cl
+ andl $255, %ebx
+ shrl $16, %edx
+ xorl %eax, %eax
+ movb %dh, %al
+ andl $255, %edx
+ movl CAST_S_table0(,%ecx,4),%ecx
+ movl CAST_S_table1(,%ebx,4),%ebx
+ xorl %ebx, %ecx
+ movl CAST_S_table2(,%eax,4),%ebx
+ subl %ebx, %ecx
+ movl CAST_S_table3(,%edx,4),%ebx
+ addl %ebx, %ecx
+ xorl %ecx, %edi
+
+ movl 112(%ebp), %edx
+ movl 116(%ebp), %ecx
+ subl %edi, %edx
+ roll %cl, %edx
+ movl %edx, %ebx
+ xorl %ecx, %ecx
+ movb %dh, %cl
+ andl $255, %ebx
+ shrl $16, %edx
+ xorl %eax, %eax
+ movb %dh, %al
+ andl $255, %edx
+ movl CAST_S_table0(,%ecx,4),%ecx
+ movl CAST_S_table1(,%ebx,4),%ebx
+ addl %ebx, %ecx
+ movl CAST_S_table2(,%eax,4),%ebx
+ xorl %ebx, %ecx
+ movl CAST_S_table3(,%edx,4),%ebx
+ subl %ebx, %ecx
+ xorl %ecx, %esi
+
+ movl 104(%ebp), %edx
+ movl 108(%ebp), %ecx
+ xorl %esi, %edx
+ roll %cl, %edx
+ movl %edx, %ebx
+ xorl %ecx, %ecx
+ movb %dh, %cl
+ andl $255, %ebx
+ shrl $16, %edx
+ xorl %eax, %eax
+ movb %dh, %al
+ andl $255, %edx
+ movl CAST_S_table0(,%ecx,4),%ecx
+ movl CAST_S_table1(,%ebx,4),%ebx
+ subl %ebx, %ecx
+ movl CAST_S_table2(,%eax,4),%ebx
+ addl %ebx, %ecx
+ movl CAST_S_table3(,%edx,4),%ebx
+ xorl %ebx, %ecx
+ xorl %ecx, %edi
+
+ movl 96(%ebp), %edx
+ movl 100(%ebp), %ecx
+ addl %edi, %edx
+ roll %cl, %edx
+ movl %edx, %ebx
+ xorl %ecx, %ecx
+ movb %dh, %cl
+ andl $255, %ebx
+ shrl $16, %edx
+ xorl %eax, %eax
+ movb %dh, %al
+ andl $255, %edx
+ movl CAST_S_table0(,%ecx,4),%ecx
+ movl CAST_S_table1(,%ebx,4),%ebx
+ xorl %ebx, %ecx
+ movl CAST_S_table2(,%eax,4),%ebx
+ subl %ebx, %ecx
+ movl CAST_S_table3(,%edx,4),%ebx
+ addl %ebx, %ecx
+ xorl %ecx, %esi
+.L001cast_dec_skip:
+
+ movl 88(%ebp), %edx
+ movl 92(%ebp), %ecx
+ subl %esi, %edx
+ roll %cl, %edx
+ movl %edx, %ebx
+ xorl %ecx, %ecx
+ movb %dh, %cl
+ andl $255, %ebx
+ shrl $16, %edx
+ xorl %eax, %eax
+ movb %dh, %al
+ andl $255, %edx
+ movl CAST_S_table0(,%ecx,4),%ecx
+ movl CAST_S_table1(,%ebx,4),%ebx
+ addl %ebx, %ecx
+ movl CAST_S_table2(,%eax,4),%ebx
+ xorl %ebx, %ecx
+ movl CAST_S_table3(,%edx,4),%ebx
+ subl %ebx, %ecx
+ xorl %ecx, %edi
+
+ movl 80(%ebp), %edx
+ movl 84(%ebp), %ecx
+ xorl %edi, %edx
+ roll %cl, %edx
+ movl %edx, %ebx
+ xorl %ecx, %ecx
+ movb %dh, %cl
+ andl $255, %ebx
+ shrl $16, %edx
+ xorl %eax, %eax
+ movb %dh, %al
+ andl $255, %edx
+ movl CAST_S_table0(,%ecx,4),%ecx
+ movl CAST_S_table1(,%ebx,4),%ebx
+ subl %ebx, %ecx
+ movl CAST_S_table2(,%eax,4),%ebx
+ addl %ebx, %ecx
+ movl CAST_S_table3(,%edx,4),%ebx
+ xorl %ebx, %ecx
+ xorl %ecx, %esi
+
+ movl 72(%ebp), %edx
+ movl 76(%ebp), %ecx
+ addl %esi, %edx
+ roll %cl, %edx
+ movl %edx, %ebx
+ xorl %ecx, %ecx
+ movb %dh, %cl
+ andl $255, %ebx
+ shrl $16, %edx
+ xorl %eax, %eax
+ movb %dh, %al
+ andl $255, %edx
+ movl CAST_S_table0(,%ecx,4),%ecx
+ movl CAST_S_table1(,%ebx,4),%ebx
+ xorl %ebx, %ecx
+ movl CAST_S_table2(,%eax,4),%ebx
+ subl %ebx, %ecx
+ movl CAST_S_table3(,%edx,4),%ebx
+ addl %ebx, %ecx
+ xorl %ecx, %edi
+
+ movl 64(%ebp), %edx
+ movl 68(%ebp), %ecx
+ subl %edi, %edx
+ roll %cl, %edx
+ movl %edx, %ebx
+ xorl %ecx, %ecx
+ movb %dh, %cl
+ andl $255, %ebx
+ shrl $16, %edx
+ xorl %eax, %eax
+ movb %dh, %al
+ andl $255, %edx
+ movl CAST_S_table0(,%ecx,4),%ecx
+ movl CAST_S_table1(,%ebx,4),%ebx
+ addl %ebx, %ecx
+ movl CAST_S_table2(,%eax,4),%ebx
+ xorl %ebx, %ecx
+ movl CAST_S_table3(,%edx,4),%ebx
+ subl %ebx, %ecx
+ xorl %ecx, %esi
+
+ movl 56(%ebp), %edx
+ movl 60(%ebp), %ecx
+ xorl %esi, %edx
+ roll %cl, %edx
+ movl %edx, %ebx
+ xorl %ecx, %ecx
+ movb %dh, %cl
+ andl $255, %ebx
+ shrl $16, %edx
+ xorl %eax, %eax
+ movb %dh, %al
+ andl $255, %edx
+ movl CAST_S_table0(,%ecx,4),%ecx
+ movl CAST_S_table1(,%ebx,4),%ebx
+ subl %ebx, %ecx
+ movl CAST_S_table2(,%eax,4),%ebx
+ addl %ebx, %ecx
+ movl CAST_S_table3(,%edx,4),%ebx
+ xorl %ebx, %ecx
+ xorl %ecx, %edi
+
+ movl 48(%ebp), %edx
+ movl 52(%ebp), %ecx
+ addl %edi, %edx
+ roll %cl, %edx
+ movl %edx, %ebx
+ xorl %ecx, %ecx
+ movb %dh, %cl
+ andl $255, %ebx
+ shrl $16, %edx
+ xorl %eax, %eax
+ movb %dh, %al
+ andl $255, %edx
+ movl CAST_S_table0(,%ecx,4),%ecx
+ movl CAST_S_table1(,%ebx,4),%ebx
+ xorl %ebx, %ecx
+ movl CAST_S_table2(,%eax,4),%ebx
+ subl %ebx, %ecx
+ movl CAST_S_table3(,%edx,4),%ebx
+ addl %ebx, %ecx
+ xorl %ecx, %esi
+
+ movl 40(%ebp), %edx
+ movl 44(%ebp), %ecx
+ subl %esi, %edx
+ roll %cl, %edx
+ movl %edx, %ebx
+ xorl %ecx, %ecx
+ movb %dh, %cl
+ andl $255, %ebx
+ shrl $16, %edx
+ xorl %eax, %eax
+ movb %dh, %al
+ andl $255, %edx
+ movl CAST_S_table0(,%ecx,4),%ecx
+ movl CAST_S_table1(,%ebx,4),%ebx
+ addl %ebx, %ecx
+ movl CAST_S_table2(,%eax,4),%ebx
+ xorl %ebx, %ecx
+ movl CAST_S_table3(,%edx,4),%ebx
+ subl %ebx, %ecx
+ xorl %ecx, %edi
+
+ movl 32(%ebp), %edx
+ movl 36(%ebp), %ecx
+ xorl %edi, %edx
+ roll %cl, %edx
+ movl %edx, %ebx
+ xorl %ecx, %ecx
+ movb %dh, %cl
+ andl $255, %ebx
+ shrl $16, %edx
+ xorl %eax, %eax
+ movb %dh, %al
+ andl $255, %edx
+ movl CAST_S_table0(,%ecx,4),%ecx
+ movl CAST_S_table1(,%ebx,4),%ebx
+ subl %ebx, %ecx
+ movl CAST_S_table2(,%eax,4),%ebx
+ addl %ebx, %ecx
+ movl CAST_S_table3(,%edx,4),%ebx
+ xorl %ebx, %ecx
+ xorl %ecx, %esi
+
+ movl 24(%ebp), %edx
+ movl 28(%ebp), %ecx
+ addl %esi, %edx
+ roll %cl, %edx
+ movl %edx, %ebx
+ xorl %ecx, %ecx
+ movb %dh, %cl
+ andl $255, %ebx
+ shrl $16, %edx
+ xorl %eax, %eax
+ movb %dh, %al
+ andl $255, %edx
+ movl CAST_S_table0(,%ecx,4),%ecx
+ movl CAST_S_table1(,%ebx,4),%ebx
+ xorl %ebx, %ecx
+ movl CAST_S_table2(,%eax,4),%ebx
+ subl %ebx, %ecx
+ movl CAST_S_table3(,%edx,4),%ebx
+ addl %ebx, %ecx
+ xorl %ecx, %edi
+
+ movl 16(%ebp), %edx
+ movl 20(%ebp), %ecx
+ subl %edi, %edx
+ roll %cl, %edx
+ movl %edx, %ebx
+ xorl %ecx, %ecx
+ movb %dh, %cl
+ andl $255, %ebx
+ shrl $16, %edx
+ xorl %eax, %eax
+ movb %dh, %al
+ andl $255, %edx
+ movl CAST_S_table0(,%ecx,4),%ecx
+ movl CAST_S_table1(,%ebx,4),%ebx
+ addl %ebx, %ecx
+ movl CAST_S_table2(,%eax,4),%ebx
+ xorl %ebx, %ecx
+ movl CAST_S_table3(,%edx,4),%ebx
+ subl %ebx, %ecx
+ xorl %ecx, %esi
+
+ movl 8(%ebp), %edx
+ movl 12(%ebp), %ecx
+ xorl %esi, %edx
+ roll %cl, %edx
+ movl %edx, %ebx
+ xorl %ecx, %ecx
+ movb %dh, %cl
+ andl $255, %ebx
+ shrl $16, %edx
+ xorl %eax, %eax
+ movb %dh, %al
+ andl $255, %edx
+ movl CAST_S_table0(,%ecx,4),%ecx
+ movl CAST_S_table1(,%ebx,4),%ebx
+ subl %ebx, %ecx
+ movl CAST_S_table2(,%eax,4),%ebx
+ addl %ebx, %ecx
+ movl CAST_S_table3(,%edx,4),%ebx
+ xorl %ebx, %ecx
+ xorl %ecx, %edi
+
+ movl (%ebp), %edx
+ movl 4(%ebp), %ecx
+ addl %edi, %edx
+ roll %cl, %edx
+ movl %edx, %ebx
+ xorl %ecx, %ecx
+ movb %dh, %cl
+ andl $255, %ebx
+ shrl $16, %edx
+ xorl %eax, %eax
+ movb %dh, %al
+ andl $255, %edx
+ movl CAST_S_table0(,%ecx,4),%ecx
+ movl CAST_S_table1(,%ebx,4),%ebx
+ xorl %ebx, %ecx
+ movl CAST_S_table2(,%eax,4),%ebx
+ subl %ebx, %ecx
+ movl CAST_S_table3(,%edx,4),%ebx
+ addl %ebx, %ecx
+ xorl %ecx, %esi
+ nop
+ movl 20(%esp), %eax
+ movl %edi, 4(%eax)
+ movl %esi, (%eax)
+ popl %edi
+ popl %esi
+ popl %ebx
+ popl %ebp
+ ret
+.L_CAST_decrypt_end:
+ .size CAST_decrypt,.L_CAST_decrypt_end-CAST_decrypt
+.ident "CAST_decrypt"
+.text
+ .align 16
+.globl CAST_cbc_encrypt
+ .type CAST_cbc_encrypt,@function
+CAST_cbc_encrypt:
+
+ pushl %ebp
+ pushl %ebx
+ pushl %esi
+ pushl %edi
+ movl 28(%esp), %ebp
+
+ movl 36(%esp), %ebx
+ movl (%ebx), %esi
+ movl 4(%ebx), %edi
+ pushl %edi
+ pushl %esi
+ pushl %edi
+ pushl %esi
+ movl %esp, %ebx
+ movl 36(%esp), %esi
+ movl 40(%esp), %edi
+
+ movl 56(%esp), %ecx
+
+ movl 48(%esp), %eax
+ pushl %eax
+ pushl %ebx
+ cmpl $0, %ecx
+ jz .L002decrypt
+ andl $4294967288, %ebp
+ movl 8(%esp), %eax
+ movl 12(%esp), %ebx
+ jz .L003encrypt_finish
+.L004encrypt_loop:
+ movl (%esi), %ecx
+ movl 4(%esi), %edx
+ xorl %ecx, %eax
+ xorl %edx, %ebx
+.byte 15
+.byte 200
+.byte 15
+.byte 203
+ movl %eax, 8(%esp)
+ movl %ebx, 12(%esp)
+ call CAST_encrypt
+ movl 8(%esp), %eax
+ movl 12(%esp), %ebx
+.byte 15
+.byte 200
+.byte 15
+.byte 203
+ movl %eax, (%edi)
+ movl %ebx, 4(%edi)
+ addl $8, %esi
+ addl $8, %edi
+ subl $8, %ebp
+ jnz .L004encrypt_loop
+.L003encrypt_finish:
+ movl 52(%esp), %ebp
+ andl $7, %ebp
+ jz .L005finish
+ call .L006PIC_point
+.L006PIC_point:
+ popl %edx
+ leal .L007cbc_enc_jmp_table-.L006PIC_point(%edx),%ecx
+ movl (%ecx,%ebp,4), %ebp
+ addl %edx, %ebp
+ xorl %ecx, %ecx
+ xorl %edx, %edx
+ jmp *%ebp
+.L008ej7:
+ xorl %edx, %edx
+ movb 6(%esi), %dh
+ sall $8, %edx
+.L009ej6:
+ movb 5(%esi), %dh
+.L010ej5:
+ movb 4(%esi), %dl
+.L011ej4:
+ movl (%esi), %ecx
+ jmp .L012ejend
+.L013ej3:
+ movb 2(%esi), %ch
+ xorl %ecx, %ecx
+ sall $8, %ecx
+.L014ej2:
+ movb 1(%esi), %ch
+.L015ej1:
+ movb (%esi), %cl
+.L012ejend:
+ xorl %ecx, %eax
+ xorl %edx, %ebx
+.byte 15
+.byte 200
+.byte 15
+.byte 203
+ movl %eax, 8(%esp)
+ movl %ebx, 12(%esp)
+ call CAST_encrypt
+ movl 8(%esp), %eax
+ movl 12(%esp), %ebx
+.byte 15
+.byte 200
+.byte 15
+.byte 203
+ movl %eax, (%edi)
+ movl %ebx, 4(%edi)
+ jmp .L005finish
+.align 16
+.L002decrypt:
+ andl $4294967288, %ebp
+ movl 16(%esp), %eax
+ movl 20(%esp), %ebx
+ jz .L016decrypt_finish
+.L017decrypt_loop:
+ movl (%esi), %eax
+ movl 4(%esi), %ebx
+.byte 15
+.byte 200
+.byte 15
+.byte 203
+ movl %eax, 8(%esp)
+ movl %ebx, 12(%esp)
+ call CAST_decrypt
+ movl 8(%esp), %eax
+ movl 12(%esp), %ebx
+.byte 15
+.byte 200
+.byte 15
+.byte 203
+ movl 16(%esp), %ecx
+ movl 20(%esp), %edx
+ xorl %eax, %ecx
+ xorl %ebx, %edx
+ movl (%esi), %eax
+ movl 4(%esi), %ebx
+ movl %ecx, (%edi)
+ movl %edx, 4(%edi)
+ movl %eax, 16(%esp)
+ movl %ebx, 20(%esp)
+ addl $8, %esi
+ addl $8, %edi
+ subl $8, %ebp
+ jnz .L017decrypt_loop
+.L016decrypt_finish:
+ movl 52(%esp), %ebp
+ andl $7, %ebp
+ jz .L005finish
+ movl (%esi), %eax
+ movl 4(%esi), %ebx
+.byte 15
+.byte 200
+.byte 15
+.byte 203
+ movl %eax, 8(%esp)
+ movl %ebx, 12(%esp)
+ call CAST_decrypt
+ movl 8(%esp), %eax
+ movl 12(%esp), %ebx
+.byte 15
+.byte 200
+.byte 15
+.byte 203
+ movl 16(%esp), %ecx
+ movl 20(%esp), %edx
+ xorl %eax, %ecx
+ xorl %ebx, %edx
+ movl (%esi), %eax
+ movl 4(%esi), %ebx
+.L018dj7:
+ rorl $16, %edx
+ movb %dl, 6(%edi)
+ shrl $16, %edx
+.L019dj6:
+ movb %dh, 5(%edi)
+.L020dj5:
+ movb %dl, 4(%edi)
+.L021dj4:
+ movl %ecx, (%edi)
+ jmp .L022djend
+.L023dj3:
+ rorl $16, %ecx
+ movb %cl, 2(%edi)
+ sall $16, %ecx
+.L024dj2:
+ movb %ch, 1(%esi)
+.L025dj1:
+ movb %cl, (%esi)
+.L022djend:
+ jmp .L005finish
+.align 16
+.L005finish:
+ movl 60(%esp), %ecx
+ addl $24, %esp
+ movl %eax, (%ecx)
+ movl %ebx, 4(%ecx)
+ popl %edi
+ popl %esi
+ popl %ebx
+ popl %ebp
+ ret
+.align 16
+.L007cbc_enc_jmp_table:
+ .long 0
+ .long .L015ej1-.L006PIC_point
+ .long .L014ej2-.L006PIC_point
+ .long .L013ej3-.L006PIC_point
+ .long .L011ej4-.L006PIC_point
+ .long .L010ej5-.L006PIC_point
+ .long .L009ej6-.L006PIC_point
+ .long .L008ej7-.L006PIC_point
+.L_CAST_cbc_encrypt_end:
+ .size CAST_cbc_encrypt,.L_CAST_cbc_encrypt_end-CAST_cbc_encrypt
+.ident "desasm.pl"
diff --git a/secure/lib/libcrypto/i386/co-586.s b/secure/lib/libcrypto/i386/co-586.s
new file mode 100644
index 0000000..4e554b0
--- /dev/null
+++ b/secure/lib/libcrypto/i386/co-586.s
@@ -0,0 +1,1270 @@
+ # $FreeBSD$
+
+
+
+
+
+
+ .file "/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/bn/asm/co-586.s"
+ .version "01.01"
+gcc2_compiled.:
+.text
+ .align 16
+.globl bn_mul_comba8
+ .type bn_mul_comba8,@function
+bn_mul_comba8:
+ pushl %esi
+ movl 12(%esp), %esi
+ pushl %edi
+ movl 20(%esp), %edi
+ pushl %ebp
+ pushl %ebx
+ xorl %ebx, %ebx
+ movl (%esi), %eax
+ xorl %ecx, %ecx
+ movl (%edi), %edx
+
+ xorl %ebp, %ebp
+
+ mull %edx
+ addl %eax, %ebx
+ movl 20(%esp), %eax
+ adcl %edx, %ecx
+ movl (%edi), %edx
+ adcl $0, %ebp
+ movl %ebx, (%eax)
+ movl 4(%esi), %eax
+
+
+ xorl %ebx, %ebx
+
+ mull %edx
+ addl %eax, %ecx
+ movl (%esi), %eax
+ adcl %edx, %ebp
+ movl 4(%edi), %edx
+ adcl $0, %ebx
+
+ mull %edx
+ addl %eax, %ecx
+ movl 20(%esp), %eax
+ adcl %edx, %ebp
+ movl (%edi), %edx
+ adcl $0, %ebx
+ movl %ecx, 4(%eax)
+ movl 8(%esi), %eax
+
+
+ xorl %ecx, %ecx
+
+ mull %edx
+ addl %eax, %ebp
+ movl 4(%esi), %eax
+ adcl %edx, %ebx
+ movl 4(%edi), %edx
+ adcl $0, %ecx
+
+ mull %edx
+ addl %eax, %ebp
+ movl (%esi), %eax
+ adcl %edx, %ebx
+ movl 8(%edi), %edx
+ adcl $0, %ecx
+
+ mull %edx
+ addl %eax, %ebp
+ movl 20(%esp), %eax
+ adcl %edx, %ebx
+ movl (%edi), %edx
+ adcl $0, %ecx
+ movl %ebp, 8(%eax)
+ movl 12(%esi), %eax
+
+
+ xorl %ebp, %ebp
+
+ mull %edx
+ addl %eax, %ebx
+ movl 8(%esi), %eax
+ adcl %edx, %ecx
+ movl 4(%edi), %edx
+ adcl $0, %ebp
+
+ mull %edx
+ addl %eax, %ebx
+ movl 4(%esi), %eax
+ adcl %edx, %ecx
+ movl 8(%edi), %edx
+ adcl $0, %ebp
+
+ mull %edx
+ addl %eax, %ebx
+ movl (%esi), %eax
+ adcl %edx, %ecx
+ movl 12(%edi), %edx
+ adcl $0, %ebp
+
+ mull %edx
+ addl %eax, %ebx
+ movl 20(%esp), %eax
+ adcl %edx, %ecx
+ movl (%edi), %edx
+ adcl $0, %ebp
+ movl %ebx, 12(%eax)
+ movl 16(%esi), %eax
+
+
+ xorl %ebx, %ebx
+
+ mull %edx
+ addl %eax, %ecx
+ movl 12(%esi), %eax
+ adcl %edx, %ebp
+ movl 4(%edi), %edx
+ adcl $0, %ebx
+
+ mull %edx
+ addl %eax, %ecx
+ movl 8(%esi), %eax
+ adcl %edx, %ebp
+ movl 8(%edi), %edx
+ adcl $0, %ebx
+
+ mull %edx
+ addl %eax, %ecx
+ movl 4(%esi), %eax
+ adcl %edx, %ebp
+ movl 12(%edi), %edx
+ adcl $0, %ebx
+
+ mull %edx
+ addl %eax, %ecx
+ movl (%esi), %eax
+ adcl %edx, %ebp
+ movl 16(%edi), %edx
+ adcl $0, %ebx
+
+ mull %edx
+ addl %eax, %ecx
+ movl 20(%esp), %eax
+ adcl %edx, %ebp
+ movl (%edi), %edx
+ adcl $0, %ebx
+ movl %ecx, 16(%eax)
+ movl 20(%esi), %eax
+
+
+ xorl %ecx, %ecx
+
+ mull %edx
+ addl %eax, %ebp
+ movl 16(%esi), %eax
+ adcl %edx, %ebx
+ movl 4(%edi), %edx
+ adcl $0, %ecx
+
+ mull %edx
+ addl %eax, %ebp
+ movl 12(%esi), %eax
+ adcl %edx, %ebx
+ movl 8(%edi), %edx
+ adcl $0, %ecx
+
+ mull %edx
+ addl %eax, %ebp
+ movl 8(%esi), %eax
+ adcl %edx, %ebx
+ movl 12(%edi), %edx
+ adcl $0, %ecx
+
+ mull %edx
+ addl %eax, %ebp
+ movl 4(%esi), %eax
+ adcl %edx, %ebx
+ movl 16(%edi), %edx
+ adcl $0, %ecx
+
+ mull %edx
+ addl %eax, %ebp
+ movl (%esi), %eax
+ adcl %edx, %ebx
+ movl 20(%edi), %edx
+ adcl $0, %ecx
+
+ mull %edx
+ addl %eax, %ebp
+ movl 20(%esp), %eax
+ adcl %edx, %ebx
+ movl (%edi), %edx
+ adcl $0, %ecx
+ movl %ebp, 20(%eax)
+ movl 24(%esi), %eax
+
+
+ xorl %ebp, %ebp
+
+ mull %edx
+ addl %eax, %ebx
+ movl 20(%esi), %eax
+ adcl %edx, %ecx
+ movl 4(%edi), %edx
+ adcl $0, %ebp
+
+ mull %edx
+ addl %eax, %ebx
+ movl 16(%esi), %eax
+ adcl %edx, %ecx
+ movl 8(%edi), %edx
+ adcl $0, %ebp
+
+ mull %edx
+ addl %eax, %ebx
+ movl 12(%esi), %eax
+ adcl %edx, %ecx
+ movl 12(%edi), %edx
+ adcl $0, %ebp
+
+ mull %edx
+ addl %eax, %ebx
+ movl 8(%esi), %eax
+ adcl %edx, %ecx
+ movl 16(%edi), %edx
+ adcl $0, %ebp
+
+ mull %edx
+ addl %eax, %ebx
+ movl 4(%esi), %eax
+ adcl %edx, %ecx
+ movl 20(%edi), %edx
+ adcl $0, %ebp
+
+ mull %edx
+ addl %eax, %ebx
+ movl (%esi), %eax
+ adcl %edx, %ecx
+ movl 24(%edi), %edx
+ adcl $0, %ebp
+
+ mull %edx
+ addl %eax, %ebx
+ movl 20(%esp), %eax
+ adcl %edx, %ecx
+ movl (%edi), %edx
+ adcl $0, %ebp
+ movl %ebx, 24(%eax)
+ movl 28(%esi), %eax
+
+
+ xorl %ebx, %ebx
+
+ mull %edx
+ addl %eax, %ecx
+ movl 24(%esi), %eax
+ adcl %edx, %ebp
+ movl 4(%edi), %edx
+ adcl $0, %ebx
+
+ mull %edx
+ addl %eax, %ecx
+ movl 20(%esi), %eax
+ adcl %edx, %ebp
+ movl 8(%edi), %edx
+ adcl $0, %ebx
+
+ mull %edx
+ addl %eax, %ecx
+ movl 16(%esi), %eax
+ adcl %edx, %ebp
+ movl 12(%edi), %edx
+ adcl $0, %ebx
+
+ mull %edx
+ addl %eax, %ecx
+ movl 12(%esi), %eax
+ adcl %edx, %ebp
+ movl 16(%edi), %edx
+ adcl $0, %ebx
+
+ mull %edx
+ addl %eax, %ecx
+ movl 8(%esi), %eax
+ adcl %edx, %ebp
+ movl 20(%edi), %edx
+ adcl $0, %ebx
+
+ mull %edx
+ addl %eax, %ecx
+ movl 4(%esi), %eax
+ adcl %edx, %ebp
+ movl 24(%edi), %edx
+ adcl $0, %ebx
+
+ mull %edx
+ addl %eax, %ecx
+ movl (%esi), %eax
+ adcl %edx, %ebp
+ movl 28(%edi), %edx
+ adcl $0, %ebx
+
+ mull %edx
+ addl %eax, %ecx
+ movl 20(%esp), %eax
+ adcl %edx, %ebp
+ movl 4(%edi), %edx
+ adcl $0, %ebx
+ movl %ecx, 28(%eax)
+ movl 28(%esi), %eax
+
+
+ xorl %ecx, %ecx
+
+ mull %edx
+ addl %eax, %ebp
+ movl 24(%esi), %eax
+ adcl %edx, %ebx
+ movl 8(%edi), %edx
+ adcl $0, %ecx
+
+ mull %edx
+ addl %eax, %ebp
+ movl 20(%esi), %eax
+ adcl %edx, %ebx
+ movl 12(%edi), %edx
+ adcl $0, %ecx
+
+ mull %edx
+ addl %eax, %ebp
+ movl 16(%esi), %eax
+ adcl %edx, %ebx
+ movl 16(%edi), %edx
+ adcl $0, %ecx
+
+ mull %edx
+ addl %eax, %ebp
+ movl 12(%esi), %eax
+ adcl %edx, %ebx
+ movl 20(%edi), %edx
+ adcl $0, %ecx
+
+ mull %edx
+ addl %eax, %ebp
+ movl 8(%esi), %eax
+ adcl %edx, %ebx
+ movl 24(%edi), %edx
+ adcl $0, %ecx
+
+ mull %edx
+ addl %eax, %ebp
+ movl 4(%esi), %eax
+ adcl %edx, %ebx
+ movl 28(%edi), %edx
+ adcl $0, %ecx
+
+ mull %edx
+ addl %eax, %ebp
+ movl 20(%esp), %eax
+ adcl %edx, %ebx
+ movl 8(%edi), %edx
+ adcl $0, %ecx
+ movl %ebp, 32(%eax)
+ movl 28(%esi), %eax
+
+
+ xorl %ebp, %ebp
+
+ mull %edx
+ addl %eax, %ebx
+ movl 24(%esi), %eax
+ adcl %edx, %ecx
+ movl 12(%edi), %edx
+ adcl $0, %ebp
+
+ mull %edx
+ addl %eax, %ebx
+ movl 20(%esi), %eax
+ adcl %edx, %ecx
+ movl 16(%edi), %edx
+ adcl $0, %ebp
+
+ mull %edx
+ addl %eax, %ebx
+ movl 16(%esi), %eax
+ adcl %edx, %ecx
+ movl 20(%edi), %edx
+ adcl $0, %ebp
+
+ mull %edx
+ addl %eax, %ebx
+ movl 12(%esi), %eax
+ adcl %edx, %ecx
+ movl 24(%edi), %edx
+ adcl $0, %ebp
+
+ mull %edx
+ addl %eax, %ebx
+ movl 8(%esi), %eax
+ adcl %edx, %ecx
+ movl 28(%edi), %edx
+ adcl $0, %ebp
+
+ mull %edx
+ addl %eax, %ebx
+ movl 20(%esp), %eax
+ adcl %edx, %ecx
+ movl 12(%edi), %edx
+ adcl $0, %ebp
+ movl %ebx, 36(%eax)
+ movl 28(%esi), %eax
+
+
+ xorl %ebx, %ebx
+
+ mull %edx
+ addl %eax, %ecx
+ movl 24(%esi), %eax
+ adcl %edx, %ebp
+ movl 16(%edi), %edx
+ adcl $0, %ebx
+
+ mull %edx
+ addl %eax, %ecx
+ movl 20(%esi), %eax
+ adcl %edx, %ebp
+ movl 20(%edi), %edx
+ adcl $0, %ebx
+
+ mull %edx
+ addl %eax, %ecx
+ movl 16(%esi), %eax
+ adcl %edx, %ebp
+ movl 24(%edi), %edx
+ adcl $0, %ebx
+
+ mull %edx
+ addl %eax, %ecx
+ movl 12(%esi), %eax
+ adcl %edx, %ebp
+ movl 28(%edi), %edx
+ adcl $0, %ebx
+
+ mull %edx
+ addl %eax, %ecx
+ movl 20(%esp), %eax
+ adcl %edx, %ebp
+ movl 16(%edi), %edx
+ adcl $0, %ebx
+ movl %ecx, 40(%eax)
+ movl 28(%esi), %eax
+
+
+ xorl %ecx, %ecx
+
+ mull %edx
+ addl %eax, %ebp
+ movl 24(%esi), %eax
+ adcl %edx, %ebx
+ movl 20(%edi), %edx
+ adcl $0, %ecx
+
+ mull %edx
+ addl %eax, %ebp
+ movl 20(%esi), %eax
+ adcl %edx, %ebx
+ movl 24(%edi), %edx
+ adcl $0, %ecx
+
+ mull %edx
+ addl %eax, %ebp
+ movl 16(%esi), %eax
+ adcl %edx, %ebx
+ movl 28(%edi), %edx
+ adcl $0, %ecx
+
+ mull %edx
+ addl %eax, %ebp
+ movl 20(%esp), %eax
+ adcl %edx, %ebx
+ movl 20(%edi), %edx
+ adcl $0, %ecx
+ movl %ebp, 44(%eax)
+ movl 28(%esi), %eax
+
+
+ xorl %ebp, %ebp
+
+ mull %edx
+ addl %eax, %ebx
+ movl 24(%esi), %eax
+ adcl %edx, %ecx
+ movl 24(%edi), %edx
+ adcl $0, %ebp
+
+ mull %edx
+ addl %eax, %ebx
+ movl 20(%esi), %eax
+ adcl %edx, %ecx
+ movl 28(%edi), %edx
+ adcl $0, %ebp
+
+ mull %edx
+ addl %eax, %ebx
+ movl 20(%esp), %eax
+ adcl %edx, %ecx
+ movl 24(%edi), %edx
+ adcl $0, %ebp
+ movl %ebx, 48(%eax)
+ movl 28(%esi), %eax
+
+
+ xorl %ebx, %ebx
+
+ mull %edx
+ addl %eax, %ecx
+ movl 24(%esi), %eax
+ adcl %edx, %ebp
+ movl 28(%edi), %edx
+ adcl $0, %ebx
+
+ mull %edx
+ addl %eax, %ecx
+ movl 20(%esp), %eax
+ adcl %edx, %ebp
+ movl 28(%edi), %edx
+ adcl $0, %ebx
+ movl %ecx, 52(%eax)
+ movl 28(%esi), %eax
+
+
+ xorl %ecx, %ecx
+
+ mull %edx
+ addl %eax, %ebp
+ movl 20(%esp), %eax
+ adcl %edx, %ebx
+ adcl $0, %ecx
+ movl %ebp, 56(%eax)
+
+
+ movl %ebx, 60(%eax)
+ popl %ebx
+ popl %ebp
+ popl %edi
+ popl %esi
+ ret
+.L_bn_mul_comba8_end:
+ .size bn_mul_comba8,.L_bn_mul_comba8_end-bn_mul_comba8
+.ident "desasm.pl"
+.text
+ .align 16
+.globl bn_mul_comba4
+ .type bn_mul_comba4,@function
+bn_mul_comba4:
+ pushl %esi
+ movl 12(%esp), %esi
+ pushl %edi
+ movl 20(%esp), %edi
+ pushl %ebp
+ pushl %ebx
+ xorl %ebx, %ebx
+ movl (%esi), %eax
+ xorl %ecx, %ecx
+ movl (%edi), %edx
+
+ xorl %ebp, %ebp
+
+ mull %edx
+ addl %eax, %ebx
+ movl 20(%esp), %eax
+ adcl %edx, %ecx
+ movl (%edi), %edx
+ adcl $0, %ebp
+ movl %ebx, (%eax)
+ movl 4(%esi), %eax
+
+
+ xorl %ebx, %ebx
+
+ mull %edx
+ addl %eax, %ecx
+ movl (%esi), %eax
+ adcl %edx, %ebp
+ movl 4(%edi), %edx
+ adcl $0, %ebx
+
+ mull %edx
+ addl %eax, %ecx
+ movl 20(%esp), %eax
+ adcl %edx, %ebp
+ movl (%edi), %edx
+ adcl $0, %ebx
+ movl %ecx, 4(%eax)
+ movl 8(%esi), %eax
+
+
+ xorl %ecx, %ecx
+
+ mull %edx
+ addl %eax, %ebp
+ movl 4(%esi), %eax
+ adcl %edx, %ebx
+ movl 4(%edi), %edx
+ adcl $0, %ecx
+
+ mull %edx
+ addl %eax, %ebp
+ movl (%esi), %eax
+ adcl %edx, %ebx
+ movl 8(%edi), %edx
+ adcl $0, %ecx
+
+ mull %edx
+ addl %eax, %ebp
+ movl 20(%esp), %eax
+ adcl %edx, %ebx
+ movl (%edi), %edx
+ adcl $0, %ecx
+ movl %ebp, 8(%eax)
+ movl 12(%esi), %eax
+
+
+ xorl %ebp, %ebp
+
+ mull %edx
+ addl %eax, %ebx
+ movl 8(%esi), %eax
+ adcl %edx, %ecx
+ movl 4(%edi), %edx
+ adcl $0, %ebp
+
+ mull %edx
+ addl %eax, %ebx
+ movl 4(%esi), %eax
+ adcl %edx, %ecx
+ movl 8(%edi), %edx
+ adcl $0, %ebp
+
+ mull %edx
+ addl %eax, %ebx
+ movl (%esi), %eax
+ adcl %edx, %ecx
+ movl 12(%edi), %edx
+ adcl $0, %ebp
+
+ mull %edx
+ addl %eax, %ebx
+ movl 20(%esp), %eax
+ adcl %edx, %ecx
+ movl 4(%edi), %edx
+ adcl $0, %ebp
+ movl %ebx, 12(%eax)
+ movl 12(%esi), %eax
+
+
+ xorl %ebx, %ebx
+
+ mull %edx
+ addl %eax, %ecx
+ movl 8(%esi), %eax
+ adcl %edx, %ebp
+ movl 8(%edi), %edx
+ adcl $0, %ebx
+
+ mull %edx
+ addl %eax, %ecx
+ movl 4(%esi), %eax
+ adcl %edx, %ebp
+ movl 12(%edi), %edx
+ adcl $0, %ebx
+
+ mull %edx
+ addl %eax, %ecx
+ movl 20(%esp), %eax
+ adcl %edx, %ebp
+ movl 8(%edi), %edx
+ adcl $0, %ebx
+ movl %ecx, 16(%eax)
+ movl 12(%esi), %eax
+
+
+ xorl %ecx, %ecx
+
+ mull %edx
+ addl %eax, %ebp
+ movl 8(%esi), %eax
+ adcl %edx, %ebx
+ movl 12(%edi), %edx
+ adcl $0, %ecx
+
+ mull %edx
+ addl %eax, %ebp
+ movl 20(%esp), %eax
+ adcl %edx, %ebx
+ movl 12(%edi), %edx
+ adcl $0, %ecx
+ movl %ebp, 20(%eax)
+ movl 12(%esi), %eax
+
+
+ xorl %ebp, %ebp
+
+ mull %edx
+ addl %eax, %ebx
+ movl 20(%esp), %eax
+ adcl %edx, %ecx
+ adcl $0, %ebp
+ movl %ebx, 24(%eax)
+
+
+ movl %ecx, 28(%eax)
+ popl %ebx
+ popl %ebp
+ popl %edi
+ popl %esi
+ ret
+.L_bn_mul_comba4_end:
+ .size bn_mul_comba4,.L_bn_mul_comba4_end-bn_mul_comba4
+.ident "desasm.pl"
+.text
+ .align 16
+.globl bn_sqr_comba8
+ .type bn_sqr_comba8,@function
+bn_sqr_comba8:
+ pushl %esi
+ pushl %edi
+ pushl %ebp
+ pushl %ebx
+ movl 20(%esp), %edi
+ movl 24(%esp), %esi
+ xorl %ebx, %ebx
+ xorl %ecx, %ecx
+ movl (%esi), %eax
+
+ xorl %ebp, %ebp
+
+ mull %eax
+ addl %eax, %ebx
+ adcl %edx, %ecx
+ movl (%esi), %edx
+ adcl $0, %ebp
+ movl %ebx, (%edi)
+ movl 4(%esi), %eax
+
+
+ xorl %ebx, %ebx
+
+ mull %edx
+ addl %eax, %eax
+ adcl %edx, %edx
+ adcl $0, %ebx
+ addl %eax, %ecx
+ adcl %edx, %ebp
+ movl 8(%esi), %eax
+ adcl $0, %ebx
+ movl %ecx, 4(%edi)
+ movl (%esi), %edx
+
+
+ xorl %ecx, %ecx
+
+ mull %edx
+ addl %eax, %eax
+ adcl %edx, %edx
+ adcl $0, %ecx
+ addl %eax, %ebp
+ adcl %edx, %ebx
+ movl 4(%esi), %eax
+ adcl $0, %ecx
+
+ mull %eax
+ addl %eax, %ebp
+ adcl %edx, %ebx
+ movl (%esi), %edx
+ adcl $0, %ecx
+ movl %ebp, 8(%edi)
+ movl 12(%esi), %eax
+
+
+ xorl %ebp, %ebp
+
+ mull %edx
+ addl %eax, %eax
+ adcl %edx, %edx
+ adcl $0, %ebp
+ addl %eax, %ebx
+ adcl %edx, %ecx
+ movl 8(%esi), %eax
+ adcl $0, %ebp
+ movl 4(%esi), %edx
+
+ mull %edx
+ addl %eax, %eax
+ adcl %edx, %edx
+ adcl $0, %ebp
+ addl %eax, %ebx
+ adcl %edx, %ecx
+ movl 16(%esi), %eax
+ adcl $0, %ebp
+ movl %ebx, 12(%edi)
+ movl (%esi), %edx
+
+
+ xorl %ebx, %ebx
+
+ mull %edx
+ addl %eax, %eax
+ adcl %edx, %edx
+ adcl $0, %ebx
+ addl %eax, %ecx
+ adcl %edx, %ebp
+ movl 12(%esi), %eax
+ adcl $0, %ebx
+ movl 4(%esi), %edx
+
+ mull %edx
+ addl %eax, %eax
+ adcl %edx, %edx
+ adcl $0, %ebx
+ addl %eax, %ecx
+ adcl %edx, %ebp
+ movl 8(%esi), %eax
+ adcl $0, %ebx
+
+ mull %eax
+ addl %eax, %ecx
+ adcl %edx, %ebp
+ movl (%esi), %edx
+ adcl $0, %ebx
+ movl %ecx, 16(%edi)
+ movl 20(%esi), %eax
+
+
+ xorl %ecx, %ecx
+
+ mull %edx
+ addl %eax, %eax
+ adcl %edx, %edx
+ adcl $0, %ecx
+ addl %eax, %ebp
+ adcl %edx, %ebx
+ movl 16(%esi), %eax
+ adcl $0, %ecx
+ movl 4(%esi), %edx
+
+ mull %edx
+ addl %eax, %eax
+ adcl %edx, %edx
+ adcl $0, %ecx
+ addl %eax, %ebp
+ adcl %edx, %ebx
+ movl 12(%esi), %eax
+ adcl $0, %ecx
+ movl 8(%esi), %edx
+
+ mull %edx
+ addl %eax, %eax
+ adcl %edx, %edx
+ adcl $0, %ecx
+ addl %eax, %ebp
+ adcl %edx, %ebx
+ movl 24(%esi), %eax
+ adcl $0, %ecx
+ movl %ebp, 20(%edi)
+ movl (%esi), %edx
+
+
+ xorl %ebp, %ebp
+
+ mull %edx
+ addl %eax, %eax
+ adcl %edx, %edx
+ adcl $0, %ebp
+ addl %eax, %ebx
+ adcl %edx, %ecx
+ movl 20(%esi), %eax
+ adcl $0, %ebp
+ movl 4(%esi), %edx
+
+ mull %edx
+ addl %eax, %eax
+ adcl %edx, %edx
+ adcl $0, %ebp
+ addl %eax, %ebx
+ adcl %edx, %ecx
+ movl 16(%esi), %eax
+ adcl $0, %ebp
+ movl 8(%esi), %edx
+
+ mull %edx
+ addl %eax, %eax
+ adcl %edx, %edx
+ adcl $0, %ebp
+ addl %eax, %ebx
+ adcl %edx, %ecx
+ movl 12(%esi), %eax
+ adcl $0, %ebp
+
+ mull %eax
+ addl %eax, %ebx
+ adcl %edx, %ecx
+ movl (%esi), %edx
+ adcl $0, %ebp
+ movl %ebx, 24(%edi)
+ movl 28(%esi), %eax
+
+
+ xorl %ebx, %ebx
+
+ mull %edx
+ addl %eax, %eax
+ adcl %edx, %edx
+ adcl $0, %ebx
+ addl %eax, %ecx
+ adcl %edx, %ebp
+ movl 24(%esi), %eax
+ adcl $0, %ebx
+ movl 4(%esi), %edx
+
+ mull %edx
+ addl %eax, %eax
+ adcl %edx, %edx
+ adcl $0, %ebx
+ addl %eax, %ecx
+ adcl %edx, %ebp
+ movl 20(%esi), %eax
+ adcl $0, %ebx
+ movl 8(%esi), %edx
+
+ mull %edx
+ addl %eax, %eax
+ adcl %edx, %edx
+ adcl $0, %ebx
+ addl %eax, %ecx
+ adcl %edx, %ebp
+ movl 16(%esi), %eax
+ adcl $0, %ebx
+ movl 12(%esi), %edx
+
+ mull %edx
+ addl %eax, %eax
+ adcl %edx, %edx
+ adcl $0, %ebx
+ addl %eax, %ecx
+ adcl %edx, %ebp
+ movl 28(%esi), %eax
+ adcl $0, %ebx
+ movl %ecx, 28(%edi)
+ movl 4(%esi), %edx
+
+
+ xorl %ecx, %ecx
+
+ mull %edx
+ addl %eax, %eax
+ adcl %edx, %edx
+ adcl $0, %ecx
+ addl %eax, %ebp
+ adcl %edx, %ebx
+ movl 24(%esi), %eax
+ adcl $0, %ecx
+ movl 8(%esi), %edx
+
+ mull %edx
+ addl %eax, %eax
+ adcl %edx, %edx
+ adcl $0, %ecx
+ addl %eax, %ebp
+ adcl %edx, %ebx
+ movl 20(%esi), %eax
+ adcl $0, %ecx
+ movl 12(%esi), %edx
+
+ mull %edx
+ addl %eax, %eax
+ adcl %edx, %edx
+ adcl $0, %ecx
+ addl %eax, %ebp
+ adcl %edx, %ebx
+ movl 16(%esi), %eax
+ adcl $0, %ecx
+
+ mull %eax
+ addl %eax, %ebp
+ adcl %edx, %ebx
+ movl 8(%esi), %edx
+ adcl $0, %ecx
+ movl %ebp, 32(%edi)
+ movl 28(%esi), %eax
+
+
+ xorl %ebp, %ebp
+
+ mull %edx
+ addl %eax, %eax
+ adcl %edx, %edx
+ adcl $0, %ebp
+ addl %eax, %ebx
+ adcl %edx, %ecx
+ movl 24(%esi), %eax
+ adcl $0, %ebp
+ movl 12(%esi), %edx
+
+ mull %edx
+ addl %eax, %eax
+ adcl %edx, %edx
+ adcl $0, %ebp
+ addl %eax, %ebx
+ adcl %edx, %ecx
+ movl 20(%esi), %eax
+ adcl $0, %ebp
+ movl 16(%esi), %edx
+
+ mull %edx
+ addl %eax, %eax
+ adcl %edx, %edx
+ adcl $0, %ebp
+ addl %eax, %ebx
+ adcl %edx, %ecx
+ movl 28(%esi), %eax
+ adcl $0, %ebp
+ movl %ebx, 36(%edi)
+ movl 12(%esi), %edx
+
+
+ xorl %ebx, %ebx
+
+ mull %edx
+ addl %eax, %eax
+ adcl %edx, %edx
+ adcl $0, %ebx
+ addl %eax, %ecx
+ adcl %edx, %ebp
+ movl 24(%esi), %eax
+ adcl $0, %ebx
+ movl 16(%esi), %edx
+
+ mull %edx
+ addl %eax, %eax
+ adcl %edx, %edx
+ adcl $0, %ebx
+ addl %eax, %ecx
+ adcl %edx, %ebp
+ movl 20(%esi), %eax
+ adcl $0, %ebx
+
+ mull %eax
+ addl %eax, %ecx
+ adcl %edx, %ebp
+ movl 16(%esi), %edx
+ adcl $0, %ebx
+ movl %ecx, 40(%edi)
+ movl 28(%esi), %eax
+
+
+ xorl %ecx, %ecx
+
+ mull %edx
+ addl %eax, %eax
+ adcl %edx, %edx
+ adcl $0, %ecx
+ addl %eax, %ebp
+ adcl %edx, %ebx
+ movl 24(%esi), %eax
+ adcl $0, %ecx
+ movl 20(%esi), %edx
+
+ mull %edx
+ addl %eax, %eax
+ adcl %edx, %edx
+ adcl $0, %ecx
+ addl %eax, %ebp
+ adcl %edx, %ebx
+ movl 28(%esi), %eax
+ adcl $0, %ecx
+ movl %ebp, 44(%edi)
+ movl 20(%esi), %edx
+
+
+ xorl %ebp, %ebp
+
+ mull %edx
+ addl %eax, %eax
+ adcl %edx, %edx
+ adcl $0, %ebp
+ addl %eax, %ebx
+ adcl %edx, %ecx
+ movl 24(%esi), %eax
+ adcl $0, %ebp
+
+ mull %eax
+ addl %eax, %ebx
+ adcl %edx, %ecx
+ movl 24(%esi), %edx
+ adcl $0, %ebp
+ movl %ebx, 48(%edi)
+ movl 28(%esi), %eax
+
+
+ xorl %ebx, %ebx
+
+ mull %edx
+ addl %eax, %eax
+ adcl %edx, %edx
+ adcl $0, %ebx
+ addl %eax, %ecx
+ adcl %edx, %ebp
+ movl 28(%esi), %eax
+ adcl $0, %ebx
+ movl %ecx, 52(%edi)
+
+
+ xorl %ecx, %ecx
+
+ mull %eax
+ addl %eax, %ebp
+ adcl %edx, %ebx
+ adcl $0, %ecx
+ movl %ebp, 56(%edi)
+
+ movl %ebx, 60(%edi)
+ popl %ebx
+ popl %ebp
+ popl %edi
+ popl %esi
+ ret
+.L_bn_sqr_comba8_end:
+ .size bn_sqr_comba8,.L_bn_sqr_comba8_end-bn_sqr_comba8
+.ident "desasm.pl"
+.text
+ .align 16
+.globl bn_sqr_comba4
+ .type bn_sqr_comba4,@function
+bn_sqr_comba4:
+ pushl %esi
+ pushl %edi
+ pushl %ebp
+ pushl %ebx
+ movl 20(%esp), %edi
+ movl 24(%esp), %esi
+ xorl %ebx, %ebx
+ xorl %ecx, %ecx
+ movl (%esi), %eax
+
+ xorl %ebp, %ebp
+
+ mull %eax
+ addl %eax, %ebx
+ adcl %edx, %ecx
+ movl (%esi), %edx
+ adcl $0, %ebp
+ movl %ebx, (%edi)
+ movl 4(%esi), %eax
+
+
+ xorl %ebx, %ebx
+
+ mull %edx
+ addl %eax, %eax
+ adcl %edx, %edx
+ adcl $0, %ebx
+ addl %eax, %ecx
+ adcl %edx, %ebp
+ movl 8(%esi), %eax
+ adcl $0, %ebx
+ movl %ecx, 4(%edi)
+ movl (%esi), %edx
+
+
+ xorl %ecx, %ecx
+
+ mull %edx
+ addl %eax, %eax
+ adcl %edx, %edx
+ adcl $0, %ecx
+ addl %eax, %ebp
+ adcl %edx, %ebx
+ movl 4(%esi), %eax
+ adcl $0, %ecx
+
+ mull %eax
+ addl %eax, %ebp
+ adcl %edx, %ebx
+ movl (%esi), %edx
+ adcl $0, %ecx
+ movl %ebp, 8(%edi)
+ movl 12(%esi), %eax
+
+
+ xorl %ebp, %ebp
+
+ mull %edx
+ addl %eax, %eax
+ adcl %edx, %edx
+ adcl $0, %ebp
+ addl %eax, %ebx
+ adcl %edx, %ecx
+ movl 8(%esi), %eax
+ adcl $0, %ebp
+ movl 4(%esi), %edx
+
+ mull %edx
+ addl %eax, %eax
+ adcl %edx, %edx
+ adcl $0, %ebp
+ addl %eax, %ebx
+ adcl %edx, %ecx
+ movl 12(%esi), %eax
+ adcl $0, %ebp
+ movl %ebx, 12(%edi)
+ movl 4(%esi), %edx
+
+
+ xorl %ebx, %ebx
+
+ mull %edx
+ addl %eax, %eax
+ adcl %edx, %edx
+ adcl $0, %ebx
+ addl %eax, %ecx
+ adcl %edx, %ebp
+ movl 8(%esi), %eax
+ adcl $0, %ebx
+
+ mull %eax
+ addl %eax, %ecx
+ adcl %edx, %ebp
+ movl 8(%esi), %edx
+ adcl $0, %ebx
+ movl %ecx, 16(%edi)
+ movl 12(%esi), %eax
+
+
+ xorl %ecx, %ecx
+
+ mull %edx
+ addl %eax, %eax
+ adcl %edx, %edx
+ adcl $0, %ecx
+ addl %eax, %ebp
+ adcl %edx, %ebx
+ movl 12(%esi), %eax
+ adcl $0, %ecx
+ movl %ebp, 20(%edi)
+
+
+ xorl %ebp, %ebp
+
+ mull %eax
+ addl %eax, %ebx
+ adcl %edx, %ecx
+ adcl $0, %ebp
+ movl %ebx, 24(%edi)
+
+ movl %ecx, 28(%edi)
+ popl %ebx
+ popl %ebp
+ popl %edi
+ popl %esi
+ ret
+.L_bn_sqr_comba4_end:
+ .size bn_sqr_comba4,.L_bn_sqr_comba4_end-bn_sqr_comba4
+.ident "desasm.pl"
diff --git a/secure/lib/libcrypto/i386/crypt586.s b/secure/lib/libcrypto/i386/crypt586.s
new file mode 100644
index 0000000..dc594e4
--- /dev/null
+++ b/secure/lib/libcrypto/i386/crypt586.s
@@ -0,0 +1,887 @@
+ # $FreeBSD$
+
+
+
+
+
+
+ .file "crypt586.s"
+ .version "01.01"
+gcc2_compiled.:
+.text
+ .align 16
+.globl fcrypt_body
+ .type fcrypt_body,@function
+fcrypt_body:
+ pushl %ebp
+ pushl %ebx
+ pushl %esi
+ pushl %edi
+
+
+
+ xorl %edi, %edi
+ xorl %esi, %esi
+ leal DES_SPtrans, %edx
+ pushl %edx
+ movl 28(%esp), %ebp
+ pushl $25
+.L000start:
+
+
+ movl 36(%esp), %eax
+ movl %esi, %edx
+ shrl $16, %edx
+ movl 40(%esp), %ecx
+ xorl %esi, %edx
+ andl %edx, %eax
+ andl %ecx, %edx
+ movl %eax, %ebx
+ sall $16, %ebx
+ movl %edx, %ecx
+ sall $16, %ecx
+ xorl %ebx, %eax
+ xorl %ecx, %edx
+ movl (%ebp), %ebx
+ xorl %ebx, %eax
+ movl 4(%ebp), %ecx
+ xorl %esi, %eax
+ xorl %esi, %edx
+ xorl %ecx, %edx
+ andl $0xfcfcfcfc, %eax
+ xorl %ebx, %ebx
+ andl $0xcfcfcfcf, %edx
+ xorl %ecx, %ecx
+ movb %al, %bl
+ movb %ah, %cl
+ rorl $4, %edx
+ movl 4(%esp), %ebp
+ xorl (%ebp,%ebx),%edi
+ movb %dl, %bl
+ xorl 0x200(%ebp,%ecx),%edi
+ movb %dh, %cl
+ shrl $16, %eax
+ xorl 0x100(%ebp,%ebx),%edi
+ movb %ah, %bl
+ shrl $16, %edx
+ xorl 0x300(%ebp,%ecx),%edi
+ movb %dh, %cl
+ andl $0xff, %eax
+ andl $0xff, %edx
+ movl 0x600(%ebp,%ebx),%ebx
+ xorl %ebx, %edi
+ movl 0x700(%ebp,%ecx),%ebx
+ xorl %ebx, %edi
+ movl 0x400(%ebp,%eax),%ebx
+ xorl %ebx, %edi
+ movl 0x500(%ebp,%edx),%ebx
+ xorl %ebx, %edi
+ movl 32(%esp), %ebp
+
+
+ movl 36(%esp), %eax
+ movl %edi, %edx
+ shrl $16, %edx
+ movl 40(%esp), %ecx
+ xorl %edi, %edx
+ andl %edx, %eax
+ andl %ecx, %edx
+ movl %eax, %ebx
+ sall $16, %ebx
+ movl %edx, %ecx
+ sall $16, %ecx
+ xorl %ebx, %eax
+ xorl %ecx, %edx
+ movl 8(%ebp), %ebx
+ xorl %ebx, %eax
+ movl 12(%ebp), %ecx
+ xorl %edi, %eax
+ xorl %edi, %edx
+ xorl %ecx, %edx
+ andl $0xfcfcfcfc, %eax
+ xorl %ebx, %ebx
+ andl $0xcfcfcfcf, %edx
+ xorl %ecx, %ecx
+ movb %al, %bl
+ movb %ah, %cl
+ rorl $4, %edx
+ movl 4(%esp), %ebp
+ xorl (%ebp,%ebx),%esi
+ movb %dl, %bl
+ xorl 0x200(%ebp,%ecx),%esi
+ movb %dh, %cl
+ shrl $16, %eax
+ xorl 0x100(%ebp,%ebx),%esi
+ movb %ah, %bl
+ shrl $16, %edx
+ xorl 0x300(%ebp,%ecx),%esi
+ movb %dh, %cl
+ andl $0xff, %eax
+ andl $0xff, %edx
+ movl 0x600(%ebp,%ebx),%ebx
+ xorl %ebx, %esi
+ movl 0x700(%ebp,%ecx),%ebx
+ xorl %ebx, %esi
+ movl 0x400(%ebp,%eax),%ebx
+ xorl %ebx, %esi
+ movl 0x500(%ebp,%edx),%ebx
+ xorl %ebx, %esi
+ movl 32(%esp), %ebp
+
+
+ movl 36(%esp), %eax
+ movl %esi, %edx
+ shrl $16, %edx
+ movl 40(%esp), %ecx
+ xorl %esi, %edx
+ andl %edx, %eax
+ andl %ecx, %edx
+ movl %eax, %ebx
+ sall $16, %ebx
+ movl %edx, %ecx
+ sall $16, %ecx
+ xorl %ebx, %eax
+ xorl %ecx, %edx
+ movl 16(%ebp), %ebx
+ xorl %ebx, %eax
+ movl 20(%ebp), %ecx
+ xorl %esi, %eax
+ xorl %esi, %edx
+ xorl %ecx, %edx
+ andl $0xfcfcfcfc, %eax
+ xorl %ebx, %ebx
+ andl $0xcfcfcfcf, %edx
+ xorl %ecx, %ecx
+ movb %al, %bl
+ movb %ah, %cl
+ rorl $4, %edx
+ movl 4(%esp), %ebp
+ xorl (%ebp,%ebx),%edi
+ movb %dl, %bl
+ xorl 0x200(%ebp,%ecx),%edi
+ movb %dh, %cl
+ shrl $16, %eax
+ xorl 0x100(%ebp,%ebx),%edi
+ movb %ah, %bl
+ shrl $16, %edx
+ xorl 0x300(%ebp,%ecx),%edi
+ movb %dh, %cl
+ andl $0xff, %eax
+ andl $0xff, %edx
+ movl 0x600(%ebp,%ebx),%ebx
+ xorl %ebx, %edi
+ movl 0x700(%ebp,%ecx),%ebx
+ xorl %ebx, %edi
+ movl 0x400(%ebp,%eax),%ebx
+ xorl %ebx, %edi
+ movl 0x500(%ebp,%edx),%ebx
+ xorl %ebx, %edi
+ movl 32(%esp), %ebp
+
+
+ movl 36(%esp), %eax
+ movl %edi, %edx
+ shrl $16, %edx
+ movl 40(%esp), %ecx
+ xorl %edi, %edx
+ andl %edx, %eax
+ andl %ecx, %edx
+ movl %eax, %ebx
+ sall $16, %ebx
+ movl %edx, %ecx
+ sall $16, %ecx
+ xorl %ebx, %eax
+ xorl %ecx, %edx
+ movl 24(%ebp), %ebx
+ xorl %ebx, %eax
+ movl 28(%ebp), %ecx
+ xorl %edi, %eax
+ xorl %edi, %edx
+ xorl %ecx, %edx
+ andl $0xfcfcfcfc, %eax
+ xorl %ebx, %ebx
+ andl $0xcfcfcfcf, %edx
+ xorl %ecx, %ecx
+ movb %al, %bl
+ movb %ah, %cl
+ rorl $4, %edx
+ movl 4(%esp), %ebp
+ xorl (%ebp,%ebx),%esi
+ movb %dl, %bl
+ xorl 0x200(%ebp,%ecx),%esi
+ movb %dh, %cl
+ shrl $16, %eax
+ xorl 0x100(%ebp,%ebx),%esi
+ movb %ah, %bl
+ shrl $16, %edx
+ xorl 0x300(%ebp,%ecx),%esi
+ movb %dh, %cl
+ andl $0xff, %eax
+ andl $0xff, %edx
+ movl 0x600(%ebp,%ebx),%ebx
+ xorl %ebx, %esi
+ movl 0x700(%ebp,%ecx),%ebx
+ xorl %ebx, %esi
+ movl 0x400(%ebp,%eax),%ebx
+ xorl %ebx, %esi
+ movl 0x500(%ebp,%edx),%ebx
+ xorl %ebx, %esi
+ movl 32(%esp), %ebp
+
+
+ movl 36(%esp), %eax
+ movl %esi, %edx
+ shrl $16, %edx
+ movl 40(%esp), %ecx
+ xorl %esi, %edx
+ andl %edx, %eax
+ andl %ecx, %edx
+ movl %eax, %ebx
+ sall $16, %ebx
+ movl %edx, %ecx
+ sall $16, %ecx
+ xorl %ebx, %eax
+ xorl %ecx, %edx
+ movl 32(%ebp), %ebx
+ xorl %ebx, %eax
+ movl 36(%ebp), %ecx
+ xorl %esi, %eax
+ xorl %esi, %edx
+ xorl %ecx, %edx
+ andl $0xfcfcfcfc, %eax
+ xorl %ebx, %ebx
+ andl $0xcfcfcfcf, %edx
+ xorl %ecx, %ecx
+ movb %al, %bl
+ movb %ah, %cl
+ rorl $4, %edx
+ movl 4(%esp), %ebp
+ xorl (%ebp,%ebx),%edi
+ movb %dl, %bl
+ xorl 0x200(%ebp,%ecx),%edi
+ movb %dh, %cl
+ shrl $16, %eax
+ xorl 0x100(%ebp,%ebx),%edi
+ movb %ah, %bl
+ shrl $16, %edx
+ xorl 0x300(%ebp,%ecx),%edi
+ movb %dh, %cl
+ andl $0xff, %eax
+ andl $0xff, %edx
+ movl 0x600(%ebp,%ebx),%ebx
+ xorl %ebx, %edi
+ movl 0x700(%ebp,%ecx),%ebx
+ xorl %ebx, %edi
+ movl 0x400(%ebp,%eax),%ebx
+ xorl %ebx, %edi
+ movl 0x500(%ebp,%edx),%ebx
+ xorl %ebx, %edi
+ movl 32(%esp), %ebp
+
+
+ movl 36(%esp), %eax
+ movl %edi, %edx
+ shrl $16, %edx
+ movl 40(%esp), %ecx
+ xorl %edi, %edx
+ andl %edx, %eax
+ andl %ecx, %edx
+ movl %eax, %ebx
+ sall $16, %ebx
+ movl %edx, %ecx
+ sall $16, %ecx
+ xorl %ebx, %eax
+ xorl %ecx, %edx
+ movl 40(%ebp), %ebx
+ xorl %ebx, %eax
+ movl 44(%ebp), %ecx
+ xorl %edi, %eax
+ xorl %edi, %edx
+ xorl %ecx, %edx
+ andl $0xfcfcfcfc, %eax
+ xorl %ebx, %ebx
+ andl $0xcfcfcfcf, %edx
+ xorl %ecx, %ecx
+ movb %al, %bl
+ movb %ah, %cl
+ rorl $4, %edx
+ movl 4(%esp), %ebp
+ xorl (%ebp,%ebx),%esi
+ movb %dl, %bl
+ xorl 0x200(%ebp,%ecx),%esi
+ movb %dh, %cl
+ shrl $16, %eax
+ xorl 0x100(%ebp,%ebx),%esi
+ movb %ah, %bl
+ shrl $16, %edx
+ xorl 0x300(%ebp,%ecx),%esi
+ movb %dh, %cl
+ andl $0xff, %eax
+ andl $0xff, %edx
+ movl 0x600(%ebp,%ebx),%ebx
+ xorl %ebx, %esi
+ movl 0x700(%ebp,%ecx),%ebx
+ xorl %ebx, %esi
+ movl 0x400(%ebp,%eax),%ebx
+ xorl %ebx, %esi
+ movl 0x500(%ebp,%edx),%ebx
+ xorl %ebx, %esi
+ movl 32(%esp), %ebp
+
+
+ movl 36(%esp), %eax
+ movl %esi, %edx
+ shrl $16, %edx
+ movl 40(%esp), %ecx
+ xorl %esi, %edx
+ andl %edx, %eax
+ andl %ecx, %edx
+ movl %eax, %ebx
+ sall $16, %ebx
+ movl %edx, %ecx
+ sall $16, %ecx
+ xorl %ebx, %eax
+ xorl %ecx, %edx
+ movl 48(%ebp), %ebx
+ xorl %ebx, %eax
+ movl 52(%ebp), %ecx
+ xorl %esi, %eax
+ xorl %esi, %edx
+ xorl %ecx, %edx
+ andl $0xfcfcfcfc, %eax
+ xorl %ebx, %ebx
+ andl $0xcfcfcfcf, %edx
+ xorl %ecx, %ecx
+ movb %al, %bl
+ movb %ah, %cl
+ rorl $4, %edx
+ movl 4(%esp), %ebp
+ xorl (%ebp,%ebx),%edi
+ movb %dl, %bl
+ xorl 0x200(%ebp,%ecx),%edi
+ movb %dh, %cl
+ shrl $16, %eax
+ xorl 0x100(%ebp,%ebx),%edi
+ movb %ah, %bl
+ shrl $16, %edx
+ xorl 0x300(%ebp,%ecx),%edi
+ movb %dh, %cl
+ andl $0xff, %eax
+ andl $0xff, %edx
+ movl 0x600(%ebp,%ebx),%ebx
+ xorl %ebx, %edi
+ movl 0x700(%ebp,%ecx),%ebx
+ xorl %ebx, %edi
+ movl 0x400(%ebp,%eax),%ebx
+ xorl %ebx, %edi
+ movl 0x500(%ebp,%edx),%ebx
+ xorl %ebx, %edi
+ movl 32(%esp), %ebp
+
+
+ movl 36(%esp), %eax
+ movl %edi, %edx
+ shrl $16, %edx
+ movl 40(%esp), %ecx
+ xorl %edi, %edx
+ andl %edx, %eax
+ andl %ecx, %edx
+ movl %eax, %ebx
+ sall $16, %ebx
+ movl %edx, %ecx
+ sall $16, %ecx
+ xorl %ebx, %eax
+ xorl %ecx, %edx
+ movl 56(%ebp), %ebx
+ xorl %ebx, %eax
+ movl 60(%ebp), %ecx
+ xorl %edi, %eax
+ xorl %edi, %edx
+ xorl %ecx, %edx
+ andl $0xfcfcfcfc, %eax
+ xorl %ebx, %ebx
+ andl $0xcfcfcfcf, %edx
+ xorl %ecx, %ecx
+ movb %al, %bl
+ movb %ah, %cl
+ rorl $4, %edx
+ movl 4(%esp), %ebp
+ xorl (%ebp,%ebx),%esi
+ movb %dl, %bl
+ xorl 0x200(%ebp,%ecx),%esi
+ movb %dh, %cl
+ shrl $16, %eax
+ xorl 0x100(%ebp,%ebx),%esi
+ movb %ah, %bl
+ shrl $16, %edx
+ xorl 0x300(%ebp,%ecx),%esi
+ movb %dh, %cl
+ andl $0xff, %eax
+ andl $0xff, %edx
+ movl 0x600(%ebp,%ebx),%ebx
+ xorl %ebx, %esi
+ movl 0x700(%ebp,%ecx),%ebx
+ xorl %ebx, %esi
+ movl 0x400(%ebp,%eax),%ebx
+ xorl %ebx, %esi
+ movl 0x500(%ebp,%edx),%ebx
+ xorl %ebx, %esi
+ movl 32(%esp), %ebp
+
+
+ movl 36(%esp), %eax
+ movl %esi, %edx
+ shrl $16, %edx
+ movl 40(%esp), %ecx
+ xorl %esi, %edx
+ andl %edx, %eax
+ andl %ecx, %edx
+ movl %eax, %ebx
+ sall $16, %ebx
+ movl %edx, %ecx
+ sall $16, %ecx
+ xorl %ebx, %eax
+ xorl %ecx, %edx
+ movl 64(%ebp), %ebx
+ xorl %ebx, %eax
+ movl 68(%ebp), %ecx
+ xorl %esi, %eax
+ xorl %esi, %edx
+ xorl %ecx, %edx
+ andl $0xfcfcfcfc, %eax
+ xorl %ebx, %ebx
+ andl $0xcfcfcfcf, %edx
+ xorl %ecx, %ecx
+ movb %al, %bl
+ movb %ah, %cl
+ rorl $4, %edx
+ movl 4(%esp), %ebp
+ xorl (%ebp,%ebx),%edi
+ movb %dl, %bl
+ xorl 0x200(%ebp,%ecx),%edi
+ movb %dh, %cl
+ shrl $16, %eax
+ xorl 0x100(%ebp,%ebx),%edi
+ movb %ah, %bl
+ shrl $16, %edx
+ xorl 0x300(%ebp,%ecx),%edi
+ movb %dh, %cl
+ andl $0xff, %eax
+ andl $0xff, %edx
+ movl 0x600(%ebp,%ebx),%ebx
+ xorl %ebx, %edi
+ movl 0x700(%ebp,%ecx),%ebx
+ xorl %ebx, %edi
+ movl 0x400(%ebp,%eax),%ebx
+ xorl %ebx, %edi
+ movl 0x500(%ebp,%edx),%ebx
+ xorl %ebx, %edi
+ movl 32(%esp), %ebp
+
+
+ movl 36(%esp), %eax
+ movl %edi, %edx
+ shrl $16, %edx
+ movl 40(%esp), %ecx
+ xorl %edi, %edx
+ andl %edx, %eax
+ andl %ecx, %edx
+ movl %eax, %ebx
+ sall $16, %ebx
+ movl %edx, %ecx
+ sall $16, %ecx
+ xorl %ebx, %eax
+ xorl %ecx, %edx
+ movl 72(%ebp), %ebx
+ xorl %ebx, %eax
+ movl 76(%ebp), %ecx
+ xorl %edi, %eax
+ xorl %edi, %edx
+ xorl %ecx, %edx
+ andl $0xfcfcfcfc, %eax
+ xorl %ebx, %ebx
+ andl $0xcfcfcfcf, %edx
+ xorl %ecx, %ecx
+ movb %al, %bl
+ movb %ah, %cl
+ rorl $4, %edx
+ movl 4(%esp), %ebp
+ xorl (%ebp,%ebx),%esi
+ movb %dl, %bl
+ xorl 0x200(%ebp,%ecx),%esi
+ movb %dh, %cl
+ shrl $16, %eax
+ xorl 0x100(%ebp,%ebx),%esi
+ movb %ah, %bl
+ shrl $16, %edx
+ xorl 0x300(%ebp,%ecx),%esi
+ movb %dh, %cl
+ andl $0xff, %eax
+ andl $0xff, %edx
+ movl 0x600(%ebp,%ebx),%ebx
+ xorl %ebx, %esi
+ movl 0x700(%ebp,%ecx),%ebx
+ xorl %ebx, %esi
+ movl 0x400(%ebp,%eax),%ebx
+ xorl %ebx, %esi
+ movl 0x500(%ebp,%edx),%ebx
+ xorl %ebx, %esi
+ movl 32(%esp), %ebp
+
+
+ movl 36(%esp), %eax
+ movl %esi, %edx
+ shrl $16, %edx
+ movl 40(%esp), %ecx
+ xorl %esi, %edx
+ andl %edx, %eax
+ andl %ecx, %edx
+ movl %eax, %ebx
+ sall $16, %ebx
+ movl %edx, %ecx
+ sall $16, %ecx
+ xorl %ebx, %eax
+ xorl %ecx, %edx
+ movl 80(%ebp), %ebx
+ xorl %ebx, %eax
+ movl 84(%ebp), %ecx
+ xorl %esi, %eax
+ xorl %esi, %edx
+ xorl %ecx, %edx
+ andl $0xfcfcfcfc, %eax
+ xorl %ebx, %ebx
+ andl $0xcfcfcfcf, %edx
+ xorl %ecx, %ecx
+ movb %al, %bl
+ movb %ah, %cl
+ rorl $4, %edx
+ movl 4(%esp), %ebp
+ xorl (%ebp,%ebx),%edi
+ movb %dl, %bl
+ xorl 0x200(%ebp,%ecx),%edi
+ movb %dh, %cl
+ shrl $16, %eax
+ xorl 0x100(%ebp,%ebx),%edi
+ movb %ah, %bl
+ shrl $16, %edx
+ xorl 0x300(%ebp,%ecx),%edi
+ movb %dh, %cl
+ andl $0xff, %eax
+ andl $0xff, %edx
+ movl 0x600(%ebp,%ebx),%ebx
+ xorl %ebx, %edi
+ movl 0x700(%ebp,%ecx),%ebx
+ xorl %ebx, %edi
+ movl 0x400(%ebp,%eax),%ebx
+ xorl %ebx, %edi
+ movl 0x500(%ebp,%edx),%ebx
+ xorl %ebx, %edi
+ movl 32(%esp), %ebp
+
+
+ movl 36(%esp), %eax
+ movl %edi, %edx
+ shrl $16, %edx
+ movl 40(%esp), %ecx
+ xorl %edi, %edx
+ andl %edx, %eax
+ andl %ecx, %edx
+ movl %eax, %ebx
+ sall $16, %ebx
+ movl %edx, %ecx
+ sall $16, %ecx
+ xorl %ebx, %eax
+ xorl %ecx, %edx
+ movl 88(%ebp), %ebx
+ xorl %ebx, %eax
+ movl 92(%ebp), %ecx
+ xorl %edi, %eax
+ xorl %edi, %edx
+ xorl %ecx, %edx
+ andl $0xfcfcfcfc, %eax
+ xorl %ebx, %ebx
+ andl $0xcfcfcfcf, %edx
+ xorl %ecx, %ecx
+ movb %al, %bl
+ movb %ah, %cl
+ rorl $4, %edx
+ movl 4(%esp), %ebp
+ xorl (%ebp,%ebx),%esi
+ movb %dl, %bl
+ xorl 0x200(%ebp,%ecx),%esi
+ movb %dh, %cl
+ shrl $16, %eax
+ xorl 0x100(%ebp,%ebx),%esi
+ movb %ah, %bl
+ shrl $16, %edx
+ xorl 0x300(%ebp,%ecx),%esi
+ movb %dh, %cl
+ andl $0xff, %eax
+ andl $0xff, %edx
+ movl 0x600(%ebp,%ebx),%ebx
+ xorl %ebx, %esi
+ movl 0x700(%ebp,%ecx),%ebx
+ xorl %ebx, %esi
+ movl 0x400(%ebp,%eax),%ebx
+ xorl %ebx, %esi
+ movl 0x500(%ebp,%edx),%ebx
+ xorl %ebx, %esi
+ movl 32(%esp), %ebp
+
+
+ movl 36(%esp), %eax
+ movl %esi, %edx
+ shrl $16, %edx
+ movl 40(%esp), %ecx
+ xorl %esi, %edx
+ andl %edx, %eax
+ andl %ecx, %edx
+ movl %eax, %ebx
+ sall $16, %ebx
+ movl %edx, %ecx
+ sall $16, %ecx
+ xorl %ebx, %eax
+ xorl %ecx, %edx
+ movl 96(%ebp), %ebx
+ xorl %ebx, %eax
+ movl 100(%ebp), %ecx
+ xorl %esi, %eax
+ xorl %esi, %edx
+ xorl %ecx, %edx
+ andl $0xfcfcfcfc, %eax
+ xorl %ebx, %ebx
+ andl $0xcfcfcfcf, %edx
+ xorl %ecx, %ecx
+ movb %al, %bl
+ movb %ah, %cl
+ rorl $4, %edx
+ movl 4(%esp), %ebp
+ xorl (%ebp,%ebx),%edi
+ movb %dl, %bl
+ xorl 0x200(%ebp,%ecx),%edi
+ movb %dh, %cl
+ shrl $16, %eax
+ xorl 0x100(%ebp,%ebx),%edi
+ movb %ah, %bl
+ shrl $16, %edx
+ xorl 0x300(%ebp,%ecx),%edi
+ movb %dh, %cl
+ andl $0xff, %eax
+ andl $0xff, %edx
+ movl 0x600(%ebp,%ebx),%ebx
+ xorl %ebx, %edi
+ movl 0x700(%ebp,%ecx),%ebx
+ xorl %ebx, %edi
+ movl 0x400(%ebp,%eax),%ebx
+ xorl %ebx, %edi
+ movl 0x500(%ebp,%edx),%ebx
+ xorl %ebx, %edi
+ movl 32(%esp), %ebp
+
+
+ movl 36(%esp), %eax
+ movl %edi, %edx
+ shrl $16, %edx
+ movl 40(%esp), %ecx
+ xorl %edi, %edx
+ andl %edx, %eax
+ andl %ecx, %edx
+ movl %eax, %ebx
+ sall $16, %ebx
+ movl %edx, %ecx
+ sall $16, %ecx
+ xorl %ebx, %eax
+ xorl %ecx, %edx
+ movl 104(%ebp), %ebx
+ xorl %ebx, %eax
+ movl 108(%ebp), %ecx
+ xorl %edi, %eax
+ xorl %edi, %edx
+ xorl %ecx, %edx
+ andl $0xfcfcfcfc, %eax
+ xorl %ebx, %ebx
+ andl $0xcfcfcfcf, %edx
+ xorl %ecx, %ecx
+ movb %al, %bl
+ movb %ah, %cl
+ rorl $4, %edx
+ movl 4(%esp), %ebp
+ xorl (%ebp,%ebx),%esi
+ movb %dl, %bl
+ xorl 0x200(%ebp,%ecx),%esi
+ movb %dh, %cl
+ shrl $16, %eax
+ xorl 0x100(%ebp,%ebx),%esi
+ movb %ah, %bl
+ shrl $16, %edx
+ xorl 0x300(%ebp,%ecx),%esi
+ movb %dh, %cl
+ andl $0xff, %eax
+ andl $0xff, %edx
+ movl 0x600(%ebp,%ebx),%ebx
+ xorl %ebx, %esi
+ movl 0x700(%ebp,%ecx),%ebx
+ xorl %ebx, %esi
+ movl 0x400(%ebp,%eax),%ebx
+ xorl %ebx, %esi
+ movl 0x500(%ebp,%edx),%ebx
+ xorl %ebx, %esi
+ movl 32(%esp), %ebp
+
+
+ movl 36(%esp), %eax
+ movl %esi, %edx
+ shrl $16, %edx
+ movl 40(%esp), %ecx
+ xorl %esi, %edx
+ andl %edx, %eax
+ andl %ecx, %edx
+ movl %eax, %ebx
+ sall $16, %ebx
+ movl %edx, %ecx
+ sall $16, %ecx
+ xorl %ebx, %eax
+ xorl %ecx, %edx
+ movl 112(%ebp), %ebx
+ xorl %ebx, %eax
+ movl 116(%ebp), %ecx
+ xorl %esi, %eax
+ xorl %esi, %edx
+ xorl %ecx, %edx
+ andl $0xfcfcfcfc, %eax
+ xorl %ebx, %ebx
+ andl $0xcfcfcfcf, %edx
+ xorl %ecx, %ecx
+ movb %al, %bl
+ movb %ah, %cl
+ rorl $4, %edx
+ movl 4(%esp), %ebp
+ xorl (%ebp,%ebx),%edi
+ movb %dl, %bl
+ xorl 0x200(%ebp,%ecx),%edi
+ movb %dh, %cl
+ shrl $16, %eax
+ xorl 0x100(%ebp,%ebx),%edi
+ movb %ah, %bl
+ shrl $16, %edx
+ xorl 0x300(%ebp,%ecx),%edi
+ movb %dh, %cl
+ andl $0xff, %eax
+ andl $0xff, %edx
+ movl 0x600(%ebp,%ebx),%ebx
+ xorl %ebx, %edi
+ movl 0x700(%ebp,%ecx),%ebx
+ xorl %ebx, %edi
+ movl 0x400(%ebp,%eax),%ebx
+ xorl %ebx, %edi
+ movl 0x500(%ebp,%edx),%ebx
+ xorl %ebx, %edi
+ movl 32(%esp), %ebp
+
+
+ movl 36(%esp), %eax
+ movl %edi, %edx
+ shrl $16, %edx
+ movl 40(%esp), %ecx
+ xorl %edi, %edx
+ andl %edx, %eax
+ andl %ecx, %edx
+ movl %eax, %ebx
+ sall $16, %ebx
+ movl %edx, %ecx
+ sall $16, %ecx
+ xorl %ebx, %eax
+ xorl %ecx, %edx
+ movl 120(%ebp), %ebx
+ xorl %ebx, %eax
+ movl 124(%ebp), %ecx
+ xorl %edi, %eax
+ xorl %edi, %edx
+ xorl %ecx, %edx
+ andl $0xfcfcfcfc, %eax
+ xorl %ebx, %ebx
+ andl $0xcfcfcfcf, %edx
+ xorl %ecx, %ecx
+ movb %al, %bl
+ movb %ah, %cl
+ rorl $4, %edx
+ movl 4(%esp), %ebp
+ xorl (%ebp,%ebx),%esi
+ movb %dl, %bl
+ xorl 0x200(%ebp,%ecx),%esi
+ movb %dh, %cl
+ shrl $16, %eax
+ xorl 0x100(%ebp,%ebx),%esi
+ movb %ah, %bl
+ shrl $16, %edx
+ xorl 0x300(%ebp,%ecx),%esi
+ movb %dh, %cl
+ andl $0xff, %eax
+ andl $0xff, %edx
+ movl 0x600(%ebp,%ebx),%ebx
+ xorl %ebx, %esi
+ movl 0x700(%ebp,%ecx),%ebx
+ xorl %ebx, %esi
+ movl 0x400(%ebp,%eax),%ebx
+ xorl %ebx, %esi
+ movl 0x500(%ebp,%edx),%ebx
+ xorl %ebx, %esi
+ movl 32(%esp), %ebp
+ movl (%esp), %ebx
+ movl %edi, %eax
+ decl %ebx
+ movl %esi, %edi
+ movl %eax, %esi
+ movl %ebx, (%esp)
+ jnz .L000start
+
+
+ movl 28(%esp), %edx
+.byte 209
+.byte 207
+ movl %esi, %eax
+ xorl %edi, %esi
+ andl $0xaaaaaaaa, %esi
+ xorl %esi, %eax
+ xorl %esi, %edi
+
+ roll $23, %eax
+ movl %eax, %esi
+ xorl %edi, %eax
+ andl $0x03fc03fc, %eax
+ xorl %eax, %esi
+ xorl %eax, %edi
+
+ roll $10, %esi
+ movl %esi, %eax
+ xorl %edi, %esi
+ andl $0x33333333, %esi
+ xorl %esi, %eax
+ xorl %esi, %edi
+
+ roll $18, %edi
+ movl %edi, %esi
+ xorl %eax, %edi
+ andl $0xfff0000f, %edi
+ xorl %edi, %esi
+ xorl %edi, %eax
+
+ roll $12, %esi
+ movl %esi, %edi
+ xorl %eax, %esi
+ andl $0xf0f0f0f0, %esi
+ xorl %esi, %edi
+ xorl %esi, %eax
+
+ rorl $4, %eax
+ movl %eax, (%edx)
+ movl %edi, 4(%edx)
+ addl $8, %esp
+ popl %edi
+ popl %esi
+ popl %ebx
+ popl %ebp
+ ret
+.L_fcrypt_body_end:
+ .size fcrypt_body,.L_fcrypt_body_end-fcrypt_body
+.ident "fcrypt_body"
diff --git a/secure/lib/libcrypto/i386/des-586.s b/secure/lib/libcrypto/i386/des-586.s
new file mode 100644
index 0000000..b761290
--- /dev/null
+++ b/secure/lib/libcrypto/i386/des-586.s
@@ -0,0 +1,2698 @@
+ # $FreeBSD$
+
+
+
+
+
+
+ .file "des-586.s"
+ .version "01.01"
+gcc2_compiled.:
+.text
+ .align 16
+.globl DES_encrypt1
+ .type DES_encrypt1,@function
+DES_encrypt1:
+ pushl %esi
+ pushl %edi
+
+
+ movl 12(%esp), %esi
+ xorl %ecx, %ecx
+ pushl %ebx
+ pushl %ebp
+ movl (%esi), %eax
+ movl 28(%esp), %ebx
+ movl 4(%esi), %edi
+
+
+ roll $4, %eax
+ movl %eax, %esi
+ xorl %edi, %eax
+ andl $0xf0f0f0f0, %eax
+ xorl %eax, %esi
+ xorl %eax, %edi
+
+ roll $20, %edi
+ movl %edi, %eax
+ xorl %esi, %edi
+ andl $0xfff0000f, %edi
+ xorl %edi, %eax
+ xorl %edi, %esi
+
+ roll $14, %eax
+ movl %eax, %edi
+ xorl %esi, %eax
+ andl $0x33333333, %eax
+ xorl %eax, %edi
+ xorl %eax, %esi
+
+ roll $22, %esi
+ movl %esi, %eax
+ xorl %edi, %esi
+ andl $0x03fc03fc, %esi
+ xorl %esi, %eax
+ xorl %esi, %edi
+
+ roll $9, %eax
+ movl %eax, %esi
+ xorl %edi, %eax
+ andl $0xaaaaaaaa, %eax
+ xorl %eax, %esi
+ xorl %eax, %edi
+
+.byte 209
+.byte 199
+ leal DES_SPtrans, %ebp
+ movl 24(%esp), %ecx
+ cmpl $0, %ebx
+ je .L000start_decrypt
+
+
+ movl (%ecx), %eax
+ xorl %ebx, %ebx
+ movl 4(%ecx), %edx
+ xorl %esi, %eax
+ xorl %ecx, %ecx
+ xorl %esi, %edx
+ andl $0xfcfcfcfc, %eax
+ andl $0xcfcfcfcf, %edx
+ movb %al, %bl
+ movb %ah, %cl
+ rorl $4, %edx
+ xorl (%ebp,%ebx),%edi
+ movb %dl, %bl
+ xorl 0x200(%ebp,%ecx),%edi
+ movb %dh, %cl
+ shrl $16, %eax
+ xorl 0x100(%ebp,%ebx),%edi
+ movb %ah, %bl
+ shrl $16, %edx
+ xorl 0x300(%ebp,%ecx),%edi
+ movb %dh, %cl
+ andl $0xff, %eax
+ andl $0xff, %edx
+ xorl 0x600(%ebp,%ebx),%edi
+ xorl 0x700(%ebp,%ecx),%edi
+ movl 24(%esp), %ecx
+ xorl 0x400(%ebp,%eax),%edi
+ xorl 0x500(%ebp,%edx),%edi
+
+
+ movl 8(%ecx), %eax
+ xorl %ebx, %ebx
+ movl 12(%ecx), %edx
+ xorl %edi, %eax
+ xorl %ecx, %ecx
+ xorl %edi, %edx
+ andl $0xfcfcfcfc, %eax
+ andl $0xcfcfcfcf, %edx
+ movb %al, %bl
+ movb %ah, %cl
+ rorl $4, %edx
+ xorl (%ebp,%ebx),%esi
+ movb %dl, %bl
+ xorl 0x200(%ebp,%ecx),%esi
+ movb %dh, %cl
+ shrl $16, %eax
+ xorl 0x100(%ebp,%ebx),%esi
+ movb %ah, %bl
+ shrl $16, %edx
+ xorl 0x300(%ebp,%ecx),%esi
+ movb %dh, %cl
+ andl $0xff, %eax
+ andl $0xff, %edx
+ xorl 0x600(%ebp,%ebx),%esi
+ xorl 0x700(%ebp,%ecx),%esi
+ movl 24(%esp), %ecx
+ xorl 0x400(%ebp,%eax),%esi
+ xorl 0x500(%ebp,%edx),%esi
+
+
+ movl 16(%ecx), %eax
+ xorl %ebx, %ebx
+ movl 20(%ecx), %edx
+ xorl %esi, %eax
+ xorl %ecx, %ecx
+ xorl %esi, %edx
+ andl $0xfcfcfcfc, %eax
+ andl $0xcfcfcfcf, %edx
+ movb %al, %bl
+ movb %ah, %cl
+ rorl $4, %edx
+ xorl (%ebp,%ebx),%edi
+ movb %dl, %bl
+ xorl 0x200(%ebp,%ecx),%edi
+ movb %dh, %cl
+ shrl $16, %eax
+ xorl 0x100(%ebp,%ebx),%edi
+ movb %ah, %bl
+ shrl $16, %edx
+ xorl 0x300(%ebp,%ecx),%edi
+ movb %dh, %cl
+ andl $0xff, %eax
+ andl $0xff, %edx
+ xorl 0x600(%ebp,%ebx),%edi
+ xorl 0x700(%ebp,%ecx),%edi
+ movl 24(%esp), %ecx
+ xorl 0x400(%ebp,%eax),%edi
+ xorl 0x500(%ebp,%edx),%edi
+
+
+ movl 24(%ecx), %eax
+ xorl %ebx, %ebx
+ movl 28(%ecx), %edx
+ xorl %edi, %eax
+ xorl %ecx, %ecx
+ xorl %edi, %edx
+ andl $0xfcfcfcfc, %eax
+ andl $0xcfcfcfcf, %edx
+ movb %al, %bl
+ movb %ah, %cl
+ rorl $4, %edx
+ xorl (%ebp,%ebx),%esi
+ movb %dl, %bl
+ xorl 0x200(%ebp,%ecx),%esi
+ movb %dh, %cl
+ shrl $16, %eax
+ xorl 0x100(%ebp,%ebx),%esi
+ movb %ah, %bl
+ shrl $16, %edx
+ xorl 0x300(%ebp,%ecx),%esi
+ movb %dh, %cl
+ andl $0xff, %eax
+ andl $0xff, %edx
+ xorl 0x600(%ebp,%ebx),%esi
+ xorl 0x700(%ebp,%ecx),%esi
+ movl 24(%esp), %ecx
+ xorl 0x400(%ebp,%eax),%esi
+ xorl 0x500(%ebp,%edx),%esi
+
+
+ movl 32(%ecx), %eax
+ xorl %ebx, %ebx
+ movl 36(%ecx), %edx
+ xorl %esi, %eax
+ xorl %ecx, %ecx
+ xorl %esi, %edx
+ andl $0xfcfcfcfc, %eax
+ andl $0xcfcfcfcf, %edx
+ movb %al, %bl
+ movb %ah, %cl
+ rorl $4, %edx
+ xorl (%ebp,%ebx),%edi
+ movb %dl, %bl
+ xorl 0x200(%ebp,%ecx),%edi
+ movb %dh, %cl
+ shrl $16, %eax
+ xorl 0x100(%ebp,%ebx),%edi
+ movb %ah, %bl
+ shrl $16, %edx
+ xorl 0x300(%ebp,%ecx),%edi
+ movb %dh, %cl
+ andl $0xff, %eax
+ andl $0xff, %edx
+ xorl 0x600(%ebp,%ebx),%edi
+ xorl 0x700(%ebp,%ecx),%edi
+ movl 24(%esp), %ecx
+ xorl 0x400(%ebp,%eax),%edi
+ xorl 0x500(%ebp,%edx),%edi
+
+
+ movl 40(%ecx), %eax
+ xorl %ebx, %ebx
+ movl 44(%ecx), %edx
+ xorl %edi, %eax
+ xorl %ecx, %ecx
+ xorl %edi, %edx
+ andl $0xfcfcfcfc, %eax
+ andl $0xcfcfcfcf, %edx
+ movb %al, %bl
+ movb %ah, %cl
+ rorl $4, %edx
+ xorl (%ebp,%ebx),%esi
+ movb %dl, %bl
+ xorl 0x200(%ebp,%ecx),%esi
+ movb %dh, %cl
+ shrl $16, %eax
+ xorl 0x100(%ebp,%ebx),%esi
+ movb %ah, %bl
+ shrl $16, %edx
+ xorl 0x300(%ebp,%ecx),%esi
+ movb %dh, %cl
+ andl $0xff, %eax
+ andl $0xff, %edx
+ xorl 0x600(%ebp,%ebx),%esi
+ xorl 0x700(%ebp,%ecx),%esi
+ movl 24(%esp), %ecx
+ xorl 0x400(%ebp,%eax),%esi
+ xorl 0x500(%ebp,%edx),%esi
+
+
+ movl 48(%ecx), %eax
+ xorl %ebx, %ebx
+ movl 52(%ecx), %edx
+ xorl %esi, %eax
+ xorl %ecx, %ecx
+ xorl %esi, %edx
+ andl $0xfcfcfcfc, %eax
+ andl $0xcfcfcfcf, %edx
+ movb %al, %bl
+ movb %ah, %cl
+ rorl $4, %edx
+ xorl (%ebp,%ebx),%edi
+ movb %dl, %bl
+ xorl 0x200(%ebp,%ecx),%edi
+ movb %dh, %cl
+ shrl $16, %eax
+ xorl 0x100(%ebp,%ebx),%edi
+ movb %ah, %bl
+ shrl $16, %edx
+ xorl 0x300(%ebp,%ecx),%edi
+ movb %dh, %cl
+ andl $0xff, %eax
+ andl $0xff, %edx
+ xorl 0x600(%ebp,%ebx),%edi
+ xorl 0x700(%ebp,%ecx),%edi
+ movl 24(%esp), %ecx
+ xorl 0x400(%ebp,%eax),%edi
+ xorl 0x500(%ebp,%edx),%edi
+
+
+ movl 56(%ecx), %eax
+ xorl %ebx, %ebx
+ movl 60(%ecx), %edx
+ xorl %edi, %eax
+ xorl %ecx, %ecx
+ xorl %edi, %edx
+ andl $0xfcfcfcfc, %eax
+ andl $0xcfcfcfcf, %edx
+ movb %al, %bl
+ movb %ah, %cl
+ rorl $4, %edx
+ xorl (%ebp,%ebx),%esi
+ movb %dl, %bl
+ xorl 0x200(%ebp,%ecx),%esi
+ movb %dh, %cl
+ shrl $16, %eax
+ xorl 0x100(%ebp,%ebx),%esi
+ movb %ah, %bl
+ shrl $16, %edx
+ xorl 0x300(%ebp,%ecx),%esi
+ movb %dh, %cl
+ andl $0xff, %eax
+ andl $0xff, %edx
+ xorl 0x600(%ebp,%ebx),%esi
+ xorl 0x700(%ebp,%ecx),%esi
+ movl 24(%esp), %ecx
+ xorl 0x400(%ebp,%eax),%esi
+ xorl 0x500(%ebp,%edx),%esi
+
+
+ movl 64(%ecx), %eax
+ xorl %ebx, %ebx
+ movl 68(%ecx), %edx
+ xorl %esi, %eax
+ xorl %ecx, %ecx
+ xorl %esi, %edx
+ andl $0xfcfcfcfc, %eax
+ andl $0xcfcfcfcf, %edx
+ movb %al, %bl
+ movb %ah, %cl
+ rorl $4, %edx
+ xorl (%ebp,%ebx),%edi
+ movb %dl, %bl
+ xorl 0x200(%ebp,%ecx),%edi
+ movb %dh, %cl
+ shrl $16, %eax
+ xorl 0x100(%ebp,%ebx),%edi
+ movb %ah, %bl
+ shrl $16, %edx
+ xorl 0x300(%ebp,%ecx),%edi
+ movb %dh, %cl
+ andl $0xff, %eax
+ andl $0xff, %edx
+ xorl 0x600(%ebp,%ebx),%edi
+ xorl 0x700(%ebp,%ecx),%edi
+ movl 24(%esp), %ecx
+ xorl 0x400(%ebp,%eax),%edi
+ xorl 0x500(%ebp,%edx),%edi
+
+
+ movl 72(%ecx), %eax
+ xorl %ebx, %ebx
+ movl 76(%ecx), %edx
+ xorl %edi, %eax
+ xorl %ecx, %ecx
+ xorl %edi, %edx
+ andl $0xfcfcfcfc, %eax
+ andl $0xcfcfcfcf, %edx
+ movb %al, %bl
+ movb %ah, %cl
+ rorl $4, %edx
+ xorl (%ebp,%ebx),%esi
+ movb %dl, %bl
+ xorl 0x200(%ebp,%ecx),%esi
+ movb %dh, %cl
+ shrl $16, %eax
+ xorl 0x100(%ebp,%ebx),%esi
+ movb %ah, %bl
+ shrl $16, %edx
+ xorl 0x300(%ebp,%ecx),%esi
+ movb %dh, %cl
+ andl $0xff, %eax
+ andl $0xff, %edx
+ xorl 0x600(%ebp,%ebx),%esi
+ xorl 0x700(%ebp,%ecx),%esi
+ movl 24(%esp), %ecx
+ xorl 0x400(%ebp,%eax),%esi
+ xorl 0x500(%ebp,%edx),%esi
+
+
+ movl 80(%ecx), %eax
+ xorl %ebx, %ebx
+ movl 84(%ecx), %edx
+ xorl %esi, %eax
+ xorl %ecx, %ecx
+ xorl %esi, %edx
+ andl $0xfcfcfcfc, %eax
+ andl $0xcfcfcfcf, %edx
+ movb %al, %bl
+ movb %ah, %cl
+ rorl $4, %edx
+ xorl (%ebp,%ebx),%edi
+ movb %dl, %bl
+ xorl 0x200(%ebp,%ecx),%edi
+ movb %dh, %cl
+ shrl $16, %eax
+ xorl 0x100(%ebp,%ebx),%edi
+ movb %ah, %bl
+ shrl $16, %edx
+ xorl 0x300(%ebp,%ecx),%edi
+ movb %dh, %cl
+ andl $0xff, %eax
+ andl $0xff, %edx
+ xorl 0x600(%ebp,%ebx),%edi
+ xorl 0x700(%ebp,%ecx),%edi
+ movl 24(%esp), %ecx
+ xorl 0x400(%ebp,%eax),%edi
+ xorl 0x500(%ebp,%edx),%edi
+
+
+ movl 88(%ecx), %eax
+ xorl %ebx, %ebx
+ movl 92(%ecx), %edx
+ xorl %edi, %eax
+ xorl %ecx, %ecx
+ xorl %edi, %edx
+ andl $0xfcfcfcfc, %eax
+ andl $0xcfcfcfcf, %edx
+ movb %al, %bl
+ movb %ah, %cl
+ rorl $4, %edx
+ xorl (%ebp,%ebx),%esi
+ movb %dl, %bl
+ xorl 0x200(%ebp,%ecx),%esi
+ movb %dh, %cl
+ shrl $16, %eax
+ xorl 0x100(%ebp,%ebx),%esi
+ movb %ah, %bl
+ shrl $16, %edx
+ xorl 0x300(%ebp,%ecx),%esi
+ movb %dh, %cl
+ andl $0xff, %eax
+ andl $0xff, %edx
+ xorl 0x600(%ebp,%ebx),%esi
+ xorl 0x700(%ebp,%ecx),%esi
+ movl 24(%esp), %ecx
+ xorl 0x400(%ebp,%eax),%esi
+ xorl 0x500(%ebp,%edx),%esi
+
+
+ movl 96(%ecx), %eax
+ xorl %ebx, %ebx
+ movl 100(%ecx), %edx
+ xorl %esi, %eax
+ xorl %ecx, %ecx
+ xorl %esi, %edx
+ andl $0xfcfcfcfc, %eax
+ andl $0xcfcfcfcf, %edx
+ movb %al, %bl
+ movb %ah, %cl
+ rorl $4, %edx
+ xorl (%ebp,%ebx),%edi
+ movb %dl, %bl
+ xorl 0x200(%ebp,%ecx),%edi
+ movb %dh, %cl
+ shrl $16, %eax
+ xorl 0x100(%ebp,%ebx),%edi
+ movb %ah, %bl
+ shrl $16, %edx
+ xorl 0x300(%ebp,%ecx),%edi
+ movb %dh, %cl
+ andl $0xff, %eax
+ andl $0xff, %edx
+ xorl 0x600(%ebp,%ebx),%edi
+ xorl 0x700(%ebp,%ecx),%edi
+ movl 24(%esp), %ecx
+ xorl 0x400(%ebp,%eax),%edi
+ xorl 0x500(%ebp,%edx),%edi
+
+
+ movl 104(%ecx), %eax
+ xorl %ebx, %ebx
+ movl 108(%ecx), %edx
+ xorl %edi, %eax
+ xorl %ecx, %ecx
+ xorl %edi, %edx
+ andl $0xfcfcfcfc, %eax
+ andl $0xcfcfcfcf, %edx
+ movb %al, %bl
+ movb %ah, %cl
+ rorl $4, %edx
+ xorl (%ebp,%ebx),%esi
+ movb %dl, %bl
+ xorl 0x200(%ebp,%ecx),%esi
+ movb %dh, %cl
+ shrl $16, %eax
+ xorl 0x100(%ebp,%ebx),%esi
+ movb %ah, %bl
+ shrl $16, %edx
+ xorl 0x300(%ebp,%ecx),%esi
+ movb %dh, %cl
+ andl $0xff, %eax
+ andl $0xff, %edx
+ xorl 0x600(%ebp,%ebx),%esi
+ xorl 0x700(%ebp,%ecx),%esi
+ movl 24(%esp), %ecx
+ xorl 0x400(%ebp,%eax),%esi
+ xorl 0x500(%ebp,%edx),%esi
+
+
+ movl 112(%ecx), %eax
+ xorl %ebx, %ebx
+ movl 116(%ecx), %edx
+ xorl %esi, %eax
+ xorl %ecx, %ecx
+ xorl %esi, %edx
+ andl $0xfcfcfcfc, %eax
+ andl $0xcfcfcfcf, %edx
+ movb %al, %bl
+ movb %ah, %cl
+ rorl $4, %edx
+ xorl (%ebp,%ebx),%edi
+ movb %dl, %bl
+ xorl 0x200(%ebp,%ecx),%edi
+ movb %dh, %cl
+ shrl $16, %eax
+ xorl 0x100(%ebp,%ebx),%edi
+ movb %ah, %bl
+ shrl $16, %edx
+ xorl 0x300(%ebp,%ecx),%edi
+ movb %dh, %cl
+ andl $0xff, %eax
+ andl $0xff, %edx
+ xorl 0x600(%ebp,%ebx),%edi
+ xorl 0x700(%ebp,%ecx),%edi
+ movl 24(%esp), %ecx
+ xorl 0x400(%ebp,%eax),%edi
+ xorl 0x500(%ebp,%edx),%edi
+
+
+ movl 120(%ecx), %eax
+ xorl %ebx, %ebx
+ movl 124(%ecx), %edx
+ xorl %edi, %eax
+ xorl %ecx, %ecx
+ xorl %edi, %edx
+ andl $0xfcfcfcfc, %eax
+ andl $0xcfcfcfcf, %edx
+ movb %al, %bl
+ movb %ah, %cl
+ rorl $4, %edx
+ xorl (%ebp,%ebx),%esi
+ movb %dl, %bl
+ xorl 0x200(%ebp,%ecx),%esi
+ movb %dh, %cl
+ shrl $16, %eax
+ xorl 0x100(%ebp,%ebx),%esi
+ movb %ah, %bl
+ shrl $16, %edx
+ xorl 0x300(%ebp,%ecx),%esi
+ movb %dh, %cl
+ andl $0xff, %eax
+ andl $0xff, %edx
+ xorl 0x600(%ebp,%ebx),%esi
+ xorl 0x700(%ebp,%ecx),%esi
+ movl 24(%esp), %ecx
+ xorl 0x400(%ebp,%eax),%esi
+ xorl 0x500(%ebp,%edx),%esi
+ jmp .L001end
+.L000start_decrypt:
+
+
+ movl 120(%ecx), %eax
+ xorl %ebx, %ebx
+ movl 124(%ecx), %edx
+ xorl %esi, %eax
+ xorl %ecx, %ecx
+ xorl %esi, %edx
+ andl $0xfcfcfcfc, %eax
+ andl $0xcfcfcfcf, %edx
+ movb %al, %bl
+ movb %ah, %cl
+ rorl $4, %edx
+ xorl (%ebp,%ebx),%edi
+ movb %dl, %bl
+ xorl 0x200(%ebp,%ecx),%edi
+ movb %dh, %cl
+ shrl $16, %eax
+ xorl 0x100(%ebp,%ebx),%edi
+ movb %ah, %bl
+ shrl $16, %edx
+ xorl 0x300(%ebp,%ecx),%edi
+ movb %dh, %cl
+ andl $0xff, %eax
+ andl $0xff, %edx
+ xorl 0x600(%ebp,%ebx),%edi
+ xorl 0x700(%ebp,%ecx),%edi
+ movl 24(%esp), %ecx
+ xorl 0x400(%ebp,%eax),%edi
+ xorl 0x500(%ebp,%edx),%edi
+
+
+ movl 112(%ecx), %eax
+ xorl %ebx, %ebx
+ movl 116(%ecx), %edx
+ xorl %edi, %eax
+ xorl %ecx, %ecx
+ xorl %edi, %edx
+ andl $0xfcfcfcfc, %eax
+ andl $0xcfcfcfcf, %edx
+ movb %al, %bl
+ movb %ah, %cl
+ rorl $4, %edx
+ xorl (%ebp,%ebx),%esi
+ movb %dl, %bl
+ xorl 0x200(%ebp,%ecx),%esi
+ movb %dh, %cl
+ shrl $16, %eax
+ xorl 0x100(%ebp,%ebx),%esi
+ movb %ah, %bl
+ shrl $16, %edx
+ xorl 0x300(%ebp,%ecx),%esi
+ movb %dh, %cl
+ andl $0xff, %eax
+ andl $0xff, %edx
+ xorl 0x600(%ebp,%ebx),%esi
+ xorl 0x700(%ebp,%ecx),%esi
+ movl 24(%esp), %ecx
+ xorl 0x400(%ebp,%eax),%esi
+ xorl 0x500(%ebp,%edx),%esi
+
+
+ movl 104(%ecx), %eax
+ xorl %ebx, %ebx
+ movl 108(%ecx), %edx
+ xorl %esi, %eax
+ xorl %ecx, %ecx
+ xorl %esi, %edx
+ andl $0xfcfcfcfc, %eax
+ andl $0xcfcfcfcf, %edx
+ movb %al, %bl
+ movb %ah, %cl
+ rorl $4, %edx
+ xorl (%ebp,%ebx),%edi
+ movb %dl, %bl
+ xorl 0x200(%ebp,%ecx),%edi
+ movb %dh, %cl
+ shrl $16, %eax
+ xorl 0x100(%ebp,%ebx),%edi
+ movb %ah, %bl
+ shrl $16, %edx
+ xorl 0x300(%ebp,%ecx),%edi
+ movb %dh, %cl
+ andl $0xff, %eax
+ andl $0xff, %edx
+ xorl 0x600(%ebp,%ebx),%edi
+ xorl 0x700(%ebp,%ecx),%edi
+ movl 24(%esp), %ecx
+ xorl 0x400(%ebp,%eax),%edi
+ xorl 0x500(%ebp,%edx),%edi
+
+
+ movl 96(%ecx), %eax
+ xorl %ebx, %ebx
+ movl 100(%ecx), %edx
+ xorl %edi, %eax
+ xorl %ecx, %ecx
+ xorl %edi, %edx
+ andl $0xfcfcfcfc, %eax
+ andl $0xcfcfcfcf, %edx
+ movb %al, %bl
+ movb %ah, %cl
+ rorl $4, %edx
+ xorl (%ebp,%ebx),%esi
+ movb %dl, %bl
+ xorl 0x200(%ebp,%ecx),%esi
+ movb %dh, %cl
+ shrl $16, %eax
+ xorl 0x100(%ebp,%ebx),%esi
+ movb %ah, %bl
+ shrl $16, %edx
+ xorl 0x300(%ebp,%ecx),%esi
+ movb %dh, %cl
+ andl $0xff, %eax
+ andl $0xff, %edx
+ xorl 0x600(%ebp,%ebx),%esi
+ xorl 0x700(%ebp,%ecx),%esi
+ movl 24(%esp), %ecx
+ xorl 0x400(%ebp,%eax),%esi
+ xorl 0x500(%ebp,%edx),%esi
+
+
+ movl 88(%ecx), %eax
+ xorl %ebx, %ebx
+ movl 92(%ecx), %edx
+ xorl %esi, %eax
+ xorl %ecx, %ecx
+ xorl %esi, %edx
+ andl $0xfcfcfcfc, %eax
+ andl $0xcfcfcfcf, %edx
+ movb %al, %bl
+ movb %ah, %cl
+ rorl $4, %edx
+ xorl (%ebp,%ebx),%edi
+ movb %dl, %bl
+ xorl 0x200(%ebp,%ecx),%edi
+ movb %dh, %cl
+ shrl $16, %eax
+ xorl 0x100(%ebp,%ebx),%edi
+ movb %ah, %bl
+ shrl $16, %edx
+ xorl 0x300(%ebp,%ecx),%edi
+ movb %dh, %cl
+ andl $0xff, %eax
+ andl $0xff, %edx
+ xorl 0x600(%ebp,%ebx),%edi
+ xorl 0x700(%ebp,%ecx),%edi
+ movl 24(%esp), %ecx
+ xorl 0x400(%ebp,%eax),%edi
+ xorl 0x500(%ebp,%edx),%edi
+
+
+ movl 80(%ecx), %eax
+ xorl %ebx, %ebx
+ movl 84(%ecx), %edx
+ xorl %edi, %eax
+ xorl %ecx, %ecx
+ xorl %edi, %edx
+ andl $0xfcfcfcfc, %eax
+ andl $0xcfcfcfcf, %edx
+ movb %al, %bl
+ movb %ah, %cl
+ rorl $4, %edx
+ xorl (%ebp,%ebx),%esi
+ movb %dl, %bl
+ xorl 0x200(%ebp,%ecx),%esi
+ movb %dh, %cl
+ shrl $16, %eax
+ xorl 0x100(%ebp,%ebx),%esi
+ movb %ah, %bl
+ shrl $16, %edx
+ xorl 0x300(%ebp,%ecx),%esi
+ movb %dh, %cl
+ andl $0xff, %eax
+ andl $0xff, %edx
+ xorl 0x600(%ebp,%ebx),%esi
+ xorl 0x700(%ebp,%ecx),%esi
+ movl 24(%esp), %ecx
+ xorl 0x400(%ebp,%eax),%esi
+ xorl 0x500(%ebp,%edx),%esi
+
+
+ movl 72(%ecx), %eax
+ xorl %ebx, %ebx
+ movl 76(%ecx), %edx
+ xorl %esi, %eax
+ xorl %ecx, %ecx
+ xorl %esi, %edx
+ andl $0xfcfcfcfc, %eax
+ andl $0xcfcfcfcf, %edx
+ movb %al, %bl
+ movb %ah, %cl
+ rorl $4, %edx
+ xorl (%ebp,%ebx),%edi
+ movb %dl, %bl
+ xorl 0x200(%ebp,%ecx),%edi
+ movb %dh, %cl
+ shrl $16, %eax
+ xorl 0x100(%ebp,%ebx),%edi
+ movb %ah, %bl
+ shrl $16, %edx
+ xorl 0x300(%ebp,%ecx),%edi
+ movb %dh, %cl
+ andl $0xff, %eax
+ andl $0xff, %edx
+ xorl 0x600(%ebp,%ebx),%edi
+ xorl 0x700(%ebp,%ecx),%edi
+ movl 24(%esp), %ecx
+ xorl 0x400(%ebp,%eax),%edi
+ xorl 0x500(%ebp,%edx),%edi
+
+
+ movl 64(%ecx), %eax
+ xorl %ebx, %ebx
+ movl 68(%ecx), %edx
+ xorl %edi, %eax
+ xorl %ecx, %ecx
+ xorl %edi, %edx
+ andl $0xfcfcfcfc, %eax
+ andl $0xcfcfcfcf, %edx
+ movb %al, %bl
+ movb %ah, %cl
+ rorl $4, %edx
+ xorl (%ebp,%ebx),%esi
+ movb %dl, %bl
+ xorl 0x200(%ebp,%ecx),%esi
+ movb %dh, %cl
+ shrl $16, %eax
+ xorl 0x100(%ebp,%ebx),%esi
+ movb %ah, %bl
+ shrl $16, %edx
+ xorl 0x300(%ebp,%ecx),%esi
+ movb %dh, %cl
+ andl $0xff, %eax
+ andl $0xff, %edx
+ xorl 0x600(%ebp,%ebx),%esi
+ xorl 0x700(%ebp,%ecx),%esi
+ movl 24(%esp), %ecx
+ xorl 0x400(%ebp,%eax),%esi
+ xorl 0x500(%ebp,%edx),%esi
+
+
+ movl 56(%ecx), %eax
+ xorl %ebx, %ebx
+ movl 60(%ecx), %edx
+ xorl %esi, %eax
+ xorl %ecx, %ecx
+ xorl %esi, %edx
+ andl $0xfcfcfcfc, %eax
+ andl $0xcfcfcfcf, %edx
+ movb %al, %bl
+ movb %ah, %cl
+ rorl $4, %edx
+ xorl (%ebp,%ebx),%edi
+ movb %dl, %bl
+ xorl 0x200(%ebp,%ecx),%edi
+ movb %dh, %cl
+ shrl $16, %eax
+ xorl 0x100(%ebp,%ebx),%edi
+ movb %ah, %bl
+ shrl $16, %edx
+ xorl 0x300(%ebp,%ecx),%edi
+ movb %dh, %cl
+ andl $0xff, %eax
+ andl $0xff, %edx
+ xorl 0x600(%ebp,%ebx),%edi
+ xorl 0x700(%ebp,%ecx),%edi
+ movl 24(%esp), %ecx
+ xorl 0x400(%ebp,%eax),%edi
+ xorl 0x500(%ebp,%edx),%edi
+
+
+ movl 48(%ecx), %eax
+ xorl %ebx, %ebx
+ movl 52(%ecx), %edx
+ xorl %edi, %eax
+ xorl %ecx, %ecx
+ xorl %edi, %edx
+ andl $0xfcfcfcfc, %eax
+ andl $0xcfcfcfcf, %edx
+ movb %al, %bl
+ movb %ah, %cl
+ rorl $4, %edx
+ xorl (%ebp,%ebx),%esi
+ movb %dl, %bl
+ xorl 0x200(%ebp,%ecx),%esi
+ movb %dh, %cl
+ shrl $16, %eax
+ xorl 0x100(%ebp,%ebx),%esi
+ movb %ah, %bl
+ shrl $16, %edx
+ xorl 0x300(%ebp,%ecx),%esi
+ movb %dh, %cl
+ andl $0xff, %eax
+ andl $0xff, %edx
+ xorl 0x600(%ebp,%ebx),%esi
+ xorl 0x700(%ebp,%ecx),%esi
+ movl 24(%esp), %ecx
+ xorl 0x400(%ebp,%eax),%esi
+ xorl 0x500(%ebp,%edx),%esi
+
+
+ movl 40(%ecx), %eax
+ xorl %ebx, %ebx
+ movl 44(%ecx), %edx
+ xorl %esi, %eax
+ xorl %ecx, %ecx
+ xorl %esi, %edx
+ andl $0xfcfcfcfc, %eax
+ andl $0xcfcfcfcf, %edx
+ movb %al, %bl
+ movb %ah, %cl
+ rorl $4, %edx
+ xorl (%ebp,%ebx),%edi
+ movb %dl, %bl
+ xorl 0x200(%ebp,%ecx),%edi
+ movb %dh, %cl
+ shrl $16, %eax
+ xorl 0x100(%ebp,%ebx),%edi
+ movb %ah, %bl
+ shrl $16, %edx
+ xorl 0x300(%ebp,%ecx),%edi
+ movb %dh, %cl
+ andl $0xff, %eax
+ andl $0xff, %edx
+ xorl 0x600(%ebp,%ebx),%edi
+ xorl 0x700(%ebp,%ecx),%edi
+ movl 24(%esp), %ecx
+ xorl 0x400(%ebp,%eax),%edi
+ xorl 0x500(%ebp,%edx),%edi
+
+
+ movl 32(%ecx), %eax
+ xorl %ebx, %ebx
+ movl 36(%ecx), %edx
+ xorl %edi, %eax
+ xorl %ecx, %ecx
+ xorl %edi, %edx
+ andl $0xfcfcfcfc, %eax
+ andl $0xcfcfcfcf, %edx
+ movb %al, %bl
+ movb %ah, %cl
+ rorl $4, %edx
+ xorl (%ebp,%ebx),%esi
+ movb %dl, %bl
+ xorl 0x200(%ebp,%ecx),%esi
+ movb %dh, %cl
+ shrl $16, %eax
+ xorl 0x100(%ebp,%ebx),%esi
+ movb %ah, %bl
+ shrl $16, %edx
+ xorl 0x300(%ebp,%ecx),%esi
+ movb %dh, %cl
+ andl $0xff, %eax
+ andl $0xff, %edx
+ xorl 0x600(%ebp,%ebx),%esi
+ xorl 0x700(%ebp,%ecx),%esi
+ movl 24(%esp), %ecx
+ xorl 0x400(%ebp,%eax),%esi
+ xorl 0x500(%ebp,%edx),%esi
+
+
+ movl 24(%ecx), %eax
+ xorl %ebx, %ebx
+ movl 28(%ecx), %edx
+ xorl %esi, %eax
+ xorl %ecx, %ecx
+ xorl %esi, %edx
+ andl $0xfcfcfcfc, %eax
+ andl $0xcfcfcfcf, %edx
+ movb %al, %bl
+ movb %ah, %cl
+ rorl $4, %edx
+ xorl (%ebp,%ebx),%edi
+ movb %dl, %bl
+ xorl 0x200(%ebp,%ecx),%edi
+ movb %dh, %cl
+ shrl $16, %eax
+ xorl 0x100(%ebp,%ebx),%edi
+ movb %ah, %bl
+ shrl $16, %edx
+ xorl 0x300(%ebp,%ecx),%edi
+ movb %dh, %cl
+ andl $0xff, %eax
+ andl $0xff, %edx
+ xorl 0x600(%ebp,%ebx),%edi
+ xorl 0x700(%ebp,%ecx),%edi
+ movl 24(%esp), %ecx
+ xorl 0x400(%ebp,%eax),%edi
+ xorl 0x500(%ebp,%edx),%edi
+
+
+ movl 16(%ecx), %eax
+ xorl %ebx, %ebx
+ movl 20(%ecx), %edx
+ xorl %edi, %eax
+ xorl %ecx, %ecx
+ xorl %edi, %edx
+ andl $0xfcfcfcfc, %eax
+ andl $0xcfcfcfcf, %edx
+ movb %al, %bl
+ movb %ah, %cl
+ rorl $4, %edx
+ xorl (%ebp,%ebx),%esi
+ movb %dl, %bl
+ xorl 0x200(%ebp,%ecx),%esi
+ movb %dh, %cl
+ shrl $16, %eax
+ xorl 0x100(%ebp,%ebx),%esi
+ movb %ah, %bl
+ shrl $16, %edx
+ xorl 0x300(%ebp,%ecx),%esi
+ movb %dh, %cl
+ andl $0xff, %eax
+ andl $0xff, %edx
+ xorl 0x600(%ebp,%ebx),%esi
+ xorl 0x700(%ebp,%ecx),%esi
+ movl 24(%esp), %ecx
+ xorl 0x400(%ebp,%eax),%esi
+ xorl 0x500(%ebp,%edx),%esi
+
+
+ movl 8(%ecx), %eax
+ xorl %ebx, %ebx
+ movl 12(%ecx), %edx
+ xorl %esi, %eax
+ xorl %ecx, %ecx
+ xorl %esi, %edx
+ andl $0xfcfcfcfc, %eax
+ andl $0xcfcfcfcf, %edx
+ movb %al, %bl
+ movb %ah, %cl
+ rorl $4, %edx
+ xorl (%ebp,%ebx),%edi
+ movb %dl, %bl
+ xorl 0x200(%ebp,%ecx),%edi
+ movb %dh, %cl
+ shrl $16, %eax
+ xorl 0x100(%ebp,%ebx),%edi
+ movb %ah, %bl
+ shrl $16, %edx
+ xorl 0x300(%ebp,%ecx),%edi
+ movb %dh, %cl
+ andl $0xff, %eax
+ andl $0xff, %edx
+ xorl 0x600(%ebp,%ebx),%edi
+ xorl 0x700(%ebp,%ecx),%edi
+ movl 24(%esp), %ecx
+ xorl 0x400(%ebp,%eax),%edi
+ xorl 0x500(%ebp,%edx),%edi
+
+
+ movl (%ecx), %eax
+ xorl %ebx, %ebx
+ movl 4(%ecx), %edx
+ xorl %edi, %eax
+ xorl %ecx, %ecx
+ xorl %edi, %edx
+ andl $0xfcfcfcfc, %eax
+ andl $0xcfcfcfcf, %edx
+ movb %al, %bl
+ movb %ah, %cl
+ rorl $4, %edx
+ xorl (%ebp,%ebx),%esi
+ movb %dl, %bl
+ xorl 0x200(%ebp,%ecx),%esi
+ movb %dh, %cl
+ shrl $16, %eax
+ xorl 0x100(%ebp,%ebx),%esi
+ movb %ah, %bl
+ shrl $16, %edx
+ xorl 0x300(%ebp,%ecx),%esi
+ movb %dh, %cl
+ andl $0xff, %eax
+ andl $0xff, %edx
+ xorl 0x600(%ebp,%ebx),%esi
+ xorl 0x700(%ebp,%ecx),%esi
+ movl 24(%esp), %ecx
+ xorl 0x400(%ebp,%eax),%esi
+ xorl 0x500(%ebp,%edx),%esi
+.L001end:
+
+
+ movl 20(%esp), %edx
+.byte 209
+.byte 206
+ movl %edi, %eax
+ xorl %esi, %edi
+ andl $0xaaaaaaaa, %edi
+ xorl %edi, %eax
+ xorl %edi, %esi
+
+ roll $23, %eax
+ movl %eax, %edi
+ xorl %esi, %eax
+ andl $0x03fc03fc, %eax
+ xorl %eax, %edi
+ xorl %eax, %esi
+
+ roll $10, %edi
+ movl %edi, %eax
+ xorl %esi, %edi
+ andl $0x33333333, %edi
+ xorl %edi, %eax
+ xorl %edi, %esi
+
+ roll $18, %esi
+ movl %esi, %edi
+ xorl %eax, %esi
+ andl $0xfff0000f, %esi
+ xorl %esi, %edi
+ xorl %esi, %eax
+
+ roll $12, %edi
+ movl %edi, %esi
+ xorl %eax, %edi
+ andl $0xf0f0f0f0, %edi
+ xorl %edi, %esi
+ xorl %edi, %eax
+
+ rorl $4, %eax
+ movl %eax, (%edx)
+ movl %esi, 4(%edx)
+ popl %ebp
+ popl %ebx
+ popl %edi
+ popl %esi
+ ret
+.L_DES_encrypt1_end:
+ .size DES_encrypt1,.L_DES_encrypt1_end-DES_encrypt1
+.ident "desasm.pl"
+.text
+ .align 16
+.globl DES_encrypt2
+ .type DES_encrypt2,@function
+DES_encrypt2:
+ pushl %esi
+ pushl %edi
+
+
+ movl 12(%esp), %eax
+ xorl %ecx, %ecx
+ pushl %ebx
+ pushl %ebp
+ movl (%eax), %esi
+ movl 28(%esp), %ebx
+ roll $3, %esi
+ movl 4(%eax), %edi
+ roll $3, %edi
+ leal DES_SPtrans, %ebp
+ movl 24(%esp), %ecx
+ cmpl $0, %ebx
+ je .L002start_decrypt
+
+
+ movl (%ecx), %eax
+ xorl %ebx, %ebx
+ movl 4(%ecx), %edx
+ xorl %esi, %eax
+ xorl %ecx, %ecx
+ xorl %esi, %edx
+ andl $0xfcfcfcfc, %eax
+ andl $0xcfcfcfcf, %edx
+ movb %al, %bl
+ movb %ah, %cl
+ rorl $4, %edx
+ xorl (%ebp,%ebx),%edi
+ movb %dl, %bl
+ xorl 0x200(%ebp,%ecx),%edi
+ movb %dh, %cl
+ shrl $16, %eax
+ xorl 0x100(%ebp,%ebx),%edi
+ movb %ah, %bl
+ shrl $16, %edx
+ xorl 0x300(%ebp,%ecx),%edi
+ movb %dh, %cl
+ andl $0xff, %eax
+ andl $0xff, %edx
+ xorl 0x600(%ebp,%ebx),%edi
+ xorl 0x700(%ebp,%ecx),%edi
+ movl 24(%esp), %ecx
+ xorl 0x400(%ebp,%eax),%edi
+ xorl 0x500(%ebp,%edx),%edi
+
+
+ movl 8(%ecx), %eax
+ xorl %ebx, %ebx
+ movl 12(%ecx), %edx
+ xorl %edi, %eax
+ xorl %ecx, %ecx
+ xorl %edi, %edx
+ andl $0xfcfcfcfc, %eax
+ andl $0xcfcfcfcf, %edx
+ movb %al, %bl
+ movb %ah, %cl
+ rorl $4, %edx
+ xorl (%ebp,%ebx),%esi
+ movb %dl, %bl
+ xorl 0x200(%ebp,%ecx),%esi
+ movb %dh, %cl
+ shrl $16, %eax
+ xorl 0x100(%ebp,%ebx),%esi
+ movb %ah, %bl
+ shrl $16, %edx
+ xorl 0x300(%ebp,%ecx),%esi
+ movb %dh, %cl
+ andl $0xff, %eax
+ andl $0xff, %edx
+ xorl 0x600(%ebp,%ebx),%esi
+ xorl 0x700(%ebp,%ecx),%esi
+ movl 24(%esp), %ecx
+ xorl 0x400(%ebp,%eax),%esi
+ xorl 0x500(%ebp,%edx),%esi
+
+
+ movl 16(%ecx), %eax
+ xorl %ebx, %ebx
+ movl 20(%ecx), %edx
+ xorl %esi, %eax
+ xorl %ecx, %ecx
+ xorl %esi, %edx
+ andl $0xfcfcfcfc, %eax
+ andl $0xcfcfcfcf, %edx
+ movb %al, %bl
+ movb %ah, %cl
+ rorl $4, %edx
+ xorl (%ebp,%ebx),%edi
+ movb %dl, %bl
+ xorl 0x200(%ebp,%ecx),%edi
+ movb %dh, %cl
+ shrl $16, %eax
+ xorl 0x100(%ebp,%ebx),%edi
+ movb %ah, %bl
+ shrl $16, %edx
+ xorl 0x300(%ebp,%ecx),%edi
+ movb %dh, %cl
+ andl $0xff, %eax
+ andl $0xff, %edx
+ xorl 0x600(%ebp,%ebx),%edi
+ xorl 0x700(%ebp,%ecx),%edi
+ movl 24(%esp), %ecx
+ xorl 0x400(%ebp,%eax),%edi
+ xorl 0x500(%ebp,%edx),%edi
+
+
+ movl 24(%ecx), %eax
+ xorl %ebx, %ebx
+ movl 28(%ecx), %edx
+ xorl %edi, %eax
+ xorl %ecx, %ecx
+ xorl %edi, %edx
+ andl $0xfcfcfcfc, %eax
+ andl $0xcfcfcfcf, %edx
+ movb %al, %bl
+ movb %ah, %cl
+ rorl $4, %edx
+ xorl (%ebp,%ebx),%esi
+ movb %dl, %bl
+ xorl 0x200(%ebp,%ecx),%esi
+ movb %dh, %cl
+ shrl $16, %eax
+ xorl 0x100(%ebp,%ebx),%esi
+ movb %ah, %bl
+ shrl $16, %edx
+ xorl 0x300(%ebp,%ecx),%esi
+ movb %dh, %cl
+ andl $0xff, %eax
+ andl $0xff, %edx
+ xorl 0x600(%ebp,%ebx),%esi
+ xorl 0x700(%ebp,%ecx),%esi
+ movl 24(%esp), %ecx
+ xorl 0x400(%ebp,%eax),%esi
+ xorl 0x500(%ebp,%edx),%esi
+
+
+ movl 32(%ecx), %eax
+ xorl %ebx, %ebx
+ movl 36(%ecx), %edx
+ xorl %esi, %eax
+ xorl %ecx, %ecx
+ xorl %esi, %edx
+ andl $0xfcfcfcfc, %eax
+ andl $0xcfcfcfcf, %edx
+ movb %al, %bl
+ movb %ah, %cl
+ rorl $4, %edx
+ xorl (%ebp,%ebx),%edi
+ movb %dl, %bl
+ xorl 0x200(%ebp,%ecx),%edi
+ movb %dh, %cl
+ shrl $16, %eax
+ xorl 0x100(%ebp,%ebx),%edi
+ movb %ah, %bl
+ shrl $16, %edx
+ xorl 0x300(%ebp,%ecx),%edi
+ movb %dh, %cl
+ andl $0xff, %eax
+ andl $0xff, %edx
+ xorl 0x600(%ebp,%ebx),%edi
+ xorl 0x700(%ebp,%ecx),%edi
+ movl 24(%esp), %ecx
+ xorl 0x400(%ebp,%eax),%edi
+ xorl 0x500(%ebp,%edx),%edi
+
+
+ movl 40(%ecx), %eax
+ xorl %ebx, %ebx
+ movl 44(%ecx), %edx
+ xorl %edi, %eax
+ xorl %ecx, %ecx
+ xorl %edi, %edx
+ andl $0xfcfcfcfc, %eax
+ andl $0xcfcfcfcf, %edx
+ movb %al, %bl
+ movb %ah, %cl
+ rorl $4, %edx
+ xorl (%ebp,%ebx),%esi
+ movb %dl, %bl
+ xorl 0x200(%ebp,%ecx),%esi
+ movb %dh, %cl
+ shrl $16, %eax
+ xorl 0x100(%ebp,%ebx),%esi
+ movb %ah, %bl
+ shrl $16, %edx
+ xorl 0x300(%ebp,%ecx),%esi
+ movb %dh, %cl
+ andl $0xff, %eax
+ andl $0xff, %edx
+ xorl 0x600(%ebp,%ebx),%esi
+ xorl 0x700(%ebp,%ecx),%esi
+ movl 24(%esp), %ecx
+ xorl 0x400(%ebp,%eax),%esi
+ xorl 0x500(%ebp,%edx),%esi
+
+
+ movl 48(%ecx), %eax
+ xorl %ebx, %ebx
+ movl 52(%ecx), %edx
+ xorl %esi, %eax
+ xorl %ecx, %ecx
+ xorl %esi, %edx
+ andl $0xfcfcfcfc, %eax
+ andl $0xcfcfcfcf, %edx
+ movb %al, %bl
+ movb %ah, %cl
+ rorl $4, %edx
+ xorl (%ebp,%ebx),%edi
+ movb %dl, %bl
+ xorl 0x200(%ebp,%ecx),%edi
+ movb %dh, %cl
+ shrl $16, %eax
+ xorl 0x100(%ebp,%ebx),%edi
+ movb %ah, %bl
+ shrl $16, %edx
+ xorl 0x300(%ebp,%ecx),%edi
+ movb %dh, %cl
+ andl $0xff, %eax
+ andl $0xff, %edx
+ xorl 0x600(%ebp,%ebx),%edi
+ xorl 0x700(%ebp,%ecx),%edi
+ movl 24(%esp), %ecx
+ xorl 0x400(%ebp,%eax),%edi
+ xorl 0x500(%ebp,%edx),%edi
+
+
+ movl 56(%ecx), %eax
+ xorl %ebx, %ebx
+ movl 60(%ecx), %edx
+ xorl %edi, %eax
+ xorl %ecx, %ecx
+ xorl %edi, %edx
+ andl $0xfcfcfcfc, %eax
+ andl $0xcfcfcfcf, %edx
+ movb %al, %bl
+ movb %ah, %cl
+ rorl $4, %edx
+ xorl (%ebp,%ebx),%esi
+ movb %dl, %bl
+ xorl 0x200(%ebp,%ecx),%esi
+ movb %dh, %cl
+ shrl $16, %eax
+ xorl 0x100(%ebp,%ebx),%esi
+ movb %ah, %bl
+ shrl $16, %edx
+ xorl 0x300(%ebp,%ecx),%esi
+ movb %dh, %cl
+ andl $0xff, %eax
+ andl $0xff, %edx
+ xorl 0x600(%ebp,%ebx),%esi
+ xorl 0x700(%ebp,%ecx),%esi
+ movl 24(%esp), %ecx
+ xorl 0x400(%ebp,%eax),%esi
+ xorl 0x500(%ebp,%edx),%esi
+
+
+ movl 64(%ecx), %eax
+ xorl %ebx, %ebx
+ movl 68(%ecx), %edx
+ xorl %esi, %eax
+ xorl %ecx, %ecx
+ xorl %esi, %edx
+ andl $0xfcfcfcfc, %eax
+ andl $0xcfcfcfcf, %edx
+ movb %al, %bl
+ movb %ah, %cl
+ rorl $4, %edx
+ xorl (%ebp,%ebx),%edi
+ movb %dl, %bl
+ xorl 0x200(%ebp,%ecx),%edi
+ movb %dh, %cl
+ shrl $16, %eax
+ xorl 0x100(%ebp,%ebx),%edi
+ movb %ah, %bl
+ shrl $16, %edx
+ xorl 0x300(%ebp,%ecx),%edi
+ movb %dh, %cl
+ andl $0xff, %eax
+ andl $0xff, %edx
+ xorl 0x600(%ebp,%ebx),%edi
+ xorl 0x700(%ebp,%ecx),%edi
+ movl 24(%esp), %ecx
+ xorl 0x400(%ebp,%eax),%edi
+ xorl 0x500(%ebp,%edx),%edi
+
+
+ movl 72(%ecx), %eax
+ xorl %ebx, %ebx
+ movl 76(%ecx), %edx
+ xorl %edi, %eax
+ xorl %ecx, %ecx
+ xorl %edi, %edx
+ andl $0xfcfcfcfc, %eax
+ andl $0xcfcfcfcf, %edx
+ movb %al, %bl
+ movb %ah, %cl
+ rorl $4, %edx
+ xorl (%ebp,%ebx),%esi
+ movb %dl, %bl
+ xorl 0x200(%ebp,%ecx),%esi
+ movb %dh, %cl
+ shrl $16, %eax
+ xorl 0x100(%ebp,%ebx),%esi
+ movb %ah, %bl
+ shrl $16, %edx
+ xorl 0x300(%ebp,%ecx),%esi
+ movb %dh, %cl
+ andl $0xff, %eax
+ andl $0xff, %edx
+ xorl 0x600(%ebp,%ebx),%esi
+ xorl 0x700(%ebp,%ecx),%esi
+ movl 24(%esp), %ecx
+ xorl 0x400(%ebp,%eax),%esi
+ xorl 0x500(%ebp,%edx),%esi
+
+
+ movl 80(%ecx), %eax
+ xorl %ebx, %ebx
+ movl 84(%ecx), %edx
+ xorl %esi, %eax
+ xorl %ecx, %ecx
+ xorl %esi, %edx
+ andl $0xfcfcfcfc, %eax
+ andl $0xcfcfcfcf, %edx
+ movb %al, %bl
+ movb %ah, %cl
+ rorl $4, %edx
+ xorl (%ebp,%ebx),%edi
+ movb %dl, %bl
+ xorl 0x200(%ebp,%ecx),%edi
+ movb %dh, %cl
+ shrl $16, %eax
+ xorl 0x100(%ebp,%ebx),%edi
+ movb %ah, %bl
+ shrl $16, %edx
+ xorl 0x300(%ebp,%ecx),%edi
+ movb %dh, %cl
+ andl $0xff, %eax
+ andl $0xff, %edx
+ xorl 0x600(%ebp,%ebx),%edi
+ xorl 0x700(%ebp,%ecx),%edi
+ movl 24(%esp), %ecx
+ xorl 0x400(%ebp,%eax),%edi
+ xorl 0x500(%ebp,%edx),%edi
+
+
+ movl 88(%ecx), %eax
+ xorl %ebx, %ebx
+ movl 92(%ecx), %edx
+ xorl %edi, %eax
+ xorl %ecx, %ecx
+ xorl %edi, %edx
+ andl $0xfcfcfcfc, %eax
+ andl $0xcfcfcfcf, %edx
+ movb %al, %bl
+ movb %ah, %cl
+ rorl $4, %edx
+ xorl (%ebp,%ebx),%esi
+ movb %dl, %bl
+ xorl 0x200(%ebp,%ecx),%esi
+ movb %dh, %cl
+ shrl $16, %eax
+ xorl 0x100(%ebp,%ebx),%esi
+ movb %ah, %bl
+ shrl $16, %edx
+ xorl 0x300(%ebp,%ecx),%esi
+ movb %dh, %cl
+ andl $0xff, %eax
+ andl $0xff, %edx
+ xorl 0x600(%ebp,%ebx),%esi
+ xorl 0x700(%ebp,%ecx),%esi
+ movl 24(%esp), %ecx
+ xorl 0x400(%ebp,%eax),%esi
+ xorl 0x500(%ebp,%edx),%esi
+
+
+ movl 96(%ecx), %eax
+ xorl %ebx, %ebx
+ movl 100(%ecx), %edx
+ xorl %esi, %eax
+ xorl %ecx, %ecx
+ xorl %esi, %edx
+ andl $0xfcfcfcfc, %eax
+ andl $0xcfcfcfcf, %edx
+ movb %al, %bl
+ movb %ah, %cl
+ rorl $4, %edx
+ xorl (%ebp,%ebx),%edi
+ movb %dl, %bl
+ xorl 0x200(%ebp,%ecx),%edi
+ movb %dh, %cl
+ shrl $16, %eax
+ xorl 0x100(%ebp,%ebx),%edi
+ movb %ah, %bl
+ shrl $16, %edx
+ xorl 0x300(%ebp,%ecx),%edi
+ movb %dh, %cl
+ andl $0xff, %eax
+ andl $0xff, %edx
+ xorl 0x600(%ebp,%ebx),%edi
+ xorl 0x700(%ebp,%ecx),%edi
+ movl 24(%esp), %ecx
+ xorl 0x400(%ebp,%eax),%edi
+ xorl 0x500(%ebp,%edx),%edi
+
+
+ movl 104(%ecx), %eax
+ xorl %ebx, %ebx
+ movl 108(%ecx), %edx
+ xorl %edi, %eax
+ xorl %ecx, %ecx
+ xorl %edi, %edx
+ andl $0xfcfcfcfc, %eax
+ andl $0xcfcfcfcf, %edx
+ movb %al, %bl
+ movb %ah, %cl
+ rorl $4, %edx
+ xorl (%ebp,%ebx),%esi
+ movb %dl, %bl
+ xorl 0x200(%ebp,%ecx),%esi
+ movb %dh, %cl
+ shrl $16, %eax
+ xorl 0x100(%ebp,%ebx),%esi
+ movb %ah, %bl
+ shrl $16, %edx
+ xorl 0x300(%ebp,%ecx),%esi
+ movb %dh, %cl
+ andl $0xff, %eax
+ andl $0xff, %edx
+ xorl 0x600(%ebp,%ebx),%esi
+ xorl 0x700(%ebp,%ecx),%esi
+ movl 24(%esp), %ecx
+ xorl 0x400(%ebp,%eax),%esi
+ xorl 0x500(%ebp,%edx),%esi
+
+
+ movl 112(%ecx), %eax
+ xorl %ebx, %ebx
+ movl 116(%ecx), %edx
+ xorl %esi, %eax
+ xorl %ecx, %ecx
+ xorl %esi, %edx
+ andl $0xfcfcfcfc, %eax
+ andl $0xcfcfcfcf, %edx
+ movb %al, %bl
+ movb %ah, %cl
+ rorl $4, %edx
+ xorl (%ebp,%ebx),%edi
+ movb %dl, %bl
+ xorl 0x200(%ebp,%ecx),%edi
+ movb %dh, %cl
+ shrl $16, %eax
+ xorl 0x100(%ebp,%ebx),%edi
+ movb %ah, %bl
+ shrl $16, %edx
+ xorl 0x300(%ebp,%ecx),%edi
+ movb %dh, %cl
+ andl $0xff, %eax
+ andl $0xff, %edx
+ xorl 0x600(%ebp,%ebx),%edi
+ xorl 0x700(%ebp,%ecx),%edi
+ movl 24(%esp), %ecx
+ xorl 0x400(%ebp,%eax),%edi
+ xorl 0x500(%ebp,%edx),%edi
+
+
+ movl 120(%ecx), %eax
+ xorl %ebx, %ebx
+ movl 124(%ecx), %edx
+ xorl %edi, %eax
+ xorl %ecx, %ecx
+ xorl %edi, %edx
+ andl $0xfcfcfcfc, %eax
+ andl $0xcfcfcfcf, %edx
+ movb %al, %bl
+ movb %ah, %cl
+ rorl $4, %edx
+ xorl (%ebp,%ebx),%esi
+ movb %dl, %bl
+ xorl 0x200(%ebp,%ecx),%esi
+ movb %dh, %cl
+ shrl $16, %eax
+ xorl 0x100(%ebp,%ebx),%esi
+ movb %ah, %bl
+ shrl $16, %edx
+ xorl 0x300(%ebp,%ecx),%esi
+ movb %dh, %cl
+ andl $0xff, %eax
+ andl $0xff, %edx
+ xorl 0x600(%ebp,%ebx),%esi
+ xorl 0x700(%ebp,%ecx),%esi
+ movl 24(%esp), %ecx
+ xorl 0x400(%ebp,%eax),%esi
+ xorl 0x500(%ebp,%edx),%esi
+ jmp .L003end
+.L002start_decrypt:
+
+
+ movl 120(%ecx), %eax
+ xorl %ebx, %ebx
+ movl 124(%ecx), %edx
+ xorl %esi, %eax
+ xorl %ecx, %ecx
+ xorl %esi, %edx
+ andl $0xfcfcfcfc, %eax
+ andl $0xcfcfcfcf, %edx
+ movb %al, %bl
+ movb %ah, %cl
+ rorl $4, %edx
+ xorl (%ebp,%ebx),%edi
+ movb %dl, %bl
+ xorl 0x200(%ebp,%ecx),%edi
+ movb %dh, %cl
+ shrl $16, %eax
+ xorl 0x100(%ebp,%ebx),%edi
+ movb %ah, %bl
+ shrl $16, %edx
+ xorl 0x300(%ebp,%ecx),%edi
+ movb %dh, %cl
+ andl $0xff, %eax
+ andl $0xff, %edx
+ xorl 0x600(%ebp,%ebx),%edi
+ xorl 0x700(%ebp,%ecx),%edi
+ movl 24(%esp), %ecx
+ xorl 0x400(%ebp,%eax),%edi
+ xorl 0x500(%ebp,%edx),%edi
+
+
+ movl 112(%ecx), %eax
+ xorl %ebx, %ebx
+ movl 116(%ecx), %edx
+ xorl %edi, %eax
+ xorl %ecx, %ecx
+ xorl %edi, %edx
+ andl $0xfcfcfcfc, %eax
+ andl $0xcfcfcfcf, %edx
+ movb %al, %bl
+ movb %ah, %cl
+ rorl $4, %edx
+ xorl (%ebp,%ebx),%esi
+ movb %dl, %bl
+ xorl 0x200(%ebp,%ecx),%esi
+ movb %dh, %cl
+ shrl $16, %eax
+ xorl 0x100(%ebp,%ebx),%esi
+ movb %ah, %bl
+ shrl $16, %edx
+ xorl 0x300(%ebp,%ecx),%esi
+ movb %dh, %cl
+ andl $0xff, %eax
+ andl $0xff, %edx
+ xorl 0x600(%ebp,%ebx),%esi
+ xorl 0x700(%ebp,%ecx),%esi
+ movl 24(%esp), %ecx
+ xorl 0x400(%ebp,%eax),%esi
+ xorl 0x500(%ebp,%edx),%esi
+
+
+ movl 104(%ecx), %eax
+ xorl %ebx, %ebx
+ movl 108(%ecx), %edx
+ xorl %esi, %eax
+ xorl %ecx, %ecx
+ xorl %esi, %edx
+ andl $0xfcfcfcfc, %eax
+ andl $0xcfcfcfcf, %edx
+ movb %al, %bl
+ movb %ah, %cl
+ rorl $4, %edx
+ xorl (%ebp,%ebx),%edi
+ movb %dl, %bl
+ xorl 0x200(%ebp,%ecx),%edi
+ movb %dh, %cl
+ shrl $16, %eax
+ xorl 0x100(%ebp,%ebx),%edi
+ movb %ah, %bl
+ shrl $16, %edx
+ xorl 0x300(%ebp,%ecx),%edi
+ movb %dh, %cl
+ andl $0xff, %eax
+ andl $0xff, %edx
+ xorl 0x600(%ebp,%ebx),%edi
+ xorl 0x700(%ebp,%ecx),%edi
+ movl 24(%esp), %ecx
+ xorl 0x400(%ebp,%eax),%edi
+ xorl 0x500(%ebp,%edx),%edi
+
+
+ movl 96(%ecx), %eax
+ xorl %ebx, %ebx
+ movl 100(%ecx), %edx
+ xorl %edi, %eax
+ xorl %ecx, %ecx
+ xorl %edi, %edx
+ andl $0xfcfcfcfc, %eax
+ andl $0xcfcfcfcf, %edx
+ movb %al, %bl
+ movb %ah, %cl
+ rorl $4, %edx
+ xorl (%ebp,%ebx),%esi
+ movb %dl, %bl
+ xorl 0x200(%ebp,%ecx),%esi
+ movb %dh, %cl
+ shrl $16, %eax
+ xorl 0x100(%ebp,%ebx),%esi
+ movb %ah, %bl
+ shrl $16, %edx
+ xorl 0x300(%ebp,%ecx),%esi
+ movb %dh, %cl
+ andl $0xff, %eax
+ andl $0xff, %edx
+ xorl 0x600(%ebp,%ebx),%esi
+ xorl 0x700(%ebp,%ecx),%esi
+ movl 24(%esp), %ecx
+ xorl 0x400(%ebp,%eax),%esi
+ xorl 0x500(%ebp,%edx),%esi
+
+
+ movl 88(%ecx), %eax
+ xorl %ebx, %ebx
+ movl 92(%ecx), %edx
+ xorl %esi, %eax
+ xorl %ecx, %ecx
+ xorl %esi, %edx
+ andl $0xfcfcfcfc, %eax
+ andl $0xcfcfcfcf, %edx
+ movb %al, %bl
+ movb %ah, %cl
+ rorl $4, %edx
+ xorl (%ebp,%ebx),%edi
+ movb %dl, %bl
+ xorl 0x200(%ebp,%ecx),%edi
+ movb %dh, %cl
+ shrl $16, %eax
+ xorl 0x100(%ebp,%ebx),%edi
+ movb %ah, %bl
+ shrl $16, %edx
+ xorl 0x300(%ebp,%ecx),%edi
+ movb %dh, %cl
+ andl $0xff, %eax
+ andl $0xff, %edx
+ xorl 0x600(%ebp,%ebx),%edi
+ xorl 0x700(%ebp,%ecx),%edi
+ movl 24(%esp), %ecx
+ xorl 0x400(%ebp,%eax),%edi
+ xorl 0x500(%ebp,%edx),%edi
+
+
+ movl 80(%ecx), %eax
+ xorl %ebx, %ebx
+ movl 84(%ecx), %edx
+ xorl %edi, %eax
+ xorl %ecx, %ecx
+ xorl %edi, %edx
+ andl $0xfcfcfcfc, %eax
+ andl $0xcfcfcfcf, %edx
+ movb %al, %bl
+ movb %ah, %cl
+ rorl $4, %edx
+ xorl (%ebp,%ebx),%esi
+ movb %dl, %bl
+ xorl 0x200(%ebp,%ecx),%esi
+ movb %dh, %cl
+ shrl $16, %eax
+ xorl 0x100(%ebp,%ebx),%esi
+ movb %ah, %bl
+ shrl $16, %edx
+ xorl 0x300(%ebp,%ecx),%esi
+ movb %dh, %cl
+ andl $0xff, %eax
+ andl $0xff, %edx
+ xorl 0x600(%ebp,%ebx),%esi
+ xorl 0x700(%ebp,%ecx),%esi
+ movl 24(%esp), %ecx
+ xorl 0x400(%ebp,%eax),%esi
+ xorl 0x500(%ebp,%edx),%esi
+
+
+ movl 72(%ecx), %eax
+ xorl %ebx, %ebx
+ movl 76(%ecx), %edx
+ xorl %esi, %eax
+ xorl %ecx, %ecx
+ xorl %esi, %edx
+ andl $0xfcfcfcfc, %eax
+ andl $0xcfcfcfcf, %edx
+ movb %al, %bl
+ movb %ah, %cl
+ rorl $4, %edx
+ xorl (%ebp,%ebx),%edi
+ movb %dl, %bl
+ xorl 0x200(%ebp,%ecx),%edi
+ movb %dh, %cl
+ shrl $16, %eax
+ xorl 0x100(%ebp,%ebx),%edi
+ movb %ah, %bl
+ shrl $16, %edx
+ xorl 0x300(%ebp,%ecx),%edi
+ movb %dh, %cl
+ andl $0xff, %eax
+ andl $0xff, %edx
+ xorl 0x600(%ebp,%ebx),%edi
+ xorl 0x700(%ebp,%ecx),%edi
+ movl 24(%esp), %ecx
+ xorl 0x400(%ebp,%eax),%edi
+ xorl 0x500(%ebp,%edx),%edi
+
+
+ movl 64(%ecx), %eax
+ xorl %ebx, %ebx
+ movl 68(%ecx), %edx
+ xorl %edi, %eax
+ xorl %ecx, %ecx
+ xorl %edi, %edx
+ andl $0xfcfcfcfc, %eax
+ andl $0xcfcfcfcf, %edx
+ movb %al, %bl
+ movb %ah, %cl
+ rorl $4, %edx
+ xorl (%ebp,%ebx),%esi
+ movb %dl, %bl
+ xorl 0x200(%ebp,%ecx),%esi
+ movb %dh, %cl
+ shrl $16, %eax
+ xorl 0x100(%ebp,%ebx),%esi
+ movb %ah, %bl
+ shrl $16, %edx
+ xorl 0x300(%ebp,%ecx),%esi
+ movb %dh, %cl
+ andl $0xff, %eax
+ andl $0xff, %edx
+ xorl 0x600(%ebp,%ebx),%esi
+ xorl 0x700(%ebp,%ecx),%esi
+ movl 24(%esp), %ecx
+ xorl 0x400(%ebp,%eax),%esi
+ xorl 0x500(%ebp,%edx),%esi
+
+
+ movl 56(%ecx), %eax
+ xorl %ebx, %ebx
+ movl 60(%ecx), %edx
+ xorl %esi, %eax
+ xorl %ecx, %ecx
+ xorl %esi, %edx
+ andl $0xfcfcfcfc, %eax
+ andl $0xcfcfcfcf, %edx
+ movb %al, %bl
+ movb %ah, %cl
+ rorl $4, %edx
+ xorl (%ebp,%ebx),%edi
+ movb %dl, %bl
+ xorl 0x200(%ebp,%ecx),%edi
+ movb %dh, %cl
+ shrl $16, %eax
+ xorl 0x100(%ebp,%ebx),%edi
+ movb %ah, %bl
+ shrl $16, %edx
+ xorl 0x300(%ebp,%ecx),%edi
+ movb %dh, %cl
+ andl $0xff, %eax
+ andl $0xff, %edx
+ xorl 0x600(%ebp,%ebx),%edi
+ xorl 0x700(%ebp,%ecx),%edi
+ movl 24(%esp), %ecx
+ xorl 0x400(%ebp,%eax),%edi
+ xorl 0x500(%ebp,%edx),%edi
+
+
+ movl 48(%ecx), %eax
+ xorl %ebx, %ebx
+ movl 52(%ecx), %edx
+ xorl %edi, %eax
+ xorl %ecx, %ecx
+ xorl %edi, %edx
+ andl $0xfcfcfcfc, %eax
+ andl $0xcfcfcfcf, %edx
+ movb %al, %bl
+ movb %ah, %cl
+ rorl $4, %edx
+ xorl (%ebp,%ebx),%esi
+ movb %dl, %bl
+ xorl 0x200(%ebp,%ecx),%esi
+ movb %dh, %cl
+ shrl $16, %eax
+ xorl 0x100(%ebp,%ebx),%esi
+ movb %ah, %bl
+ shrl $16, %edx
+ xorl 0x300(%ebp,%ecx),%esi
+ movb %dh, %cl
+ andl $0xff, %eax
+ andl $0xff, %edx
+ xorl 0x600(%ebp,%ebx),%esi
+ xorl 0x700(%ebp,%ecx),%esi
+ movl 24(%esp), %ecx
+ xorl 0x400(%ebp,%eax),%esi
+ xorl 0x500(%ebp,%edx),%esi
+
+
+ movl 40(%ecx), %eax
+ xorl %ebx, %ebx
+ movl 44(%ecx), %edx
+ xorl %esi, %eax
+ xorl %ecx, %ecx
+ xorl %esi, %edx
+ andl $0xfcfcfcfc, %eax
+ andl $0xcfcfcfcf, %edx
+ movb %al, %bl
+ movb %ah, %cl
+ rorl $4, %edx
+ xorl (%ebp,%ebx),%edi
+ movb %dl, %bl
+ xorl 0x200(%ebp,%ecx),%edi
+ movb %dh, %cl
+ shrl $16, %eax
+ xorl 0x100(%ebp,%ebx),%edi
+ movb %ah, %bl
+ shrl $16, %edx
+ xorl 0x300(%ebp,%ecx),%edi
+ movb %dh, %cl
+ andl $0xff, %eax
+ andl $0xff, %edx
+ xorl 0x600(%ebp,%ebx),%edi
+ xorl 0x700(%ebp,%ecx),%edi
+ movl 24(%esp), %ecx
+ xorl 0x400(%ebp,%eax),%edi
+ xorl 0x500(%ebp,%edx),%edi
+
+
+ movl 32(%ecx), %eax
+ xorl %ebx, %ebx
+ movl 36(%ecx), %edx
+ xorl %edi, %eax
+ xorl %ecx, %ecx
+ xorl %edi, %edx
+ andl $0xfcfcfcfc, %eax
+ andl $0xcfcfcfcf, %edx
+ movb %al, %bl
+ movb %ah, %cl
+ rorl $4, %edx
+ xorl (%ebp,%ebx),%esi
+ movb %dl, %bl
+ xorl 0x200(%ebp,%ecx),%esi
+ movb %dh, %cl
+ shrl $16, %eax
+ xorl 0x100(%ebp,%ebx),%esi
+ movb %ah, %bl
+ shrl $16, %edx
+ xorl 0x300(%ebp,%ecx),%esi
+ movb %dh, %cl
+ andl $0xff, %eax
+ andl $0xff, %edx
+ xorl 0x600(%ebp,%ebx),%esi
+ xorl 0x700(%ebp,%ecx),%esi
+ movl 24(%esp), %ecx
+ xorl 0x400(%ebp,%eax),%esi
+ xorl 0x500(%ebp,%edx),%esi
+
+
+ movl 24(%ecx), %eax
+ xorl %ebx, %ebx
+ movl 28(%ecx), %edx
+ xorl %esi, %eax
+ xorl %ecx, %ecx
+ xorl %esi, %edx
+ andl $0xfcfcfcfc, %eax
+ andl $0xcfcfcfcf, %edx
+ movb %al, %bl
+ movb %ah, %cl
+ rorl $4, %edx
+ xorl (%ebp,%ebx),%edi
+ movb %dl, %bl
+ xorl 0x200(%ebp,%ecx),%edi
+ movb %dh, %cl
+ shrl $16, %eax
+ xorl 0x100(%ebp,%ebx),%edi
+ movb %ah, %bl
+ shrl $16, %edx
+ xorl 0x300(%ebp,%ecx),%edi
+ movb %dh, %cl
+ andl $0xff, %eax
+ andl $0xff, %edx
+ xorl 0x600(%ebp,%ebx),%edi
+ xorl 0x700(%ebp,%ecx),%edi
+ movl 24(%esp), %ecx
+ xorl 0x400(%ebp,%eax),%edi
+ xorl 0x500(%ebp,%edx),%edi
+
+
+ movl 16(%ecx), %eax
+ xorl %ebx, %ebx
+ movl 20(%ecx), %edx
+ xorl %edi, %eax
+ xorl %ecx, %ecx
+ xorl %edi, %edx
+ andl $0xfcfcfcfc, %eax
+ andl $0xcfcfcfcf, %edx
+ movb %al, %bl
+ movb %ah, %cl
+ rorl $4, %edx
+ xorl (%ebp,%ebx),%esi
+ movb %dl, %bl
+ xorl 0x200(%ebp,%ecx),%esi
+ movb %dh, %cl
+ shrl $16, %eax
+ xorl 0x100(%ebp,%ebx),%esi
+ movb %ah, %bl
+ shrl $16, %edx
+ xorl 0x300(%ebp,%ecx),%esi
+ movb %dh, %cl
+ andl $0xff, %eax
+ andl $0xff, %edx
+ xorl 0x600(%ebp,%ebx),%esi
+ xorl 0x700(%ebp,%ecx),%esi
+ movl 24(%esp), %ecx
+ xorl 0x400(%ebp,%eax),%esi
+ xorl 0x500(%ebp,%edx),%esi
+
+
+ movl 8(%ecx), %eax
+ xorl %ebx, %ebx
+ movl 12(%ecx), %edx
+ xorl %esi, %eax
+ xorl %ecx, %ecx
+ xorl %esi, %edx
+ andl $0xfcfcfcfc, %eax
+ andl $0xcfcfcfcf, %edx
+ movb %al, %bl
+ movb %ah, %cl
+ rorl $4, %edx
+ xorl (%ebp,%ebx),%edi
+ movb %dl, %bl
+ xorl 0x200(%ebp,%ecx),%edi
+ movb %dh, %cl
+ shrl $16, %eax
+ xorl 0x100(%ebp,%ebx),%edi
+ movb %ah, %bl
+ shrl $16, %edx
+ xorl 0x300(%ebp,%ecx),%edi
+ movb %dh, %cl
+ andl $0xff, %eax
+ andl $0xff, %edx
+ xorl 0x600(%ebp,%ebx),%edi
+ xorl 0x700(%ebp,%ecx),%edi
+ movl 24(%esp), %ecx
+ xorl 0x400(%ebp,%eax),%edi
+ xorl 0x500(%ebp,%edx),%edi
+
+
+ movl (%ecx), %eax
+ xorl %ebx, %ebx
+ movl 4(%ecx), %edx
+ xorl %edi, %eax
+ xorl %ecx, %ecx
+ xorl %edi, %edx
+ andl $0xfcfcfcfc, %eax
+ andl $0xcfcfcfcf, %edx
+ movb %al, %bl
+ movb %ah, %cl
+ rorl $4, %edx
+ xorl (%ebp,%ebx),%esi
+ movb %dl, %bl
+ xorl 0x200(%ebp,%ecx),%esi
+ movb %dh, %cl
+ shrl $16, %eax
+ xorl 0x100(%ebp,%ebx),%esi
+ movb %ah, %bl
+ shrl $16, %edx
+ xorl 0x300(%ebp,%ecx),%esi
+ movb %dh, %cl
+ andl $0xff, %eax
+ andl $0xff, %edx
+ xorl 0x600(%ebp,%ebx),%esi
+ xorl 0x700(%ebp,%ecx),%esi
+ movl 24(%esp), %ecx
+ xorl 0x400(%ebp,%eax),%esi
+ xorl 0x500(%ebp,%edx),%esi
+.L003end:
+
+
+ rorl $3, %edi
+ movl 20(%esp), %eax
+ rorl $3, %esi
+ movl %edi, (%eax)
+ movl %esi, 4(%eax)
+ popl %ebp
+ popl %ebx
+ popl %edi
+ popl %esi
+ ret
+.L_DES_encrypt2_end:
+ .size DES_encrypt2,.L_DES_encrypt2_end-DES_encrypt2
+.ident "desasm.pl"
+.text
+ .align 16
+.globl DES_encrypt3
+ .type DES_encrypt3,@function
+DES_encrypt3:
+ pushl %ebx
+ movl 8(%esp), %ebx
+ pushl %ebp
+ pushl %esi
+ pushl %edi
+
+
+ movl (%ebx), %edi
+ movl 4(%ebx), %esi
+ subl $12, %esp
+
+
+ roll $4, %edi
+ movl %edi, %edx
+ xorl %esi, %edi
+ andl $0xf0f0f0f0, %edi
+ xorl %edi, %edx
+ xorl %edi, %esi
+
+ roll $20, %esi
+ movl %esi, %edi
+ xorl %edx, %esi
+ andl $0xfff0000f, %esi
+ xorl %esi, %edi
+ xorl %esi, %edx
+
+ roll $14, %edi
+ movl %edi, %esi
+ xorl %edx, %edi
+ andl $0x33333333, %edi
+ xorl %edi, %esi
+ xorl %edi, %edx
+
+ roll $22, %edx
+ movl %edx, %edi
+ xorl %esi, %edx
+ andl $0x03fc03fc, %edx
+ xorl %edx, %edi
+ xorl %edx, %esi
+
+ roll $9, %edi
+ movl %edi, %edx
+ xorl %esi, %edi
+ andl $0xaaaaaaaa, %edi
+ xorl %edi, %edx
+ xorl %edi, %esi
+
+ rorl $3, %edx
+ rorl $2, %esi
+ movl %esi, 4(%ebx)
+ movl 36(%esp), %eax
+ movl %edx, (%ebx)
+ movl 40(%esp), %edi
+ movl 44(%esp), %esi
+ movl $1, 8(%esp)
+ movl %eax, 4(%esp)
+ movl %ebx, (%esp)
+ call DES_encrypt2
+ movl $0, 8(%esp)
+ movl %edi, 4(%esp)
+ movl %ebx, (%esp)
+ call DES_encrypt2
+ movl $1, 8(%esp)
+ movl %esi, 4(%esp)
+ movl %ebx, (%esp)
+ call DES_encrypt2
+ addl $12, %esp
+ movl (%ebx), %edi
+ movl 4(%ebx), %esi
+
+
+ roll $2, %esi
+ roll $3, %edi
+ movl %edi, %eax
+ xorl %esi, %edi
+ andl $0xaaaaaaaa, %edi
+ xorl %edi, %eax
+ xorl %edi, %esi
+
+ roll $23, %eax
+ movl %eax, %edi
+ xorl %esi, %eax
+ andl $0x03fc03fc, %eax
+ xorl %eax, %edi
+ xorl %eax, %esi
+
+ roll $10, %edi
+ movl %edi, %eax
+ xorl %esi, %edi
+ andl $0x33333333, %edi
+ xorl %edi, %eax
+ xorl %edi, %esi
+
+ roll $18, %esi
+ movl %esi, %edi
+ xorl %eax, %esi
+ andl $0xfff0000f, %esi
+ xorl %esi, %edi
+ xorl %esi, %eax
+
+ roll $12, %edi
+ movl %edi, %esi
+ xorl %eax, %edi
+ andl $0xf0f0f0f0, %edi
+ xorl %edi, %esi
+ xorl %edi, %eax
+
+ rorl $4, %eax
+ movl %eax, (%ebx)
+ movl %esi, 4(%ebx)
+ popl %edi
+ popl %esi
+ popl %ebp
+ popl %ebx
+ ret
+.L_DES_encrypt3_end:
+ .size DES_encrypt3,.L_DES_encrypt3_end-DES_encrypt3
+.ident "desasm.pl"
+.text
+ .align 16
+.globl DES_decrypt3
+ .type DES_decrypt3,@function
+DES_decrypt3:
+ pushl %ebx
+ movl 8(%esp), %ebx
+ pushl %ebp
+ pushl %esi
+ pushl %edi
+
+
+ movl (%ebx), %edi
+ movl 4(%ebx), %esi
+ subl $12, %esp
+
+
+ roll $4, %edi
+ movl %edi, %edx
+ xorl %esi, %edi
+ andl $0xf0f0f0f0, %edi
+ xorl %edi, %edx
+ xorl %edi, %esi
+
+ roll $20, %esi
+ movl %esi, %edi
+ xorl %edx, %esi
+ andl $0xfff0000f, %esi
+ xorl %esi, %edi
+ xorl %esi, %edx
+
+ roll $14, %edi
+ movl %edi, %esi
+ xorl %edx, %edi
+ andl $0x33333333, %edi
+ xorl %edi, %esi
+ xorl %edi, %edx
+
+ roll $22, %edx
+ movl %edx, %edi
+ xorl %esi, %edx
+ andl $0x03fc03fc, %edx
+ xorl %edx, %edi
+ xorl %edx, %esi
+
+ roll $9, %edi
+ movl %edi, %edx
+ xorl %esi, %edi
+ andl $0xaaaaaaaa, %edi
+ xorl %edi, %edx
+ xorl %edi, %esi
+
+ rorl $3, %edx
+ rorl $2, %esi
+ movl %esi, 4(%ebx)
+ movl 36(%esp), %esi
+ movl %edx, (%ebx)
+ movl 40(%esp), %edi
+ movl 44(%esp), %eax
+ movl $0, 8(%esp)
+ movl %eax, 4(%esp)
+ movl %ebx, (%esp)
+ call DES_encrypt2
+ movl $1, 8(%esp)
+ movl %edi, 4(%esp)
+ movl %ebx, (%esp)
+ call DES_encrypt2
+ movl $0, 8(%esp)
+ movl %esi, 4(%esp)
+ movl %ebx, (%esp)
+ call DES_encrypt2
+ addl $12, %esp
+ movl (%ebx), %edi
+ movl 4(%ebx), %esi
+
+
+ roll $2, %esi
+ roll $3, %edi
+ movl %edi, %eax
+ xorl %esi, %edi
+ andl $0xaaaaaaaa, %edi
+ xorl %edi, %eax
+ xorl %edi, %esi
+
+ roll $23, %eax
+ movl %eax, %edi
+ xorl %esi, %eax
+ andl $0x03fc03fc, %eax
+ xorl %eax, %edi
+ xorl %eax, %esi
+
+ roll $10, %edi
+ movl %edi, %eax
+ xorl %esi, %edi
+ andl $0x33333333, %edi
+ xorl %edi, %eax
+ xorl %edi, %esi
+
+ roll $18, %esi
+ movl %esi, %edi
+ xorl %eax, %esi
+ andl $0xfff0000f, %esi
+ xorl %esi, %edi
+ xorl %esi, %eax
+
+ roll $12, %edi
+ movl %edi, %esi
+ xorl %eax, %edi
+ andl $0xf0f0f0f0, %edi
+ xorl %edi, %esi
+ xorl %edi, %eax
+
+ rorl $4, %eax
+ movl %eax, (%ebx)
+ movl %esi, 4(%ebx)
+ popl %edi
+ popl %esi
+ popl %ebp
+ popl %ebx
+ ret
+.L_DES_decrypt3_end:
+ .size DES_decrypt3,.L_DES_decrypt3_end-DES_decrypt3
+.ident "desasm.pl"
+.text
+ .align 16
+.globl DES_ncbc_encrypt
+ .type DES_ncbc_encrypt,@function
+DES_ncbc_encrypt:
+
+ pushl %ebp
+ pushl %ebx
+ pushl %esi
+ pushl %edi
+ movl 28(%esp), %ebp
+
+ movl 36(%esp), %ebx
+ movl (%ebx), %esi
+ movl 4(%ebx), %edi
+ pushl %edi
+ pushl %esi
+ pushl %edi
+ pushl %esi
+ movl %esp, %ebx
+ movl 36(%esp), %esi
+ movl 40(%esp), %edi
+
+ movl 56(%esp), %ecx
+
+ pushl %ecx
+
+ movl 52(%esp), %eax
+ pushl %eax
+ pushl %ebx
+ cmpl $0, %ecx
+ jz .L004decrypt
+ andl $4294967288, %ebp
+ movl 12(%esp), %eax
+ movl 16(%esp), %ebx
+ jz .L005encrypt_finish
+.L006encrypt_loop:
+ movl (%esi), %ecx
+ movl 4(%esi), %edx
+ xorl %ecx, %eax
+ xorl %edx, %ebx
+ movl %eax, 12(%esp)
+ movl %ebx, 16(%esp)
+ call DES_encrypt1
+ movl 12(%esp), %eax
+ movl 16(%esp), %ebx
+ movl %eax, (%edi)
+ movl %ebx, 4(%edi)
+ addl $8, %esi
+ addl $8, %edi
+ subl $8, %ebp
+ jnz .L006encrypt_loop
+.L005encrypt_finish:
+ movl 56(%esp), %ebp
+ andl $7, %ebp
+ jz .L007finish
+ call .L008PIC_point
+.L008PIC_point:
+ popl %edx
+ leal .L009cbc_enc_jmp_table-.L008PIC_point(%edx),%ecx
+ movl (%ecx,%ebp,4), %ebp
+ addl %edx, %ebp
+ xorl %ecx, %ecx
+ xorl %edx, %edx
+ jmp *%ebp
+.L010ej7:
+ movb 6(%esi), %dh
+ sall $8, %edx
+.L011ej6:
+ movb 5(%esi), %dh
+.L012ej5:
+ movb 4(%esi), %dl
+.L013ej4:
+ movl (%esi), %ecx
+ jmp .L014ejend
+.L015ej3:
+ movb 2(%esi), %ch
+ sall $8, %ecx
+.L016ej2:
+ movb 1(%esi), %ch
+.L017ej1:
+ movb (%esi), %cl
+.L014ejend:
+ xorl %ecx, %eax
+ xorl %edx, %ebx
+ movl %eax, 12(%esp)
+ movl %ebx, 16(%esp)
+ call DES_encrypt1
+ movl 12(%esp), %eax
+ movl 16(%esp), %ebx
+ movl %eax, (%edi)
+ movl %ebx, 4(%edi)
+ jmp .L007finish
+.align 16
+.L004decrypt:
+ andl $4294967288, %ebp
+ movl 20(%esp), %eax
+ movl 24(%esp), %ebx
+ jz .L018decrypt_finish
+.L019decrypt_loop:
+ movl (%esi), %eax
+ movl 4(%esi), %ebx
+ movl %eax, 12(%esp)
+ movl %ebx, 16(%esp)
+ call DES_encrypt1
+ movl 12(%esp), %eax
+ movl 16(%esp), %ebx
+ movl 20(%esp), %ecx
+ movl 24(%esp), %edx
+ xorl %eax, %ecx
+ xorl %ebx, %edx
+ movl (%esi), %eax
+ movl 4(%esi), %ebx
+ movl %ecx, (%edi)
+ movl %edx, 4(%edi)
+ movl %eax, 20(%esp)
+ movl %ebx, 24(%esp)
+ addl $8, %esi
+ addl $8, %edi
+ subl $8, %ebp
+ jnz .L019decrypt_loop
+.L018decrypt_finish:
+ movl 56(%esp), %ebp
+ andl $7, %ebp
+ jz .L007finish
+ movl (%esi), %eax
+ movl 4(%esi), %ebx
+ movl %eax, 12(%esp)
+ movl %ebx, 16(%esp)
+ call DES_encrypt1
+ movl 12(%esp), %eax
+ movl 16(%esp), %ebx
+ movl 20(%esp), %ecx
+ movl 24(%esp), %edx
+ xorl %eax, %ecx
+ xorl %ebx, %edx
+ movl (%esi), %eax
+ movl 4(%esi), %ebx
+.L020dj7:
+ rorl $16, %edx
+ movb %dl, 6(%edi)
+ shrl $16, %edx
+.L021dj6:
+ movb %dh, 5(%edi)
+.L022dj5:
+ movb %dl, 4(%edi)
+.L023dj4:
+ movl %ecx, (%edi)
+ jmp .L024djend
+.L025dj3:
+ rorl $16, %ecx
+ movb %cl, 2(%edi)
+ sall $16, %ecx
+.L026dj2:
+ movb %ch, 1(%esi)
+.L027dj1:
+ movb %cl, (%esi)
+.L024djend:
+ jmp .L007finish
+.align 16
+.L007finish:
+ movl 64(%esp), %ecx
+ addl $28, %esp
+ movl %eax, (%ecx)
+ movl %ebx, 4(%ecx)
+ popl %edi
+ popl %esi
+ popl %ebx
+ popl %ebp
+ ret
+.align 16
+.L009cbc_enc_jmp_table:
+ .long 0
+ .long .L017ej1-.L008PIC_point
+ .long .L016ej2-.L008PIC_point
+ .long .L015ej3-.L008PIC_point
+ .long .L013ej4-.L008PIC_point
+ .long .L012ej5-.L008PIC_point
+ .long .L011ej6-.L008PIC_point
+ .long .L010ej7-.L008PIC_point
+.L_DES_ncbc_encrypt_end:
+ .size DES_ncbc_encrypt,.L_DES_ncbc_encrypt_end-DES_ncbc_encrypt
+.ident "desasm.pl"
+.text
+ .align 16
+.globl DES_ede3_cbc_encrypt
+ .type DES_ede3_cbc_encrypt,@function
+DES_ede3_cbc_encrypt:
+
+ pushl %ebp
+ pushl %ebx
+ pushl %esi
+ pushl %edi
+ movl 28(%esp), %ebp
+
+ movl 44(%esp), %ebx
+ movl (%ebx), %esi
+ movl 4(%ebx), %edi
+ pushl %edi
+ pushl %esi
+ pushl %edi
+ pushl %esi
+ movl %esp, %ebx
+ movl 36(%esp), %esi
+ movl 40(%esp), %edi
+
+ movl 64(%esp), %ecx
+
+ movl 56(%esp), %eax
+ pushl %eax
+
+ movl 56(%esp), %eax
+ pushl %eax
+
+ movl 56(%esp), %eax
+ pushl %eax
+ pushl %ebx
+ cmpl $0, %ecx
+ jz .L028decrypt
+ andl $4294967288, %ebp
+ movl 16(%esp), %eax
+ movl 20(%esp), %ebx
+ jz .L029encrypt_finish
+.L030encrypt_loop:
+ movl (%esi), %ecx
+ movl 4(%esi), %edx
+ xorl %ecx, %eax
+ xorl %edx, %ebx
+ movl %eax, 16(%esp)
+ movl %ebx, 20(%esp)
+ call DES_encrypt3
+ movl 16(%esp), %eax
+ movl 20(%esp), %ebx
+ movl %eax, (%edi)
+ movl %ebx, 4(%edi)
+ addl $8, %esi
+ addl $8, %edi
+ subl $8, %ebp
+ jnz .L030encrypt_loop
+.L029encrypt_finish:
+ movl 60(%esp), %ebp
+ andl $7, %ebp
+ jz .L031finish
+ call .L032PIC_point
+.L032PIC_point:
+ popl %edx
+ leal .L033cbc_enc_jmp_table-.L032PIC_point(%edx),%ecx
+ movl (%ecx,%ebp,4), %ebp
+ addl %edx, %ebp
+ xorl %ecx, %ecx
+ xorl %edx, %edx
+ jmp *%ebp
+.L034ej7:
+ movb 6(%esi), %dh
+ sall $8, %edx
+.L035ej6:
+ movb 5(%esi), %dh
+.L036ej5:
+ movb 4(%esi), %dl
+.L037ej4:
+ movl (%esi), %ecx
+ jmp .L038ejend
+.L039ej3:
+ movb 2(%esi), %ch
+ sall $8, %ecx
+.L040ej2:
+ movb 1(%esi), %ch
+.L041ej1:
+ movb (%esi), %cl
+.L038ejend:
+ xorl %ecx, %eax
+ xorl %edx, %ebx
+ movl %eax, 16(%esp)
+ movl %ebx, 20(%esp)
+ call DES_encrypt3
+ movl 16(%esp), %eax
+ movl 20(%esp), %ebx
+ movl %eax, (%edi)
+ movl %ebx, 4(%edi)
+ jmp .L031finish
+.align 16
+.L028decrypt:
+ andl $4294967288, %ebp
+ movl 24(%esp), %eax
+ movl 28(%esp), %ebx
+ jz .L042decrypt_finish
+.L043decrypt_loop:
+ movl (%esi), %eax
+ movl 4(%esi), %ebx
+ movl %eax, 16(%esp)
+ movl %ebx, 20(%esp)
+ call DES_decrypt3
+ movl 16(%esp), %eax
+ movl 20(%esp), %ebx
+ movl 24(%esp), %ecx
+ movl 28(%esp), %edx
+ xorl %eax, %ecx
+ xorl %ebx, %edx
+ movl (%esi), %eax
+ movl 4(%esi), %ebx
+ movl %ecx, (%edi)
+ movl %edx, 4(%edi)
+ movl %eax, 24(%esp)
+ movl %ebx, 28(%esp)
+ addl $8, %esi
+ addl $8, %edi
+ subl $8, %ebp
+ jnz .L043decrypt_loop
+.L042decrypt_finish:
+ movl 60(%esp), %ebp
+ andl $7, %ebp
+ jz .L031finish
+ movl (%esi), %eax
+ movl 4(%esi), %ebx
+ movl %eax, 16(%esp)
+ movl %ebx, 20(%esp)
+ call DES_decrypt3
+ movl 16(%esp), %eax
+ movl 20(%esp), %ebx
+ movl 24(%esp), %ecx
+ movl 28(%esp), %edx
+ xorl %eax, %ecx
+ xorl %ebx, %edx
+ movl (%esi), %eax
+ movl 4(%esi), %ebx
+.L044dj7:
+ rorl $16, %edx
+ movb %dl, 6(%edi)
+ shrl $16, %edx
+.L045dj6:
+ movb %dh, 5(%edi)
+.L046dj5:
+ movb %dl, 4(%edi)
+.L047dj4:
+ movl %ecx, (%edi)
+ jmp .L048djend
+.L049dj3:
+ rorl $16, %ecx
+ movb %cl, 2(%edi)
+ sall $16, %ecx
+.L050dj2:
+ movb %ch, 1(%esi)
+.L051dj1:
+ movb %cl, (%esi)
+.L048djend:
+ jmp .L031finish
+.align 16
+.L031finish:
+ movl 76(%esp), %ecx
+ addl $32, %esp
+ movl %eax, (%ecx)
+ movl %ebx, 4(%ecx)
+ popl %edi
+ popl %esi
+ popl %ebx
+ popl %ebp
+ ret
+.align 16
+.L033cbc_enc_jmp_table:
+ .long 0
+ .long .L041ej1-.L032PIC_point
+ .long .L040ej2-.L032PIC_point
+ .long .L039ej3-.L032PIC_point
+ .long .L037ej4-.L032PIC_point
+ .long .L036ej5-.L032PIC_point
+ .long .L035ej6-.L032PIC_point
+ .long .L034ej7-.L032PIC_point
+.L_DES_ede3_cbc_encrypt_end:
+ .size DES_ede3_cbc_encrypt,.L_DES_ede3_cbc_encrypt_end-DES_ede3_cbc_encrypt
+.ident "desasm.pl"
diff --git a/secure/lib/libcrypto/i386/md5-586.s b/secure/lib/libcrypto/i386/md5-586.s
new file mode 100644
index 0000000..b97c357
--- /dev/null
+++ b/secure/lib/libcrypto/i386/md5-586.s
@@ -0,0 +1,689 @@
+ # $FreeBSD$
+
+
+
+
+
+
+ .file "/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/md5/asm/md5-586.s"
+ .version "01.01"
+gcc2_compiled.:
+.text
+ .align 16
+.globl md5_block_asm_host_order
+ .type md5_block_asm_host_order,@function
+md5_block_asm_host_order:
+ pushl %esi
+ pushl %edi
+ movl 12(%esp), %edi
+ movl 16(%esp), %esi
+ movl 20(%esp), %ecx
+ pushl %ebp
+ sall $6, %ecx
+ pushl %ebx
+ addl %esi, %ecx
+ subl $64, %ecx
+ movl (%edi), %eax
+ pushl %ecx
+ movl 4(%edi), %ebx
+ movl 8(%edi), %ecx
+ movl 12(%edi), %edx
+.L000start:
+
+
+ movl %ecx, %edi
+ movl (%esi), %ebp
+
+ xorl %edx, %edi
+ andl %ebx, %edi
+ leal 3614090360(%eax,%ebp,1),%eax
+ xorl %edx, %edi
+ addl %edi, %eax
+ movl %ebx, %edi
+ roll $7, %eax
+ movl 4(%esi), %ebp
+ addl %ebx, %eax
+
+ xorl %ecx, %edi
+ andl %eax, %edi
+ leal 3905402710(%edx,%ebp,1),%edx
+ xorl %ecx, %edi
+ addl %edi, %edx
+ movl %eax, %edi
+ roll $12, %edx
+ movl 8(%esi), %ebp
+ addl %eax, %edx
+
+ xorl %ebx, %edi
+ andl %edx, %edi
+ leal 606105819(%ecx,%ebp,1),%ecx
+ xorl %ebx, %edi
+ addl %edi, %ecx
+ movl %edx, %edi
+ roll $17, %ecx
+ movl 12(%esi), %ebp
+ addl %edx, %ecx
+
+ xorl %eax, %edi
+ andl %ecx, %edi
+ leal 3250441966(%ebx,%ebp,1),%ebx
+ xorl %eax, %edi
+ addl %edi, %ebx
+ movl %ecx, %edi
+ roll $22, %ebx
+ movl 16(%esi), %ebp
+ addl %ecx, %ebx
+
+ xorl %edx, %edi
+ andl %ebx, %edi
+ leal 4118548399(%eax,%ebp,1),%eax
+ xorl %edx, %edi
+ addl %edi, %eax
+ movl %ebx, %edi
+ roll $7, %eax
+ movl 20(%esi), %ebp
+ addl %ebx, %eax
+
+ xorl %ecx, %edi
+ andl %eax, %edi
+ leal 1200080426(%edx,%ebp,1),%edx
+ xorl %ecx, %edi
+ addl %edi, %edx
+ movl %eax, %edi
+ roll $12, %edx
+ movl 24(%esi), %ebp
+ addl %eax, %edx
+
+ xorl %ebx, %edi
+ andl %edx, %edi
+ leal 2821735955(%ecx,%ebp,1),%ecx
+ xorl %ebx, %edi
+ addl %edi, %ecx
+ movl %edx, %edi
+ roll $17, %ecx
+ movl 28(%esi), %ebp
+ addl %edx, %ecx
+
+ xorl %eax, %edi
+ andl %ecx, %edi
+ leal 4249261313(%ebx,%ebp,1),%ebx
+ xorl %eax, %edi
+ addl %edi, %ebx
+ movl %ecx, %edi
+ roll $22, %ebx
+ movl 32(%esi), %ebp
+ addl %ecx, %ebx
+
+ xorl %edx, %edi
+ andl %ebx, %edi
+ leal 1770035416(%eax,%ebp,1),%eax
+ xorl %edx, %edi
+ addl %edi, %eax
+ movl %ebx, %edi
+ roll $7, %eax
+ movl 36(%esi), %ebp
+ addl %ebx, %eax
+
+ xorl %ecx, %edi
+ andl %eax, %edi
+ leal 2336552879(%edx,%ebp,1),%edx
+ xorl %ecx, %edi
+ addl %edi, %edx
+ movl %eax, %edi
+ roll $12, %edx
+ movl 40(%esi), %ebp
+ addl %eax, %edx
+
+ xorl %ebx, %edi
+ andl %edx, %edi
+ leal 4294925233(%ecx,%ebp,1),%ecx
+ xorl %ebx, %edi
+ addl %edi, %ecx
+ movl %edx, %edi
+ roll $17, %ecx
+ movl 44(%esi), %ebp
+ addl %edx, %ecx
+
+ xorl %eax, %edi
+ andl %ecx, %edi
+ leal 2304563134(%ebx,%ebp,1),%ebx
+ xorl %eax, %edi
+ addl %edi, %ebx
+ movl %ecx, %edi
+ roll $22, %ebx
+ movl 48(%esi), %ebp
+ addl %ecx, %ebx
+
+ xorl %edx, %edi
+ andl %ebx, %edi
+ leal 1804603682(%eax,%ebp,1),%eax
+ xorl %edx, %edi
+ addl %edi, %eax
+ movl %ebx, %edi
+ roll $7, %eax
+ movl 52(%esi), %ebp
+ addl %ebx, %eax
+
+ xorl %ecx, %edi
+ andl %eax, %edi
+ leal 4254626195(%edx,%ebp,1),%edx
+ xorl %ecx, %edi
+ addl %edi, %edx
+ movl %eax, %edi
+ roll $12, %edx
+ movl 56(%esi), %ebp
+ addl %eax, %edx
+
+ xorl %ebx, %edi
+ andl %edx, %edi
+ leal 2792965006(%ecx,%ebp,1),%ecx
+ xorl %ebx, %edi
+ addl %edi, %ecx
+ movl %edx, %edi
+ roll $17, %ecx
+ movl 60(%esi), %ebp
+ addl %edx, %ecx
+
+ xorl %eax, %edi
+ andl %ecx, %edi
+ leal 1236535329(%ebx,%ebp,1),%ebx
+ xorl %eax, %edi
+ addl %edi, %ebx
+ movl %ecx, %edi
+ roll $22, %ebx
+ movl 4(%esi), %ebp
+ addl %ecx, %ebx
+
+
+
+ leal 4129170786(%eax,%ebp,1),%eax
+ xorl %ebx, %edi
+ andl %edx, %edi
+ movl 24(%esi), %ebp
+ xorl %ecx, %edi
+ addl %edi, %eax
+ movl %ebx, %edi
+ roll $5, %eax
+ addl %ebx, %eax
+
+ leal 3225465664(%edx,%ebp,1),%edx
+ xorl %eax, %edi
+ andl %ecx, %edi
+ movl 44(%esi), %ebp
+ xorl %ebx, %edi
+ addl %edi, %edx
+ movl %eax, %edi
+ roll $9, %edx
+ addl %eax, %edx
+
+ leal 643717713(%ecx,%ebp,1),%ecx
+ xorl %edx, %edi
+ andl %ebx, %edi
+ movl (%esi), %ebp
+ xorl %eax, %edi
+ addl %edi, %ecx
+ movl %edx, %edi
+ roll $14, %ecx
+ addl %edx, %ecx
+
+ leal 3921069994(%ebx,%ebp,1),%ebx
+ xorl %ecx, %edi
+ andl %eax, %edi
+ movl 20(%esi), %ebp
+ xorl %edx, %edi
+ addl %edi, %ebx
+ movl %ecx, %edi
+ roll $20, %ebx
+ addl %ecx, %ebx
+
+ leal 3593408605(%eax,%ebp,1),%eax
+ xorl %ebx, %edi
+ andl %edx, %edi
+ movl 40(%esi), %ebp
+ xorl %ecx, %edi
+ addl %edi, %eax
+ movl %ebx, %edi
+ roll $5, %eax
+ addl %ebx, %eax
+
+ leal 38016083(%edx,%ebp,1),%edx
+ xorl %eax, %edi
+ andl %ecx, %edi
+ movl 60(%esi), %ebp
+ xorl %ebx, %edi
+ addl %edi, %edx
+ movl %eax, %edi
+ roll $9, %edx
+ addl %eax, %edx
+
+ leal 3634488961(%ecx,%ebp,1),%ecx
+ xorl %edx, %edi
+ andl %ebx, %edi
+ movl 16(%esi), %ebp
+ xorl %eax, %edi
+ addl %edi, %ecx
+ movl %edx, %edi
+ roll $14, %ecx
+ addl %edx, %ecx
+
+ leal 3889429448(%ebx,%ebp,1),%ebx
+ xorl %ecx, %edi
+ andl %eax, %edi
+ movl 36(%esi), %ebp
+ xorl %edx, %edi
+ addl %edi, %ebx
+ movl %ecx, %edi
+ roll $20, %ebx
+ addl %ecx, %ebx
+
+ leal 568446438(%eax,%ebp,1),%eax
+ xorl %ebx, %edi
+ andl %edx, %edi
+ movl 56(%esi), %ebp
+ xorl %ecx, %edi
+ addl %edi, %eax
+ movl %ebx, %edi
+ roll $5, %eax
+ addl %ebx, %eax
+
+ leal 3275163606(%edx,%ebp,1),%edx
+ xorl %eax, %edi
+ andl %ecx, %edi
+ movl 12(%esi), %ebp
+ xorl %ebx, %edi
+ addl %edi, %edx
+ movl %eax, %edi
+ roll $9, %edx
+ addl %eax, %edx
+
+ leal 4107603335(%ecx,%ebp,1),%ecx
+ xorl %edx, %edi
+ andl %ebx, %edi
+ movl 32(%esi), %ebp
+ xorl %eax, %edi
+ addl %edi, %ecx
+ movl %edx, %edi
+ roll $14, %ecx
+ addl %edx, %ecx
+
+ leal 1163531501(%ebx,%ebp,1),%ebx
+ xorl %ecx, %edi
+ andl %eax, %edi
+ movl 52(%esi), %ebp
+ xorl %edx, %edi
+ addl %edi, %ebx
+ movl %ecx, %edi
+ roll $20, %ebx
+ addl %ecx, %ebx
+
+ leal 2850285829(%eax,%ebp,1),%eax
+ xorl %ebx, %edi
+ andl %edx, %edi
+ movl 8(%esi), %ebp
+ xorl %ecx, %edi
+ addl %edi, %eax
+ movl %ebx, %edi
+ roll $5, %eax
+ addl %ebx, %eax
+
+ leal 4243563512(%edx,%ebp,1),%edx
+ xorl %eax, %edi
+ andl %ecx, %edi
+ movl 28(%esi), %ebp
+ xorl %ebx, %edi
+ addl %edi, %edx
+ movl %eax, %edi
+ roll $9, %edx
+ addl %eax, %edx
+
+ leal 1735328473(%ecx,%ebp,1),%ecx
+ xorl %edx, %edi
+ andl %ebx, %edi
+ movl 48(%esi), %ebp
+ xorl %eax, %edi
+ addl %edi, %ecx
+ movl %edx, %edi
+ roll $14, %ecx
+ addl %edx, %ecx
+
+ leal 2368359562(%ebx,%ebp,1),%ebx
+ xorl %ecx, %edi
+ andl %eax, %edi
+ movl 20(%esi), %ebp
+ xorl %edx, %edi
+ addl %edi, %ebx
+ movl %ecx, %edi
+ roll $20, %ebx
+ addl %ecx, %ebx
+
+
+
+ xorl %edx, %edi
+ xorl %ebx, %edi
+ leal 4294588738(%eax,%ebp,1),%eax
+ addl %edi, %eax
+ roll $4, %eax
+ movl 32(%esi), %ebp
+ movl %ebx, %edi
+
+ leal 2272392833(%edx,%ebp,1),%edx
+ addl %ebx, %eax
+ xorl %ecx, %edi
+ xorl %eax, %edi
+ movl 44(%esi), %ebp
+ addl %edi, %edx
+ movl %eax, %edi
+ roll $11, %edx
+ addl %eax, %edx
+
+ xorl %ebx, %edi
+ xorl %edx, %edi
+ leal 1839030562(%ecx,%ebp,1),%ecx
+ addl %edi, %ecx
+ roll $16, %ecx
+ movl 56(%esi), %ebp
+ movl %edx, %edi
+
+ leal 4259657740(%ebx,%ebp,1),%ebx
+ addl %edx, %ecx
+ xorl %eax, %edi
+ xorl %ecx, %edi
+ movl 4(%esi), %ebp
+ addl %edi, %ebx
+ movl %ecx, %edi
+ roll $23, %ebx
+ addl %ecx, %ebx
+
+ xorl %edx, %edi
+ xorl %ebx, %edi
+ leal 2763975236(%eax,%ebp,1),%eax
+ addl %edi, %eax
+ roll $4, %eax
+ movl 16(%esi), %ebp
+ movl %ebx, %edi
+
+ leal 1272893353(%edx,%ebp,1),%edx
+ addl %ebx, %eax
+ xorl %ecx, %edi
+ xorl %eax, %edi
+ movl 28(%esi), %ebp
+ addl %edi, %edx
+ movl %eax, %edi
+ roll $11, %edx
+ addl %eax, %edx
+
+ xorl %ebx, %edi
+ xorl %edx, %edi
+ leal 4139469664(%ecx,%ebp,1),%ecx
+ addl %edi, %ecx
+ roll $16, %ecx
+ movl 40(%esi), %ebp
+ movl %edx, %edi
+
+ leal 3200236656(%ebx,%ebp,1),%ebx
+ addl %edx, %ecx
+ xorl %eax, %edi
+ xorl %ecx, %edi
+ movl 52(%esi), %ebp
+ addl %edi, %ebx
+ movl %ecx, %edi
+ roll $23, %ebx
+ addl %ecx, %ebx
+
+ xorl %edx, %edi
+ xorl %ebx, %edi
+ leal 681279174(%eax,%ebp,1),%eax
+ addl %edi, %eax
+ roll $4, %eax
+ movl (%esi), %ebp
+ movl %ebx, %edi
+
+ leal 3936430074(%edx,%ebp,1),%edx
+ addl %ebx, %eax
+ xorl %ecx, %edi
+ xorl %eax, %edi
+ movl 12(%esi), %ebp
+ addl %edi, %edx
+ movl %eax, %edi
+ roll $11, %edx
+ addl %eax, %edx
+
+ xorl %ebx, %edi
+ xorl %edx, %edi
+ leal 3572445317(%ecx,%ebp,1),%ecx
+ addl %edi, %ecx
+ roll $16, %ecx
+ movl 24(%esi), %ebp
+ movl %edx, %edi
+
+ leal 76029189(%ebx,%ebp,1),%ebx
+ addl %edx, %ecx
+ xorl %eax, %edi
+ xorl %ecx, %edi
+ movl 36(%esi), %ebp
+ addl %edi, %ebx
+ movl %ecx, %edi
+ roll $23, %ebx
+ addl %ecx, %ebx
+
+ xorl %edx, %edi
+ xorl %ebx, %edi
+ leal 3654602809(%eax,%ebp,1),%eax
+ addl %edi, %eax
+ roll $4, %eax
+ movl 48(%esi), %ebp
+ movl %ebx, %edi
+
+ leal 3873151461(%edx,%ebp,1),%edx
+ addl %ebx, %eax
+ xorl %ecx, %edi
+ xorl %eax, %edi
+ movl 60(%esi), %ebp
+ addl %edi, %edx
+ movl %eax, %edi
+ roll $11, %edx
+ addl %eax, %edx
+
+ xorl %ebx, %edi
+ xorl %edx, %edi
+ leal 530742520(%ecx,%ebp,1),%ecx
+ addl %edi, %ecx
+ roll $16, %ecx
+ movl 8(%esi), %ebp
+ movl %edx, %edi
+
+ leal 3299628645(%ebx,%ebp,1),%ebx
+ addl %edx, %ecx
+ xorl %eax, %edi
+ xorl %ecx, %edi
+ movl (%esi), %ebp
+ addl %edi, %ebx
+ movl $-1, %edi
+ roll $23, %ebx
+ addl %ecx, %ebx
+
+
+
+ xorl %edx, %edi
+ orl %ebx, %edi
+ leal 4096336452(%eax,%ebp,1),%eax
+ xorl %ecx, %edi
+ movl 28(%esi), %ebp
+ addl %edi, %eax
+ movl $-1, %edi
+ roll $6, %eax
+ xorl %ecx, %edi
+ addl %ebx, %eax
+
+ orl %eax, %edi
+ leal 1126891415(%edx,%ebp,1),%edx
+ xorl %ebx, %edi
+ movl 56(%esi), %ebp
+ addl %edi, %edx
+ movl $-1, %edi
+ roll $10, %edx
+ xorl %ebx, %edi
+ addl %eax, %edx
+
+ orl %edx, %edi
+ leal 2878612391(%ecx,%ebp,1),%ecx
+ xorl %eax, %edi
+ movl 20(%esi), %ebp
+ addl %edi, %ecx
+ movl $-1, %edi
+ roll $15, %ecx
+ xorl %eax, %edi
+ addl %edx, %ecx
+
+ orl %ecx, %edi
+ leal 4237533241(%ebx,%ebp,1),%ebx
+ xorl %edx, %edi
+ movl 48(%esi), %ebp
+ addl %edi, %ebx
+ movl $-1, %edi
+ roll $21, %ebx
+ xorl %edx, %edi
+ addl %ecx, %ebx
+
+ orl %ebx, %edi
+ leal 1700485571(%eax,%ebp,1),%eax
+ xorl %ecx, %edi
+ movl 12(%esi), %ebp
+ addl %edi, %eax
+ movl $-1, %edi
+ roll $6, %eax
+ xorl %ecx, %edi
+ addl %ebx, %eax
+
+ orl %eax, %edi
+ leal 2399980690(%edx,%ebp,1),%edx
+ xorl %ebx, %edi
+ movl 40(%esi), %ebp
+ addl %edi, %edx
+ movl $-1, %edi
+ roll $10, %edx
+ xorl %ebx, %edi
+ addl %eax, %edx
+
+ orl %edx, %edi
+ leal 4293915773(%ecx,%ebp,1),%ecx
+ xorl %eax, %edi
+ movl 4(%esi), %ebp
+ addl %edi, %ecx
+ movl $-1, %edi
+ roll $15, %ecx
+ xorl %eax, %edi
+ addl %edx, %ecx
+
+ orl %ecx, %edi
+ leal 2240044497(%ebx,%ebp,1),%ebx
+ xorl %edx, %edi
+ movl 32(%esi), %ebp
+ addl %edi, %ebx
+ movl $-1, %edi
+ roll $21, %ebx
+ xorl %edx, %edi
+ addl %ecx, %ebx
+
+ orl %ebx, %edi
+ leal 1873313359(%eax,%ebp,1),%eax
+ xorl %ecx, %edi
+ movl 60(%esi), %ebp
+ addl %edi, %eax
+ movl $-1, %edi
+ roll $6, %eax
+ xorl %ecx, %edi
+ addl %ebx, %eax
+
+ orl %eax, %edi
+ leal 4264355552(%edx,%ebp,1),%edx
+ xorl %ebx, %edi
+ movl 24(%esi), %ebp
+ addl %edi, %edx
+ movl $-1, %edi
+ roll $10, %edx
+ xorl %ebx, %edi
+ addl %eax, %edx
+
+ orl %edx, %edi
+ leal 2734768916(%ecx,%ebp,1),%ecx
+ xorl %eax, %edi
+ movl 52(%esi), %ebp
+ addl %edi, %ecx
+ movl $-1, %edi
+ roll $15, %ecx
+ xorl %eax, %edi
+ addl %edx, %ecx
+
+ orl %ecx, %edi
+ leal 1309151649(%ebx,%ebp,1),%ebx
+ xorl %edx, %edi
+ movl 16(%esi), %ebp
+ addl %edi, %ebx
+ movl $-1, %edi
+ roll $21, %ebx
+ xorl %edx, %edi
+ addl %ecx, %ebx
+
+ orl %ebx, %edi
+ leal 4149444226(%eax,%ebp,1),%eax
+ xorl %ecx, %edi
+ movl 44(%esi), %ebp
+ addl %edi, %eax
+ movl $-1, %edi
+ roll $6, %eax
+ xorl %ecx, %edi
+ addl %ebx, %eax
+
+ orl %eax, %edi
+ leal 3174756917(%edx,%ebp,1),%edx
+ xorl %ebx, %edi
+ movl 8(%esi), %ebp
+ addl %edi, %edx
+ movl $-1, %edi
+ roll $10, %edx
+ xorl %ebx, %edi
+ addl %eax, %edx
+
+ orl %edx, %edi
+ leal 718787259(%ecx,%ebp,1),%ecx
+ xorl %eax, %edi
+ movl 36(%esi), %ebp
+ addl %edi, %ecx
+ movl $-1, %edi
+ roll $15, %ecx
+ xorl %eax, %edi
+ addl %edx, %ecx
+
+ orl %ecx, %edi
+ leal 3951481745(%ebx,%ebp,1),%ebx
+ xorl %edx, %edi
+ movl 24(%esp), %ebp
+ addl %edi, %ebx
+ addl $64, %esi
+ roll $21, %ebx
+ movl (%ebp), %edi
+ addl %ecx, %ebx
+ addl %edi, %eax
+ movl 4(%ebp), %edi
+ addl %edi, %ebx
+ movl 8(%ebp), %edi
+ addl %edi, %ecx
+ movl 12(%ebp), %edi
+ addl %edi, %edx
+ movl %eax, (%ebp)
+ movl %ebx, 4(%ebp)
+ movl (%esp), %edi
+ movl %ecx, 8(%ebp)
+ movl %edx, 12(%ebp)
+ cmpl %esi, %edi
+ jae .L000start
+ popl %eax
+ popl %ebx
+ popl %ebp
+ popl %edi
+ popl %esi
+ ret
+.L_md5_block_asm_host_order_end:
+ .size md5_block_asm_host_order,.L_md5_block_asm_host_order_end-md5_block_asm_host_order
+.ident "desasm.pl"
diff --git a/secure/lib/libcrypto/i386/rc4-586.s b/secure/lib/libcrypto/i386/rc4-586.s
new file mode 100644
index 0000000..ad27498
--- /dev/null
+++ b/secure/lib/libcrypto/i386/rc4-586.s
@@ -0,0 +1,316 @@
+ # $FreeBSD$
+
+
+
+
+
+
+ .file "rc4-586.s"
+ .version "01.01"
+gcc2_compiled.:
+.text
+ .align 16
+.globl RC4
+ .type RC4,@function
+RC4:
+
+ pushl %ebp
+ pushl %ebx
+ movl 12(%esp), %ebp
+ movl 16(%esp), %ebx
+ pushl %esi
+ pushl %edi
+ movl (%ebp), %ecx
+ movl 4(%ebp), %edx
+ movl 28(%esp), %esi
+ incl %ecx
+ subl $12, %esp
+ addl $8, %ebp
+ andl $255, %ecx
+ leal -8(%ebx,%esi), %ebx
+ movl 44(%esp), %edi
+ movl %ebx, 8(%esp)
+ movl (%ebp,%ecx,4), %eax
+ cmpl %esi, %ebx
+ jl .L000end
+.L001start:
+ addl $8, %esi
+
+ addl %eax, %edx
+ andl $255, %edx
+ incl %ecx
+ movl (%ebp,%edx,4), %ebx
+ movl %ebx, -4(%ebp,%ecx,4)
+ addl %eax, %ebx
+ andl $255, %ecx
+ andl $255, %ebx
+ movl %eax, (%ebp,%edx,4)
+ nop
+ movl (%ebp,%ebx,4), %ebx
+ movl (%ebp,%ecx,4), %eax
+ movb %bl, (%esp)
+
+ addl %eax, %edx
+ andl $255, %edx
+ incl %ecx
+ movl (%ebp,%edx,4), %ebx
+ movl %ebx, -4(%ebp,%ecx,4)
+ addl %eax, %ebx
+ andl $255, %ecx
+ andl $255, %ebx
+ movl %eax, (%ebp,%edx,4)
+ nop
+ movl (%ebp,%ebx,4), %ebx
+ movl (%ebp,%ecx,4), %eax
+ movb %bl, 1(%esp)
+
+ addl %eax, %edx
+ andl $255, %edx
+ incl %ecx
+ movl (%ebp,%edx,4), %ebx
+ movl %ebx, -4(%ebp,%ecx,4)
+ addl %eax, %ebx
+ andl $255, %ecx
+ andl $255, %ebx
+ movl %eax, (%ebp,%edx,4)
+ nop
+ movl (%ebp,%ebx,4), %ebx
+ movl (%ebp,%ecx,4), %eax
+ movb %bl, 2(%esp)
+
+ addl %eax, %edx
+ andl $255, %edx
+ incl %ecx
+ movl (%ebp,%edx,4), %ebx
+ movl %ebx, -4(%ebp,%ecx,4)
+ addl %eax, %ebx
+ andl $255, %ecx
+ andl $255, %ebx
+ movl %eax, (%ebp,%edx,4)
+ nop
+ movl (%ebp,%ebx,4), %ebx
+ movl (%ebp,%ecx,4), %eax
+ movb %bl, 3(%esp)
+
+ addl %eax, %edx
+ andl $255, %edx
+ incl %ecx
+ movl (%ebp,%edx,4), %ebx
+ movl %ebx, -4(%ebp,%ecx,4)
+ addl %eax, %ebx
+ andl $255, %ecx
+ andl $255, %ebx
+ movl %eax, (%ebp,%edx,4)
+ nop
+ movl (%ebp,%ebx,4), %ebx
+ movl (%ebp,%ecx,4), %eax
+ movb %bl, 4(%esp)
+
+ addl %eax, %edx
+ andl $255, %edx
+ incl %ecx
+ movl (%ebp,%edx,4), %ebx
+ movl %ebx, -4(%ebp,%ecx,4)
+ addl %eax, %ebx
+ andl $255, %ecx
+ andl $255, %ebx
+ movl %eax, (%ebp,%edx,4)
+ nop
+ movl (%ebp,%ebx,4), %ebx
+ movl (%ebp,%ecx,4), %eax
+ movb %bl, 5(%esp)
+
+ addl %eax, %edx
+ andl $255, %edx
+ incl %ecx
+ movl (%ebp,%edx,4), %ebx
+ movl %ebx, -4(%ebp,%ecx,4)
+ addl %eax, %ebx
+ andl $255, %ecx
+ andl $255, %ebx
+ movl %eax, (%ebp,%edx,4)
+ nop
+ movl (%ebp,%ebx,4), %ebx
+ movl (%ebp,%ecx,4), %eax
+ movb %bl, 6(%esp)
+
+ addl %eax, %edx
+ andl $255, %edx
+ incl %ecx
+ movl (%ebp,%edx,4), %ebx
+ movl %ebx, -4(%ebp,%ecx,4)
+ addl %eax, %ebx
+ andl $255, %ecx
+ andl $255, %ebx
+ movl %eax, (%ebp,%edx,4)
+ nop
+ movl (%ebp,%ebx,4), %ebx
+ addl $8, %edi
+ movb %bl, 7(%esp)
+
+ movl (%esp), %eax
+ movl -8(%esi), %ebx
+ xorl %ebx, %eax
+ movl -4(%esi), %ebx
+ movl %eax, -8(%edi)
+ movl 4(%esp), %eax
+ xorl %ebx, %eax
+ movl 8(%esp), %ebx
+ movl %eax, -4(%edi)
+ movl (%ebp,%ecx,4), %eax
+ cmpl %ebx, %esi
+ jle .L001start
+.L000end:
+
+ addl $8, %ebx
+ incl %esi
+ cmpl %esi, %ebx
+ jl .L002finished
+ movl %ebx, 8(%esp)
+ addl %eax, %edx
+ andl $255, %edx
+ incl %ecx
+ movl (%ebp,%edx,4), %ebx
+ movl %ebx, -4(%ebp,%ecx,4)
+ addl %eax, %ebx
+ andl $255, %ecx
+ andl $255, %ebx
+ movl %eax, (%ebp,%edx,4)
+ nop
+ movl (%ebp,%ebx,4), %ebx
+ movl (%ebp,%ecx,4), %eax
+ movb -1(%esi), %bh
+ xorb %bh, %bl
+ movb %bl, (%edi)
+
+ movl 8(%esp), %ebx
+ cmpl %esi, %ebx
+ jle .L002finished
+ incl %esi
+ addl %eax, %edx
+ andl $255, %edx
+ incl %ecx
+ movl (%ebp,%edx,4), %ebx
+ movl %ebx, -4(%ebp,%ecx,4)
+ addl %eax, %ebx
+ andl $255, %ecx
+ andl $255, %ebx
+ movl %eax, (%ebp,%edx,4)
+ nop
+ movl (%ebp,%ebx,4), %ebx
+ movl (%ebp,%ecx,4), %eax
+ movb -1(%esi), %bh
+ xorb %bh, %bl
+ movb %bl, 1(%edi)
+
+ movl 8(%esp), %ebx
+ cmpl %esi, %ebx
+ jle .L002finished
+ incl %esi
+ addl %eax, %edx
+ andl $255, %edx
+ incl %ecx
+ movl (%ebp,%edx,4), %ebx
+ movl %ebx, -4(%ebp,%ecx,4)
+ addl %eax, %ebx
+ andl $255, %ecx
+ andl $255, %ebx
+ movl %eax, (%ebp,%edx,4)
+ nop
+ movl (%ebp,%ebx,4), %ebx
+ movl (%ebp,%ecx,4), %eax
+ movb -1(%esi), %bh
+ xorb %bh, %bl
+ movb %bl, 2(%edi)
+
+ movl 8(%esp), %ebx
+ cmpl %esi, %ebx
+ jle .L002finished
+ incl %esi
+ addl %eax, %edx
+ andl $255, %edx
+ incl %ecx
+ movl (%ebp,%edx,4), %ebx
+ movl %ebx, -4(%ebp,%ecx,4)
+ addl %eax, %ebx
+ andl $255, %ecx
+ andl $255, %ebx
+ movl %eax, (%ebp,%edx,4)
+ nop
+ movl (%ebp,%ebx,4), %ebx
+ movl (%ebp,%ecx,4), %eax
+ movb -1(%esi), %bh
+ xorb %bh, %bl
+ movb %bl, 3(%edi)
+
+ movl 8(%esp), %ebx
+ cmpl %esi, %ebx
+ jle .L002finished
+ incl %esi
+ addl %eax, %edx
+ andl $255, %edx
+ incl %ecx
+ movl (%ebp,%edx,4), %ebx
+ movl %ebx, -4(%ebp,%ecx,4)
+ addl %eax, %ebx
+ andl $255, %ecx
+ andl $255, %ebx
+ movl %eax, (%ebp,%edx,4)
+ nop
+ movl (%ebp,%ebx,4), %ebx
+ movl (%ebp,%ecx,4), %eax
+ movb -1(%esi), %bh
+ xorb %bh, %bl
+ movb %bl, 4(%edi)
+
+ movl 8(%esp), %ebx
+ cmpl %esi, %ebx
+ jle .L002finished
+ incl %esi
+ addl %eax, %edx
+ andl $255, %edx
+ incl %ecx
+ movl (%ebp,%edx,4), %ebx
+ movl %ebx, -4(%ebp,%ecx,4)
+ addl %eax, %ebx
+ andl $255, %ecx
+ andl $255, %ebx
+ movl %eax, (%ebp,%edx,4)
+ nop
+ movl (%ebp,%ebx,4), %ebx
+ movl (%ebp,%ecx,4), %eax
+ movb -1(%esi), %bh
+ xorb %bh, %bl
+ movb %bl, 5(%edi)
+
+ movl 8(%esp), %ebx
+ cmpl %esi, %ebx
+ jle .L002finished
+ incl %esi
+ addl %eax, %edx
+ andl $255, %edx
+ incl %ecx
+ movl (%ebp,%edx,4), %ebx
+ movl %ebx, -4(%ebp,%ecx,4)
+ addl %eax, %ebx
+ andl $255, %ecx
+ andl $255, %ebx
+ movl %eax, (%ebp,%edx,4)
+ nop
+ movl (%ebp,%ebx,4), %ebx
+ movb -1(%esi), %bh
+ xorb %bh, %bl
+ movb %bl, 6(%edi)
+.L002finished:
+ decl %ecx
+ addl $12, %esp
+ movl %edx, -4(%ebp)
+ movb %cl, -8(%ebp)
+ popl %edi
+ popl %esi
+ popl %ebx
+ popl %ebp
+ ret
+.L_RC4_end:
+ .size RC4,.L_RC4_end-RC4
+.ident "RC4"
diff --git a/secure/lib/libcrypto/i386/rc5-586.s b/secure/lib/libcrypto/i386/rc5-586.s
new file mode 100644
index 0000000..a33eff9
--- /dev/null
+++ b/secure/lib/libcrypto/i386/rc5-586.s
@@ -0,0 +1,579 @@
+ # $FreeBSD$
+
+
+
+
+
+
+ .file "rc5-586.s"
+ .version "01.01"
+gcc2_compiled.:
+.text
+ .align 16
+.globl RC5_32_encrypt
+ .type RC5_32_encrypt,@function
+RC5_32_encrypt:
+
+ pushl %ebp
+ pushl %esi
+ pushl %edi
+ movl 16(%esp), %edx
+ movl 20(%esp), %ebp
+
+ movl (%edx), %edi
+ movl 4(%edx), %esi
+ pushl %ebx
+ movl (%ebp), %ebx
+ addl 4(%ebp), %edi
+ addl 8(%ebp), %esi
+ xorl %esi, %edi
+ movl 12(%ebp), %eax
+ movl %esi, %ecx
+ roll %cl, %edi
+ addl %eax, %edi
+ xorl %edi, %esi
+ movl 16(%ebp), %eax
+ movl %edi, %ecx
+ roll %cl, %esi
+ addl %eax, %esi
+ xorl %esi, %edi
+ movl 20(%ebp), %eax
+ movl %esi, %ecx
+ roll %cl, %edi
+ addl %eax, %edi
+ xorl %edi, %esi
+ movl 24(%ebp), %eax
+ movl %edi, %ecx
+ roll %cl, %esi
+ addl %eax, %esi
+ xorl %esi, %edi
+ movl 28(%ebp), %eax
+ movl %esi, %ecx
+ roll %cl, %edi
+ addl %eax, %edi
+ xorl %edi, %esi
+ movl 32(%ebp), %eax
+ movl %edi, %ecx
+ roll %cl, %esi
+ addl %eax, %esi
+ xorl %esi, %edi
+ movl 36(%ebp), %eax
+ movl %esi, %ecx
+ roll %cl, %edi
+ addl %eax, %edi
+ xorl %edi, %esi
+ movl 40(%ebp), %eax
+ movl %edi, %ecx
+ roll %cl, %esi
+ addl %eax, %esi
+ xorl %esi, %edi
+ movl 44(%ebp), %eax
+ movl %esi, %ecx
+ roll %cl, %edi
+ addl %eax, %edi
+ xorl %edi, %esi
+ movl 48(%ebp), %eax
+ movl %edi, %ecx
+ roll %cl, %esi
+ addl %eax, %esi
+ xorl %esi, %edi
+ movl 52(%ebp), %eax
+ movl %esi, %ecx
+ roll %cl, %edi
+ addl %eax, %edi
+ xorl %edi, %esi
+ movl 56(%ebp), %eax
+ movl %edi, %ecx
+ roll %cl, %esi
+ addl %eax, %esi
+ xorl %esi, %edi
+ movl 60(%ebp), %eax
+ movl %esi, %ecx
+ roll %cl, %edi
+ addl %eax, %edi
+ xorl %edi, %esi
+ movl 64(%ebp), %eax
+ movl %edi, %ecx
+ roll %cl, %esi
+ addl %eax, %esi
+ xorl %esi, %edi
+ movl 68(%ebp), %eax
+ movl %esi, %ecx
+ roll %cl, %edi
+ addl %eax, %edi
+ xorl %edi, %esi
+ movl 72(%ebp), %eax
+ movl %edi, %ecx
+ roll %cl, %esi
+ addl %eax, %esi
+ cmpl $8, %ebx
+ je .L000rc5_exit
+ xorl %esi, %edi
+ movl 76(%ebp), %eax
+ movl %esi, %ecx
+ roll %cl, %edi
+ addl %eax, %edi
+ xorl %edi, %esi
+ movl 80(%ebp), %eax
+ movl %edi, %ecx
+ roll %cl, %esi
+ addl %eax, %esi
+ xorl %esi, %edi
+ movl 84(%ebp), %eax
+ movl %esi, %ecx
+ roll %cl, %edi
+ addl %eax, %edi
+ xorl %edi, %esi
+ movl 88(%ebp), %eax
+ movl %edi, %ecx
+ roll %cl, %esi
+ addl %eax, %esi
+ xorl %esi, %edi
+ movl 92(%ebp), %eax
+ movl %esi, %ecx
+ roll %cl, %edi
+ addl %eax, %edi
+ xorl %edi, %esi
+ movl 96(%ebp), %eax
+ movl %edi, %ecx
+ roll %cl, %esi
+ addl %eax, %esi
+ xorl %esi, %edi
+ movl 100(%ebp), %eax
+ movl %esi, %ecx
+ roll %cl, %edi
+ addl %eax, %edi
+ xorl %edi, %esi
+ movl 104(%ebp), %eax
+ movl %edi, %ecx
+ roll %cl, %esi
+ addl %eax, %esi
+ cmpl $12, %ebx
+ je .L000rc5_exit
+ xorl %esi, %edi
+ movl 108(%ebp), %eax
+ movl %esi, %ecx
+ roll %cl, %edi
+ addl %eax, %edi
+ xorl %edi, %esi
+ movl 112(%ebp), %eax
+ movl %edi, %ecx
+ roll %cl, %esi
+ addl %eax, %esi
+ xorl %esi, %edi
+ movl 116(%ebp), %eax
+ movl %esi, %ecx
+ roll %cl, %edi
+ addl %eax, %edi
+ xorl %edi, %esi
+ movl 120(%ebp), %eax
+ movl %edi, %ecx
+ roll %cl, %esi
+ addl %eax, %esi
+ xorl %esi, %edi
+ movl 124(%ebp), %eax
+ movl %esi, %ecx
+ roll %cl, %edi
+ addl %eax, %edi
+ xorl %edi, %esi
+ movl 128(%ebp), %eax
+ movl %edi, %ecx
+ roll %cl, %esi
+ addl %eax, %esi
+ xorl %esi, %edi
+ movl 132(%ebp), %eax
+ movl %esi, %ecx
+ roll %cl, %edi
+ addl %eax, %edi
+ xorl %edi, %esi
+ movl 136(%ebp), %eax
+ movl %edi, %ecx
+ roll %cl, %esi
+ addl %eax, %esi
+.L000rc5_exit:
+ movl %edi, (%edx)
+ movl %esi, 4(%edx)
+ popl %ebx
+ popl %edi
+ popl %esi
+ popl %ebp
+ ret
+.L_RC5_32_encrypt_end:
+ .size RC5_32_encrypt,.L_RC5_32_encrypt_end-RC5_32_encrypt
+.ident "desasm.pl"
+.text
+ .align 16
+.globl RC5_32_decrypt
+ .type RC5_32_decrypt,@function
+RC5_32_decrypt:
+
+ pushl %ebp
+ pushl %esi
+ pushl %edi
+ movl 16(%esp), %edx
+ movl 20(%esp), %ebp
+
+ movl (%edx), %edi
+ movl 4(%edx), %esi
+ pushl %ebx
+ movl (%ebp), %ebx
+ cmpl $12, %ebx
+ je .L001rc5_dec_12
+ cmpl $8, %ebx
+ je .L002rc5_dec_8
+ movl 136(%ebp), %eax
+ subl %eax, %esi
+ movl %edi, %ecx
+ rorl %cl, %esi
+ xorl %edi, %esi
+ movl 132(%ebp), %eax
+ subl %eax, %edi
+ movl %esi, %ecx
+ rorl %cl, %edi
+ xorl %esi, %edi
+ movl 128(%ebp), %eax
+ subl %eax, %esi
+ movl %edi, %ecx
+ rorl %cl, %esi
+ xorl %edi, %esi
+ movl 124(%ebp), %eax
+ subl %eax, %edi
+ movl %esi, %ecx
+ rorl %cl, %edi
+ xorl %esi, %edi
+ movl 120(%ebp), %eax
+ subl %eax, %esi
+ movl %edi, %ecx
+ rorl %cl, %esi
+ xorl %edi, %esi
+ movl 116(%ebp), %eax
+ subl %eax, %edi
+ movl %esi, %ecx
+ rorl %cl, %edi
+ xorl %esi, %edi
+ movl 112(%ebp), %eax
+ subl %eax, %esi
+ movl %edi, %ecx
+ rorl %cl, %esi
+ xorl %edi, %esi
+ movl 108(%ebp), %eax
+ subl %eax, %edi
+ movl %esi, %ecx
+ rorl %cl, %edi
+ xorl %esi, %edi
+.L001rc5_dec_12:
+ movl 104(%ebp), %eax
+ subl %eax, %esi
+ movl %edi, %ecx
+ rorl %cl, %esi
+ xorl %edi, %esi
+ movl 100(%ebp), %eax
+ subl %eax, %edi
+ movl %esi, %ecx
+ rorl %cl, %edi
+ xorl %esi, %edi
+ movl 96(%ebp), %eax
+ subl %eax, %esi
+ movl %edi, %ecx
+ rorl %cl, %esi
+ xorl %edi, %esi
+ movl 92(%ebp), %eax
+ subl %eax, %edi
+ movl %esi, %ecx
+ rorl %cl, %edi
+ xorl %esi, %edi
+ movl 88(%ebp), %eax
+ subl %eax, %esi
+ movl %edi, %ecx
+ rorl %cl, %esi
+ xorl %edi, %esi
+ movl 84(%ebp), %eax
+ subl %eax, %edi
+ movl %esi, %ecx
+ rorl %cl, %edi
+ xorl %esi, %edi
+ movl 80(%ebp), %eax
+ subl %eax, %esi
+ movl %edi, %ecx
+ rorl %cl, %esi
+ xorl %edi, %esi
+ movl 76(%ebp), %eax
+ subl %eax, %edi
+ movl %esi, %ecx
+ rorl %cl, %edi
+ xorl %esi, %edi
+.L002rc5_dec_8:
+ movl 72(%ebp), %eax
+ subl %eax, %esi
+ movl %edi, %ecx
+ rorl %cl, %esi
+ xorl %edi, %esi
+ movl 68(%ebp), %eax
+ subl %eax, %edi
+ movl %esi, %ecx
+ rorl %cl, %edi
+ xorl %esi, %edi
+ movl 64(%ebp), %eax
+ subl %eax, %esi
+ movl %edi, %ecx
+ rorl %cl, %esi
+ xorl %edi, %esi
+ movl 60(%ebp), %eax
+ subl %eax, %edi
+ movl %esi, %ecx
+ rorl %cl, %edi
+ xorl %esi, %edi
+ movl 56(%ebp), %eax
+ subl %eax, %esi
+ movl %edi, %ecx
+ rorl %cl, %esi
+ xorl %edi, %esi
+ movl 52(%ebp), %eax
+ subl %eax, %edi
+ movl %esi, %ecx
+ rorl %cl, %edi
+ xorl %esi, %edi
+ movl 48(%ebp), %eax
+ subl %eax, %esi
+ movl %edi, %ecx
+ rorl %cl, %esi
+ xorl %edi, %esi
+ movl 44(%ebp), %eax
+ subl %eax, %edi
+ movl %esi, %ecx
+ rorl %cl, %edi
+ xorl %esi, %edi
+ movl 40(%ebp), %eax
+ subl %eax, %esi
+ movl %edi, %ecx
+ rorl %cl, %esi
+ xorl %edi, %esi
+ movl 36(%ebp), %eax
+ subl %eax, %edi
+ movl %esi, %ecx
+ rorl %cl, %edi
+ xorl %esi, %edi
+ movl 32(%ebp), %eax
+ subl %eax, %esi
+ movl %edi, %ecx
+ rorl %cl, %esi
+ xorl %edi, %esi
+ movl 28(%ebp), %eax
+ subl %eax, %edi
+ movl %esi, %ecx
+ rorl %cl, %edi
+ xorl %esi, %edi
+ movl 24(%ebp), %eax
+ subl %eax, %esi
+ movl %edi, %ecx
+ rorl %cl, %esi
+ xorl %edi, %esi
+ movl 20(%ebp), %eax
+ subl %eax, %edi
+ movl %esi, %ecx
+ rorl %cl, %edi
+ xorl %esi, %edi
+ movl 16(%ebp), %eax
+ subl %eax, %esi
+ movl %edi, %ecx
+ rorl %cl, %esi
+ xorl %edi, %esi
+ movl 12(%ebp), %eax
+ subl %eax, %edi
+ movl %esi, %ecx
+ rorl %cl, %edi
+ xorl %esi, %edi
+ subl 8(%ebp), %esi
+ subl 4(%ebp), %edi
+.L003rc5_exit:
+ movl %edi, (%edx)
+ movl %esi, 4(%edx)
+ popl %ebx
+ popl %edi
+ popl %esi
+ popl %ebp
+ ret
+.L_RC5_32_decrypt_end:
+ .size RC5_32_decrypt,.L_RC5_32_decrypt_end-RC5_32_decrypt
+.ident "desasm.pl"
+.text
+ .align 16
+.globl RC5_32_cbc_encrypt
+ .type RC5_32_cbc_encrypt,@function
+RC5_32_cbc_encrypt:
+
+ pushl %ebp
+ pushl %ebx
+ pushl %esi
+ pushl %edi
+ movl 28(%esp), %ebp
+
+ movl 36(%esp), %ebx
+ movl (%ebx), %esi
+ movl 4(%ebx), %edi
+ pushl %edi
+ pushl %esi
+ pushl %edi
+ pushl %esi
+ movl %esp, %ebx
+ movl 36(%esp), %esi
+ movl 40(%esp), %edi
+
+ movl 56(%esp), %ecx
+
+ movl 48(%esp), %eax
+ pushl %eax
+ pushl %ebx
+ cmpl $0, %ecx
+ jz .L004decrypt
+ andl $4294967288, %ebp
+ movl 8(%esp), %eax
+ movl 12(%esp), %ebx
+ jz .L005encrypt_finish
+.L006encrypt_loop:
+ movl (%esi), %ecx
+ movl 4(%esi), %edx
+ xorl %ecx, %eax
+ xorl %edx, %ebx
+ movl %eax, 8(%esp)
+ movl %ebx, 12(%esp)
+ call RC5_32_encrypt
+ movl 8(%esp), %eax
+ movl 12(%esp), %ebx
+ movl %eax, (%edi)
+ movl %ebx, 4(%edi)
+ addl $8, %esi
+ addl $8, %edi
+ subl $8, %ebp
+ jnz .L006encrypt_loop
+.L005encrypt_finish:
+ movl 52(%esp), %ebp
+ andl $7, %ebp
+ jz .L007finish
+ call .L008PIC_point
+.L008PIC_point:
+ popl %edx
+ leal .L009cbc_enc_jmp_table-.L008PIC_point(%edx),%ecx
+ movl (%ecx,%ebp,4), %ebp
+ addl %edx, %ebp
+ xorl %ecx, %ecx
+ xorl %edx, %edx
+ jmp *%ebp
+.L010ej7:
+ movb 6(%esi), %dh
+ sall $8, %edx
+.L011ej6:
+ movb 5(%esi), %dh
+.L012ej5:
+ movb 4(%esi), %dl
+.L013ej4:
+ movl (%esi), %ecx
+ jmp .L014ejend
+.L015ej3:
+ movb 2(%esi), %ch
+ sall $8, %ecx
+.L016ej2:
+ movb 1(%esi), %ch
+.L017ej1:
+ movb (%esi), %cl
+.L014ejend:
+ xorl %ecx, %eax
+ xorl %edx, %ebx
+ movl %eax, 8(%esp)
+ movl %ebx, 12(%esp)
+ call RC5_32_encrypt
+ movl 8(%esp), %eax
+ movl 12(%esp), %ebx
+ movl %eax, (%edi)
+ movl %ebx, 4(%edi)
+ jmp .L007finish
+.align 16
+.L004decrypt:
+ andl $4294967288, %ebp
+ movl 16(%esp), %eax
+ movl 20(%esp), %ebx
+ jz .L018decrypt_finish
+.L019decrypt_loop:
+ movl (%esi), %eax
+ movl 4(%esi), %ebx
+ movl %eax, 8(%esp)
+ movl %ebx, 12(%esp)
+ call RC5_32_decrypt
+ movl 8(%esp), %eax
+ movl 12(%esp), %ebx
+ movl 16(%esp), %ecx
+ movl 20(%esp), %edx
+ xorl %eax, %ecx
+ xorl %ebx, %edx
+ movl (%esi), %eax
+ movl 4(%esi), %ebx
+ movl %ecx, (%edi)
+ movl %edx, 4(%edi)
+ movl %eax, 16(%esp)
+ movl %ebx, 20(%esp)
+ addl $8, %esi
+ addl $8, %edi
+ subl $8, %ebp
+ jnz .L019decrypt_loop
+.L018decrypt_finish:
+ movl 52(%esp), %ebp
+ andl $7, %ebp
+ jz .L007finish
+ movl (%esi), %eax
+ movl 4(%esi), %ebx
+ movl %eax, 8(%esp)
+ movl %ebx, 12(%esp)
+ call RC5_32_decrypt
+ movl 8(%esp), %eax
+ movl 12(%esp), %ebx
+ movl 16(%esp), %ecx
+ movl 20(%esp), %edx
+ xorl %eax, %ecx
+ xorl %ebx, %edx
+ movl (%esi), %eax
+ movl 4(%esi), %ebx
+.L020dj7:
+ rorl $16, %edx
+ movb %dl, 6(%edi)
+ shrl $16, %edx
+.L021dj6:
+ movb %dh, 5(%edi)
+.L022dj5:
+ movb %dl, 4(%edi)
+.L023dj4:
+ movl %ecx, (%edi)
+ jmp .L024djend
+.L025dj3:
+ rorl $16, %ecx
+ movb %cl, 2(%edi)
+ sall $16, %ecx
+.L026dj2:
+ movb %ch, 1(%esi)
+.L027dj1:
+ movb %cl, (%esi)
+.L024djend:
+ jmp .L007finish
+.align 16
+.L007finish:
+ movl 60(%esp), %ecx
+ addl $24, %esp
+ movl %eax, (%ecx)
+ movl %ebx, 4(%ecx)
+ popl %edi
+ popl %esi
+ popl %ebx
+ popl %ebp
+ ret
+.align 16
+.L009cbc_enc_jmp_table:
+ .long 0
+ .long .L017ej1-.L008PIC_point
+ .long .L016ej2-.L008PIC_point
+ .long .L015ej3-.L008PIC_point
+ .long .L013ej4-.L008PIC_point
+ .long .L012ej5-.L008PIC_point
+ .long .L011ej6-.L008PIC_point
+ .long .L010ej7-.L008PIC_point
+.L_RC5_32_cbc_encrypt_end:
+ .size RC5_32_cbc_encrypt,.L_RC5_32_cbc_encrypt_end-RC5_32_cbc_encrypt
+.ident "desasm.pl"
diff --git a/secure/lib/libcrypto/i386/rmd-586.s b/secure/lib/libcrypto/i386/rmd-586.s
new file mode 100644
index 0000000..fb541db
--- /dev/null
+++ b/secure/lib/libcrypto/i386/rmd-586.s
@@ -0,0 +1,1975 @@
+ # $FreeBSD$
+
+
+
+
+
+
+ .file "/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/ripemd/asm/rmd-586.s"
+ .version "01.01"
+gcc2_compiled.:
+.text
+ .align 16
+.globl ripemd160_block_asm_host_order
+ .type ripemd160_block_asm_host_order,@function
+ripemd160_block_asm_host_order:
+ movl 4(%esp), %edx
+ movl 8(%esp), %eax
+ pushl %esi
+ movl (%edx), %ecx
+ pushl %edi
+ movl 4(%edx), %esi
+ pushl %ebp
+ movl 8(%edx), %edi
+ pushl %ebx
+ subl $108, %esp
+.L000start:
+
+ movl (%eax), %ebx
+ movl 4(%eax), %ebp
+ movl %ebx, (%esp)
+ movl %ebp, 4(%esp)
+ movl 8(%eax), %ebx
+ movl 12(%eax), %ebp
+ movl %ebx, 8(%esp)
+ movl %ebp, 12(%esp)
+ movl 16(%eax), %ebx
+ movl 20(%eax), %ebp
+ movl %ebx, 16(%esp)
+ movl %ebp, 20(%esp)
+ movl 24(%eax), %ebx
+ movl 28(%eax), %ebp
+ movl %ebx, 24(%esp)
+ movl %ebp, 28(%esp)
+ movl 32(%eax), %ebx
+ movl 36(%eax), %ebp
+ movl %ebx, 32(%esp)
+ movl %ebp, 36(%esp)
+ movl 40(%eax), %ebx
+ movl 44(%eax), %ebp
+ movl %ebx, 40(%esp)
+ movl %ebp, 44(%esp)
+ movl 48(%eax), %ebx
+ movl 52(%eax), %ebp
+ movl %ebx, 48(%esp)
+ movl %ebp, 52(%esp)
+ movl 56(%eax), %ebx
+ movl 60(%eax), %ebp
+ movl %ebx, 56(%esp)
+ movl %ebp, 60(%esp)
+ movl %edi, %eax
+ movl 12(%edx), %ebx
+ movl 16(%edx), %ebp
+
+ xorl %ebx, %eax
+ movl (%esp), %edx
+ xorl %esi, %eax
+ addl %edx, %ecx
+ roll $10, %edi
+ addl %eax, %ecx
+ movl %esi, %eax
+ roll $11, %ecx
+ addl %ebp, %ecx
+
+ xorl %edi, %eax
+ movl 4(%esp), %edx
+ xorl %ecx, %eax
+ addl %eax, %ebp
+ movl %ecx, %eax
+ roll $10, %esi
+ addl %edx, %ebp
+ xorl %esi, %eax
+ roll $14, %ebp
+ addl %ebx, %ebp
+
+ movl 8(%esp), %edx
+ xorl %ebp, %eax
+ addl %edx, %ebx
+ roll $10, %ecx
+ addl %eax, %ebx
+ movl %ebp, %eax
+ roll $15, %ebx
+ addl %edi, %ebx
+
+ xorl %ecx, %eax
+ movl 12(%esp), %edx
+ xorl %ebx, %eax
+ addl %eax, %edi
+ movl %ebx, %eax
+ roll $10, %ebp
+ addl %edx, %edi
+ xorl %ebp, %eax
+ roll $12, %edi
+ addl %esi, %edi
+
+ movl 16(%esp), %edx
+ xorl %edi, %eax
+ addl %edx, %esi
+ roll $10, %ebx
+ addl %eax, %esi
+ movl %edi, %eax
+ roll $5, %esi
+ addl %ecx, %esi
+
+ xorl %ebx, %eax
+ movl 20(%esp), %edx
+ xorl %esi, %eax
+ addl %eax, %ecx
+ movl %esi, %eax
+ roll $10, %edi
+ addl %edx, %ecx
+ xorl %edi, %eax
+ roll $8, %ecx
+ addl %ebp, %ecx
+
+ movl 24(%esp), %edx
+ xorl %ecx, %eax
+ addl %edx, %ebp
+ roll $10, %esi
+ addl %eax, %ebp
+ movl %ecx, %eax
+ roll $7, %ebp
+ addl %ebx, %ebp
+
+ xorl %esi, %eax
+ movl 28(%esp), %edx
+ xorl %ebp, %eax
+ addl %eax, %ebx
+ movl %ebp, %eax
+ roll $10, %ecx
+ addl %edx, %ebx
+ xorl %ecx, %eax
+ roll $9, %ebx
+ addl %edi, %ebx
+
+ movl 32(%esp), %edx
+ xorl %ebx, %eax
+ addl %edx, %edi
+ roll $10, %ebp
+ addl %eax, %edi
+ movl %ebx, %eax
+ roll $11, %edi
+ addl %esi, %edi
+
+ xorl %ebp, %eax
+ movl 36(%esp), %edx
+ xorl %edi, %eax
+ addl %eax, %esi
+ movl %edi, %eax
+ roll $10, %ebx
+ addl %edx, %esi
+ xorl %ebx, %eax
+ roll $13, %esi
+ addl %ecx, %esi
+
+ movl 40(%esp), %edx
+ xorl %esi, %eax
+ addl %edx, %ecx
+ roll $10, %edi
+ addl %eax, %ecx
+ movl %esi, %eax
+ roll $14, %ecx
+ addl %ebp, %ecx
+
+ xorl %edi, %eax
+ movl 44(%esp), %edx
+ xorl %ecx, %eax
+ addl %eax, %ebp
+ movl %ecx, %eax
+ roll $10, %esi
+ addl %edx, %ebp
+ xorl %esi, %eax
+ roll $15, %ebp
+ addl %ebx, %ebp
+
+ movl 48(%esp), %edx
+ xorl %ebp, %eax
+ addl %edx, %ebx
+ roll $10, %ecx
+ addl %eax, %ebx
+ movl %ebp, %eax
+ roll $6, %ebx
+ addl %edi, %ebx
+
+ xorl %ecx, %eax
+ movl 52(%esp), %edx
+ xorl %ebx, %eax
+ addl %eax, %edi
+ movl %ebx, %eax
+ roll $10, %ebp
+ addl %edx, %edi
+ xorl %ebp, %eax
+ roll $7, %edi
+ addl %esi, %edi
+
+ movl 56(%esp), %edx
+ xorl %edi, %eax
+ addl %edx, %esi
+ roll $10, %ebx
+ addl %eax, %esi
+ movl %edi, %eax
+ roll $9, %esi
+ addl %ecx, %esi
+
+ xorl %ebx, %eax
+ movl 60(%esp), %edx
+ xorl %esi, %eax
+ addl %eax, %ecx
+ movl $-1, %eax
+ roll $10, %edi
+ addl %edx, %ecx
+ movl 28(%esp), %edx
+ roll $8, %ecx
+ addl %ebp, %ecx
+
+ addl %edx, %ebp
+ movl %esi, %edx
+ subl %ecx, %eax
+ andl %ecx, %edx
+ andl %edi, %eax
+ orl %eax, %edx
+ movl 16(%esp), %eax
+ roll $10, %esi
+ leal 1518500249(%ebp,%edx,1),%ebp
+ movl $-1, %edx
+ roll $7, %ebp
+ addl %ebx, %ebp
+
+ addl %eax, %ebx
+ movl %ecx, %eax
+ subl %ebp, %edx
+ andl %ebp, %eax
+ andl %esi, %edx
+ orl %edx, %eax
+ movl 52(%esp), %edx
+ roll $10, %ecx
+ leal 1518500249(%ebx,%eax,1),%ebx
+ movl $-1, %eax
+ roll $6, %ebx
+ addl %edi, %ebx
+
+ addl %edx, %edi
+ movl %ebp, %edx
+ subl %ebx, %eax
+ andl %ebx, %edx
+ andl %ecx, %eax
+ orl %eax, %edx
+ movl 4(%esp), %eax
+ roll $10, %ebp
+ leal 1518500249(%edi,%edx,1),%edi
+ movl $-1, %edx
+ roll $8, %edi
+ addl %esi, %edi
+
+ addl %eax, %esi
+ movl %ebx, %eax
+ subl %edi, %edx
+ andl %edi, %eax
+ andl %ebp, %edx
+ orl %edx, %eax
+ movl 40(%esp), %edx
+ roll $10, %ebx
+ leal 1518500249(%esi,%eax,1),%esi
+ movl $-1, %eax
+ roll $13, %esi
+ addl %ecx, %esi
+
+ addl %edx, %ecx
+ movl %edi, %edx
+ subl %esi, %eax
+ andl %esi, %edx
+ andl %ebx, %eax
+ orl %eax, %edx
+ movl 24(%esp), %eax
+ roll $10, %edi
+ leal 1518500249(%ecx,%edx,1),%ecx
+ movl $-1, %edx
+ roll $11, %ecx
+ addl %ebp, %ecx
+
+ addl %eax, %ebp
+ movl %esi, %eax
+ subl %ecx, %edx
+ andl %ecx, %eax
+ andl %edi, %edx
+ orl %edx, %eax
+ movl 60(%esp), %edx
+ roll $10, %esi
+ leal 1518500249(%ebp,%eax,1),%ebp
+ movl $-1, %eax
+ roll $9, %ebp
+ addl %ebx, %ebp
+
+ addl %edx, %ebx
+ movl %ecx, %edx
+ subl %ebp, %eax
+ andl %ebp, %edx
+ andl %esi, %eax
+ orl %eax, %edx
+ movl 12(%esp), %eax
+ roll $10, %ecx
+ leal 1518500249(%ebx,%edx,1),%ebx
+ movl $-1, %edx
+ roll $7, %ebx
+ addl %edi, %ebx
+
+ addl %eax, %edi
+ movl %ebp, %eax
+ subl %ebx, %edx
+ andl %ebx, %eax
+ andl %ecx, %edx
+ orl %edx, %eax
+ movl 48(%esp), %edx
+ roll $10, %ebp
+ leal 1518500249(%edi,%eax,1),%edi
+ movl $-1, %eax
+ roll $15, %edi
+ addl %esi, %edi
+
+ addl %edx, %esi
+ movl %ebx, %edx
+ subl %edi, %eax
+ andl %edi, %edx
+ andl %ebp, %eax
+ orl %eax, %edx
+ movl (%esp), %eax
+ roll $10, %ebx
+ leal 1518500249(%esi,%edx,1),%esi
+ movl $-1, %edx
+ roll $7, %esi
+ addl %ecx, %esi
+
+ addl %eax, %ecx
+ movl %edi, %eax
+ subl %esi, %edx
+ andl %esi, %eax
+ andl %ebx, %edx
+ orl %edx, %eax
+ movl 36(%esp), %edx
+ roll $10, %edi
+ leal 1518500249(%ecx,%eax,1),%ecx
+ movl $-1, %eax
+ roll $12, %ecx
+ addl %ebp, %ecx
+
+ addl %edx, %ebp
+ movl %esi, %edx
+ subl %ecx, %eax
+ andl %ecx, %edx
+ andl %edi, %eax
+ orl %eax, %edx
+ movl 20(%esp), %eax
+ roll $10, %esi
+ leal 1518500249(%ebp,%edx,1),%ebp
+ movl $-1, %edx
+ roll $15, %ebp
+ addl %ebx, %ebp
+
+ addl %eax, %ebx
+ movl %ecx, %eax
+ subl %ebp, %edx
+ andl %ebp, %eax
+ andl %esi, %edx
+ orl %edx, %eax
+ movl 8(%esp), %edx
+ roll $10, %ecx
+ leal 1518500249(%ebx,%eax,1),%ebx
+ movl $-1, %eax
+ roll $9, %ebx
+ addl %edi, %ebx
+
+ addl %edx, %edi
+ movl %ebp, %edx
+ subl %ebx, %eax
+ andl %ebx, %edx
+ andl %ecx, %eax
+ orl %eax, %edx
+ movl 56(%esp), %eax
+ roll $10, %ebp
+ leal 1518500249(%edi,%edx,1),%edi
+ movl $-1, %edx
+ roll $11, %edi
+ addl %esi, %edi
+
+ addl %eax, %esi
+ movl %ebx, %eax
+ subl %edi, %edx
+ andl %edi, %eax
+ andl %ebp, %edx
+ orl %edx, %eax
+ movl 44(%esp), %edx
+ roll $10, %ebx
+ leal 1518500249(%esi,%eax,1),%esi
+ movl $-1, %eax
+ roll $7, %esi
+ addl %ecx, %esi
+
+ addl %edx, %ecx
+ movl %edi, %edx
+ subl %esi, %eax
+ andl %esi, %edx
+ andl %ebx, %eax
+ orl %eax, %edx
+ movl 32(%esp), %eax
+ roll $10, %edi
+ leal 1518500249(%ecx,%edx,1),%ecx
+ movl $-1, %edx
+ roll $13, %ecx
+ addl %ebp, %ecx
+
+ addl %eax, %ebp
+ movl %esi, %eax
+ subl %ecx, %edx
+ andl %ecx, %eax
+ andl %edi, %edx
+ orl %edx, %eax
+ movl $-1, %edx
+ roll $10, %esi
+ leal 1518500249(%ebp,%eax,1),%ebp
+ subl %ecx, %edx
+ roll $12, %ebp
+ addl %ebx, %ebp
+
+ movl 12(%esp), %eax
+ orl %ebp, %edx
+ addl %eax, %ebx
+ xorl %esi, %edx
+ movl $-1, %eax
+ roll $10, %ecx
+ leal 1859775393(%ebx,%edx,1),%ebx
+ subl %ebp, %eax
+ roll $11, %ebx
+ addl %edi, %ebx
+
+ movl 40(%esp), %edx
+ orl %ebx, %eax
+ addl %edx, %edi
+ xorl %ecx, %eax
+ movl $-1, %edx
+ roll $10, %ebp
+ leal 1859775393(%edi,%eax,1),%edi
+ subl %ebx, %edx
+ roll $13, %edi
+ addl %esi, %edi
+
+ movl 56(%esp), %eax
+ orl %edi, %edx
+ addl %eax, %esi
+ xorl %ebp, %edx
+ movl $-1, %eax
+ roll $10, %ebx
+ leal 1859775393(%esi,%edx,1),%esi
+ subl %edi, %eax
+ roll $6, %esi
+ addl %ecx, %esi
+
+ movl 16(%esp), %edx
+ orl %esi, %eax
+ addl %edx, %ecx
+ xorl %ebx, %eax
+ movl $-1, %edx
+ roll $10, %edi
+ leal 1859775393(%ecx,%eax,1),%ecx
+ subl %esi, %edx
+ roll $7, %ecx
+ addl %ebp, %ecx
+
+ movl 36(%esp), %eax
+ orl %ecx, %edx
+ addl %eax, %ebp
+ xorl %edi, %edx
+ movl $-1, %eax
+ roll $10, %esi
+ leal 1859775393(%ebp,%edx,1),%ebp
+ subl %ecx, %eax
+ roll $14, %ebp
+ addl %ebx, %ebp
+
+ movl 60(%esp), %edx
+ orl %ebp, %eax
+ addl %edx, %ebx
+ xorl %esi, %eax
+ movl $-1, %edx
+ roll $10, %ecx
+ leal 1859775393(%ebx,%eax,1),%ebx
+ subl %ebp, %edx
+ roll $9, %ebx
+ addl %edi, %ebx
+
+ movl 32(%esp), %eax
+ orl %ebx, %edx
+ addl %eax, %edi
+ xorl %ecx, %edx
+ movl $-1, %eax
+ roll $10, %ebp
+ leal 1859775393(%edi,%edx,1),%edi
+ subl %ebx, %eax
+ roll $13, %edi
+ addl %esi, %edi
+
+ movl 4(%esp), %edx
+ orl %edi, %eax
+ addl %edx, %esi
+ xorl %ebp, %eax
+ movl $-1, %edx
+ roll $10, %ebx
+ leal 1859775393(%esi,%eax,1),%esi
+ subl %edi, %edx
+ roll $15, %esi
+ addl %ecx, %esi
+
+ movl 8(%esp), %eax
+ orl %esi, %edx
+ addl %eax, %ecx
+ xorl %ebx, %edx
+ movl $-1, %eax
+ roll $10, %edi
+ leal 1859775393(%ecx,%edx,1),%ecx
+ subl %esi, %eax
+ roll $14, %ecx
+ addl %ebp, %ecx
+
+ movl 28(%esp), %edx
+ orl %ecx, %eax
+ addl %edx, %ebp
+ xorl %edi, %eax
+ movl $-1, %edx
+ roll $10, %esi
+ leal 1859775393(%ebp,%eax,1),%ebp
+ subl %ecx, %edx
+ roll $8, %ebp
+ addl %ebx, %ebp
+
+ movl (%esp), %eax
+ orl %ebp, %edx
+ addl %eax, %ebx
+ xorl %esi, %edx
+ movl $-1, %eax
+ roll $10, %ecx
+ leal 1859775393(%ebx,%edx,1),%ebx
+ subl %ebp, %eax
+ roll $13, %ebx
+ addl %edi, %ebx
+
+ movl 24(%esp), %edx
+ orl %ebx, %eax
+ addl %edx, %edi
+ xorl %ecx, %eax
+ movl $-1, %edx
+ roll $10, %ebp
+ leal 1859775393(%edi,%eax,1),%edi
+ subl %ebx, %edx
+ roll $6, %edi
+ addl %esi, %edi
+
+ movl 52(%esp), %eax
+ orl %edi, %edx
+ addl %eax, %esi
+ xorl %ebp, %edx
+ movl $-1, %eax
+ roll $10, %ebx
+ leal 1859775393(%esi,%edx,1),%esi
+ subl %edi, %eax
+ roll $5, %esi
+ addl %ecx, %esi
+
+ movl 44(%esp), %edx
+ orl %esi, %eax
+ addl %edx, %ecx
+ xorl %ebx, %eax
+ movl $-1, %edx
+ roll $10, %edi
+ leal 1859775393(%ecx,%eax,1),%ecx
+ subl %esi, %edx
+ roll $12, %ecx
+ addl %ebp, %ecx
+
+ movl 20(%esp), %eax
+ orl %ecx, %edx
+ addl %eax, %ebp
+ xorl %edi, %edx
+ movl $-1, %eax
+ roll $10, %esi
+ leal 1859775393(%ebp,%edx,1),%ebp
+ subl %ecx, %eax
+ roll $7, %ebp
+ addl %ebx, %ebp
+
+ movl 48(%esp), %edx
+ orl %ebp, %eax
+ addl %edx, %ebx
+ xorl %esi, %eax
+ movl $-1, %edx
+ roll $10, %ecx
+ leal 1859775393(%ebx,%eax,1),%ebx
+ movl %ecx, %eax
+ roll $5, %ebx
+ addl %edi, %ebx
+
+ subl %ecx, %edx
+ andl %ebx, %eax
+ andl %ebp, %edx
+ orl %eax, %edx
+ movl 4(%esp), %eax
+ roll $10, %ebp
+ leal 2400959708(%edi,%edx),%edi
+ movl $-1, %edx
+ addl %eax, %edi
+ movl %ebp, %eax
+ roll $11, %edi
+ addl %esi, %edi
+
+ subl %ebp, %edx
+ andl %edi, %eax
+ andl %ebx, %edx
+ orl %eax, %edx
+ movl 36(%esp), %eax
+ roll $10, %ebx
+ leal 2400959708(%esi,%edx),%esi
+ movl $-1, %edx
+ addl %eax, %esi
+ movl %ebx, %eax
+ roll $12, %esi
+ addl %ecx, %esi
+
+ subl %ebx, %edx
+ andl %esi, %eax
+ andl %edi, %edx
+ orl %eax, %edx
+ movl 44(%esp), %eax
+ roll $10, %edi
+ leal 2400959708(%ecx,%edx),%ecx
+ movl $-1, %edx
+ addl %eax, %ecx
+ movl %edi, %eax
+ roll $14, %ecx
+ addl %ebp, %ecx
+
+ subl %edi, %edx
+ andl %ecx, %eax
+ andl %esi, %edx
+ orl %eax, %edx
+ movl 40(%esp), %eax
+ roll $10, %esi
+ leal 2400959708(%ebp,%edx),%ebp
+ movl $-1, %edx
+ addl %eax, %ebp
+ movl %esi, %eax
+ roll $15, %ebp
+ addl %ebx, %ebp
+
+ subl %esi, %edx
+ andl %ebp, %eax
+ andl %ecx, %edx
+ orl %eax, %edx
+ movl (%esp), %eax
+ roll $10, %ecx
+ leal 2400959708(%ebx,%edx),%ebx
+ movl $-1, %edx
+ addl %eax, %ebx
+ movl %ecx, %eax
+ roll $14, %ebx
+ addl %edi, %ebx
+
+ subl %ecx, %edx
+ andl %ebx, %eax
+ andl %ebp, %edx
+ orl %eax, %edx
+ movl 32(%esp), %eax
+ roll $10, %ebp
+ leal 2400959708(%edi,%edx),%edi
+ movl $-1, %edx
+ addl %eax, %edi
+ movl %ebp, %eax
+ roll $15, %edi
+ addl %esi, %edi
+
+ subl %ebp, %edx
+ andl %edi, %eax
+ andl %ebx, %edx
+ orl %eax, %edx
+ movl 48(%esp), %eax
+ roll $10, %ebx
+ leal 2400959708(%esi,%edx),%esi
+ movl $-1, %edx
+ addl %eax, %esi
+ movl %ebx, %eax
+ roll $9, %esi
+ addl %ecx, %esi
+
+ subl %ebx, %edx
+ andl %esi, %eax
+ andl %edi, %edx
+ orl %eax, %edx
+ movl 16(%esp), %eax
+ roll $10, %edi
+ leal 2400959708(%ecx,%edx),%ecx
+ movl $-1, %edx
+ addl %eax, %ecx
+ movl %edi, %eax
+ roll $8, %ecx
+ addl %ebp, %ecx
+
+ subl %edi, %edx
+ andl %ecx, %eax
+ andl %esi, %edx
+ orl %eax, %edx
+ movl 52(%esp), %eax
+ roll $10, %esi
+ leal 2400959708(%ebp,%edx),%ebp
+ movl $-1, %edx
+ addl %eax, %ebp
+ movl %esi, %eax
+ roll $9, %ebp
+ addl %ebx, %ebp
+
+ subl %esi, %edx
+ andl %ebp, %eax
+ andl %ecx, %edx
+ orl %eax, %edx
+ movl 12(%esp), %eax
+ roll $10, %ecx
+ leal 2400959708(%ebx,%edx),%ebx
+ movl $-1, %edx
+ addl %eax, %ebx
+ movl %ecx, %eax
+ roll $14, %ebx
+ addl %edi, %ebx
+
+ subl %ecx, %edx
+ andl %ebx, %eax
+ andl %ebp, %edx
+ orl %eax, %edx
+ movl 28(%esp), %eax
+ roll $10, %ebp
+ leal 2400959708(%edi,%edx),%edi
+ movl $-1, %edx
+ addl %eax, %edi
+ movl %ebp, %eax
+ roll $5, %edi
+ addl %esi, %edi
+
+ subl %ebp, %edx
+ andl %edi, %eax
+ andl %ebx, %edx
+ orl %eax, %edx
+ movl 60(%esp), %eax
+ roll $10, %ebx
+ leal 2400959708(%esi,%edx),%esi
+ movl $-1, %edx
+ addl %eax, %esi
+ movl %ebx, %eax
+ roll $6, %esi
+ addl %ecx, %esi
+
+ subl %ebx, %edx
+ andl %esi, %eax
+ andl %edi, %edx
+ orl %eax, %edx
+ movl 56(%esp), %eax
+ roll $10, %edi
+ leal 2400959708(%ecx,%edx),%ecx
+ movl $-1, %edx
+ addl %eax, %ecx
+ movl %edi, %eax
+ roll $8, %ecx
+ addl %ebp, %ecx
+
+ subl %edi, %edx
+ andl %ecx, %eax
+ andl %esi, %edx
+ orl %eax, %edx
+ movl 20(%esp), %eax
+ roll $10, %esi
+ leal 2400959708(%ebp,%edx),%ebp
+ movl $-1, %edx
+ addl %eax, %ebp
+ movl %esi, %eax
+ roll $6, %ebp
+ addl %ebx, %ebp
+
+ subl %esi, %edx
+ andl %ebp, %eax
+ andl %ecx, %edx
+ orl %eax, %edx
+ movl 24(%esp), %eax
+ roll $10, %ecx
+ leal 2400959708(%ebx,%edx),%ebx
+ movl $-1, %edx
+ addl %eax, %ebx
+ movl %ecx, %eax
+ roll $5, %ebx
+ addl %edi, %ebx
+
+ subl %ecx, %edx
+ andl %ebx, %eax
+ andl %ebp, %edx
+ orl %eax, %edx
+ movl 8(%esp), %eax
+ roll $10, %ebp
+ leal 2400959708(%edi,%edx),%edi
+ movl $-1, %edx
+ addl %eax, %edi
+ subl %ebp, %edx
+ roll $12, %edi
+ addl %esi, %edi
+
+ movl 16(%esp), %eax
+ orl %ebx, %edx
+ addl %eax, %esi
+ xorl %edi, %edx
+ movl $-1, %eax
+ roll $10, %ebx
+ leal 2840853838(%esi,%edx,1),%esi
+ subl %ebx, %eax
+ roll $9, %esi
+ addl %ecx, %esi
+
+ movl (%esp), %edx
+ orl %edi, %eax
+ addl %edx, %ecx
+ xorl %esi, %eax
+ movl $-1, %edx
+ roll $10, %edi
+ leal 2840853838(%ecx,%eax,1),%ecx
+ subl %edi, %edx
+ roll $15, %ecx
+ addl %ebp, %ecx
+
+ movl 20(%esp), %eax
+ orl %esi, %edx
+ addl %eax, %ebp
+ xorl %ecx, %edx
+ movl $-1, %eax
+ roll $10, %esi
+ leal 2840853838(%ebp,%edx,1),%ebp
+ subl %esi, %eax
+ roll $5, %ebp
+ addl %ebx, %ebp
+
+ movl 36(%esp), %edx
+ orl %ecx, %eax
+ addl %edx, %ebx
+ xorl %ebp, %eax
+ movl $-1, %edx
+ roll $10, %ecx
+ leal 2840853838(%ebx,%eax,1),%ebx
+ subl %ecx, %edx
+ roll $11, %ebx
+ addl %edi, %ebx
+
+ movl 28(%esp), %eax
+ orl %ebp, %edx
+ addl %eax, %edi
+ xorl %ebx, %edx
+ movl $-1, %eax
+ roll $10, %ebp
+ leal 2840853838(%edi,%edx,1),%edi
+ subl %ebp, %eax
+ roll $6, %edi
+ addl %esi, %edi
+
+ movl 48(%esp), %edx
+ orl %ebx, %eax
+ addl %edx, %esi
+ xorl %edi, %eax
+ movl $-1, %edx
+ roll $10, %ebx
+ leal 2840853838(%esi,%eax,1),%esi
+ subl %ebx, %edx
+ roll $8, %esi
+ addl %ecx, %esi
+
+ movl 8(%esp), %eax
+ orl %edi, %edx
+ addl %eax, %ecx
+ xorl %esi, %edx
+ movl $-1, %eax
+ roll $10, %edi
+ leal 2840853838(%ecx,%edx,1),%ecx
+ subl %edi, %eax
+ roll $13, %ecx
+ addl %ebp, %ecx
+
+ movl 40(%esp), %edx
+ orl %esi, %eax
+ addl %edx, %ebp
+ xorl %ecx, %eax
+ movl $-1, %edx
+ roll $10, %esi
+ leal 2840853838(%ebp,%eax,1),%ebp
+ subl %esi, %edx
+ roll $12, %ebp
+ addl %ebx, %ebp
+
+ movl 56(%esp), %eax
+ orl %ecx, %edx
+ addl %eax, %ebx
+ xorl %ebp, %edx
+ movl $-1, %eax
+ roll $10, %ecx
+ leal 2840853838(%ebx,%edx,1),%ebx
+ subl %ecx, %eax
+ roll $5, %ebx
+ addl %edi, %ebx
+
+ movl 4(%esp), %edx
+ orl %ebp, %eax
+ addl %edx, %edi
+ xorl %ebx, %eax
+ movl $-1, %edx
+ roll $10, %ebp
+ leal 2840853838(%edi,%eax,1),%edi
+ subl %ebp, %edx
+ roll $12, %edi
+ addl %esi, %edi
+
+ movl 12(%esp), %eax
+ orl %ebx, %edx
+ addl %eax, %esi
+ xorl %edi, %edx
+ movl $-1, %eax
+ roll $10, %ebx
+ leal 2840853838(%esi,%edx,1),%esi
+ subl %ebx, %eax
+ roll $13, %esi
+ addl %ecx, %esi
+
+ movl 32(%esp), %edx
+ orl %edi, %eax
+ addl %edx, %ecx
+ xorl %esi, %eax
+ movl $-1, %edx
+ roll $10, %edi
+ leal 2840853838(%ecx,%eax,1),%ecx
+ subl %edi, %edx
+ roll $14, %ecx
+ addl %ebp, %ecx
+
+ movl 44(%esp), %eax
+ orl %esi, %edx
+ addl %eax, %ebp
+ xorl %ecx, %edx
+ movl $-1, %eax
+ roll $10, %esi
+ leal 2840853838(%ebp,%edx,1),%ebp
+ subl %esi, %eax
+ roll $11, %ebp
+ addl %ebx, %ebp
+
+ movl 24(%esp), %edx
+ orl %ecx, %eax
+ addl %edx, %ebx
+ xorl %ebp, %eax
+ movl $-1, %edx
+ roll $10, %ecx
+ leal 2840853838(%ebx,%eax,1),%ebx
+ subl %ecx, %edx
+ roll $8, %ebx
+ addl %edi, %ebx
+
+ movl 60(%esp), %eax
+ orl %ebp, %edx
+ addl %eax, %edi
+ xorl %ebx, %edx
+ movl $-1, %eax
+ roll $10, %ebp
+ leal 2840853838(%edi,%edx,1),%edi
+ subl %ebp, %eax
+ roll $5, %edi
+ addl %esi, %edi
+
+ movl 52(%esp), %edx
+ orl %ebx, %eax
+ addl %edx, %esi
+ xorl %edi, %eax
+ movl 128(%esp), %edx
+ roll $10, %ebx
+ leal 2840853838(%esi,%eax,1),%esi
+ movl %ecx, 64(%esp)
+ roll $6, %esi
+ addl %ecx, %esi
+ movl (%edx), %ecx
+ movl %esi, 68(%esp)
+ movl %edi, 72(%esp)
+ movl 4(%edx), %esi
+ movl %ebx, 76(%esp)
+ movl 8(%edx), %edi
+ movl %ebp, 80(%esp)
+ movl 12(%edx), %ebx
+ movl 16(%edx), %ebp
+
+ movl $-1, %edx
+ subl %ebx, %edx
+ movl 20(%esp), %eax
+ orl %edi, %edx
+ addl %eax, %ecx
+ xorl %esi, %edx
+ movl $-1, %eax
+ roll $10, %edi
+ leal 1352829926(%ecx,%edx,1),%ecx
+ subl %edi, %eax
+ roll $8, %ecx
+ addl %ebp, %ecx
+
+ movl 56(%esp), %edx
+ orl %esi, %eax
+ addl %edx, %ebp
+ xorl %ecx, %eax
+ movl $-1, %edx
+ roll $10, %esi
+ leal 1352829926(%ebp,%eax,1),%ebp
+ subl %esi, %edx
+ roll $9, %ebp
+ addl %ebx, %ebp
+
+ movl 28(%esp), %eax
+ orl %ecx, %edx
+ addl %eax, %ebx
+ xorl %ebp, %edx
+ movl $-1, %eax
+ roll $10, %ecx
+ leal 1352829926(%ebx,%edx,1),%ebx
+ subl %ecx, %eax
+ roll $9, %ebx
+ addl %edi, %ebx
+
+ movl (%esp), %edx
+ orl %ebp, %eax
+ addl %edx, %edi
+ xorl %ebx, %eax
+ movl $-1, %edx
+ roll $10, %ebp
+ leal 1352829926(%edi,%eax,1),%edi
+ subl %ebp, %edx
+ roll $11, %edi
+ addl %esi, %edi
+
+ movl 36(%esp), %eax
+ orl %ebx, %edx
+ addl %eax, %esi
+ xorl %edi, %edx
+ movl $-1, %eax
+ roll $10, %ebx
+ leal 1352829926(%esi,%edx,1),%esi
+ subl %ebx, %eax
+ roll $13, %esi
+ addl %ecx, %esi
+
+ movl 8(%esp), %edx
+ orl %edi, %eax
+ addl %edx, %ecx
+ xorl %esi, %eax
+ movl $-1, %edx
+ roll $10, %edi
+ leal 1352829926(%ecx,%eax,1),%ecx
+ subl %edi, %edx
+ roll $15, %ecx
+ addl %ebp, %ecx
+
+ movl 44(%esp), %eax
+ orl %esi, %edx
+ addl %eax, %ebp
+ xorl %ecx, %edx
+ movl $-1, %eax
+ roll $10, %esi
+ leal 1352829926(%ebp,%edx,1),%ebp
+ subl %esi, %eax
+ roll $15, %ebp
+ addl %ebx, %ebp
+
+ movl 16(%esp), %edx
+ orl %ecx, %eax
+ addl %edx, %ebx
+ xorl %ebp, %eax
+ movl $-1, %edx
+ roll $10, %ecx
+ leal 1352829926(%ebx,%eax,1),%ebx
+ subl %ecx, %edx
+ roll $5, %ebx
+ addl %edi, %ebx
+
+ movl 52(%esp), %eax
+ orl %ebp, %edx
+ addl %eax, %edi
+ xorl %ebx, %edx
+ movl $-1, %eax
+ roll $10, %ebp
+ leal 1352829926(%edi,%edx,1),%edi
+ subl %ebp, %eax
+ roll $7, %edi
+ addl %esi, %edi
+
+ movl 24(%esp), %edx
+ orl %ebx, %eax
+ addl %edx, %esi
+ xorl %edi, %eax
+ movl $-1, %edx
+ roll $10, %ebx
+ leal 1352829926(%esi,%eax,1),%esi
+ subl %ebx, %edx
+ roll $7, %esi
+ addl %ecx, %esi
+
+ movl 60(%esp), %eax
+ orl %edi, %edx
+ addl %eax, %ecx
+ xorl %esi, %edx
+ movl $-1, %eax
+ roll $10, %edi
+ leal 1352829926(%ecx,%edx,1),%ecx
+ subl %edi, %eax
+ roll $8, %ecx
+ addl %ebp, %ecx
+
+ movl 32(%esp), %edx
+ orl %esi, %eax
+ addl %edx, %ebp
+ xorl %ecx, %eax
+ movl $-1, %edx
+ roll $10, %esi
+ leal 1352829926(%ebp,%eax,1),%ebp
+ subl %esi, %edx
+ roll $11, %ebp
+ addl %ebx, %ebp
+
+ movl 4(%esp), %eax
+ orl %ecx, %edx
+ addl %eax, %ebx
+ xorl %ebp, %edx
+ movl $-1, %eax
+ roll $10, %ecx
+ leal 1352829926(%ebx,%edx,1),%ebx
+ subl %ecx, %eax
+ roll $14, %ebx
+ addl %edi, %ebx
+
+ movl 40(%esp), %edx
+ orl %ebp, %eax
+ addl %edx, %edi
+ xorl %ebx, %eax
+ movl $-1, %edx
+ roll $10, %ebp
+ leal 1352829926(%edi,%eax,1),%edi
+ subl %ebp, %edx
+ roll $14, %edi
+ addl %esi, %edi
+
+ movl 12(%esp), %eax
+ orl %ebx, %edx
+ addl %eax, %esi
+ xorl %edi, %edx
+ movl $-1, %eax
+ roll $10, %ebx
+ leal 1352829926(%esi,%edx,1),%esi
+ subl %ebx, %eax
+ roll $12, %esi
+ addl %ecx, %esi
+
+ movl 48(%esp), %edx
+ orl %edi, %eax
+ addl %edx, %ecx
+ xorl %esi, %eax
+ movl $-1, %edx
+ roll $10, %edi
+ leal 1352829926(%ecx,%eax,1),%ecx
+ movl %edi, %eax
+ roll $6, %ecx
+ addl %ebp, %ecx
+
+ subl %edi, %edx
+ andl %ecx, %eax
+ andl %esi, %edx
+ orl %eax, %edx
+ movl 24(%esp), %eax
+ roll $10, %esi
+ leal 1548603684(%ebp,%edx),%ebp
+ movl $-1, %edx
+ addl %eax, %ebp
+ movl %esi, %eax
+ roll $9, %ebp
+ addl %ebx, %ebp
+
+ subl %esi, %edx
+ andl %ebp, %eax
+ andl %ecx, %edx
+ orl %eax, %edx
+ movl 44(%esp), %eax
+ roll $10, %ecx
+ leal 1548603684(%ebx,%edx),%ebx
+ movl $-1, %edx
+ addl %eax, %ebx
+ movl %ecx, %eax
+ roll $13, %ebx
+ addl %edi, %ebx
+
+ subl %ecx, %edx
+ andl %ebx, %eax
+ andl %ebp, %edx
+ orl %eax, %edx
+ movl 12(%esp), %eax
+ roll $10, %ebp
+ leal 1548603684(%edi,%edx),%edi
+ movl $-1, %edx
+ addl %eax, %edi
+ movl %ebp, %eax
+ roll $15, %edi
+ addl %esi, %edi
+
+ subl %ebp, %edx
+ andl %edi, %eax
+ andl %ebx, %edx
+ orl %eax, %edx
+ movl 28(%esp), %eax
+ roll $10, %ebx
+ leal 1548603684(%esi,%edx),%esi
+ movl $-1, %edx
+ addl %eax, %esi
+ movl %ebx, %eax
+ roll $7, %esi
+ addl %ecx, %esi
+
+ subl %ebx, %edx
+ andl %esi, %eax
+ andl %edi, %edx
+ orl %eax, %edx
+ movl (%esp), %eax
+ roll $10, %edi
+ leal 1548603684(%ecx,%edx),%ecx
+ movl $-1, %edx
+ addl %eax, %ecx
+ movl %edi, %eax
+ roll $12, %ecx
+ addl %ebp, %ecx
+
+ subl %edi, %edx
+ andl %ecx, %eax
+ andl %esi, %edx
+ orl %eax, %edx
+ movl 52(%esp), %eax
+ roll $10, %esi
+ leal 1548603684(%ebp,%edx),%ebp
+ movl $-1, %edx
+ addl %eax, %ebp
+ movl %esi, %eax
+ roll $8, %ebp
+ addl %ebx, %ebp
+
+ subl %esi, %edx
+ andl %ebp, %eax
+ andl %ecx, %edx
+ orl %eax, %edx
+ movl 20(%esp), %eax
+ roll $10, %ecx
+ leal 1548603684(%ebx,%edx),%ebx
+ movl $-1, %edx
+ addl %eax, %ebx
+ movl %ecx, %eax
+ roll $9, %ebx
+ addl %edi, %ebx
+
+ subl %ecx, %edx
+ andl %ebx, %eax
+ andl %ebp, %edx
+ orl %eax, %edx
+ movl 40(%esp), %eax
+ roll $10, %ebp
+ leal 1548603684(%edi,%edx),%edi
+ movl $-1, %edx
+ addl %eax, %edi
+ movl %ebp, %eax
+ roll $11, %edi
+ addl %esi, %edi
+
+ subl %ebp, %edx
+ andl %edi, %eax
+ andl %ebx, %edx
+ orl %eax, %edx
+ movl 56(%esp), %eax
+ roll $10, %ebx
+ leal 1548603684(%esi,%edx),%esi
+ movl $-1, %edx
+ addl %eax, %esi
+ movl %ebx, %eax
+ roll $7, %esi
+ addl %ecx, %esi
+
+ subl %ebx, %edx
+ andl %esi, %eax
+ andl %edi, %edx
+ orl %eax, %edx
+ movl 60(%esp), %eax
+ roll $10, %edi
+ leal 1548603684(%ecx,%edx),%ecx
+ movl $-1, %edx
+ addl %eax, %ecx
+ movl %edi, %eax
+ roll $7, %ecx
+ addl %ebp, %ecx
+
+ subl %edi, %edx
+ andl %ecx, %eax
+ andl %esi, %edx
+ orl %eax, %edx
+ movl 32(%esp), %eax
+ roll $10, %esi
+ leal 1548603684(%ebp,%edx),%ebp
+ movl $-1, %edx
+ addl %eax, %ebp
+ movl %esi, %eax
+ roll $12, %ebp
+ addl %ebx, %ebp
+
+ subl %esi, %edx
+ andl %ebp, %eax
+ andl %ecx, %edx
+ orl %eax, %edx
+ movl 48(%esp), %eax
+ roll $10, %ecx
+ leal 1548603684(%ebx,%edx),%ebx
+ movl $-1, %edx
+ addl %eax, %ebx
+ movl %ecx, %eax
+ roll $7, %ebx
+ addl %edi, %ebx
+
+ subl %ecx, %edx
+ andl %ebx, %eax
+ andl %ebp, %edx
+ orl %eax, %edx
+ movl 16(%esp), %eax
+ roll $10, %ebp
+ leal 1548603684(%edi,%edx),%edi
+ movl $-1, %edx
+ addl %eax, %edi
+ movl %ebp, %eax
+ roll $6, %edi
+ addl %esi, %edi
+
+ subl %ebp, %edx
+ andl %edi, %eax
+ andl %ebx, %edx
+ orl %eax, %edx
+ movl 36(%esp), %eax
+ roll $10, %ebx
+ leal 1548603684(%esi,%edx),%esi
+ movl $-1, %edx
+ addl %eax, %esi
+ movl %ebx, %eax
+ roll $15, %esi
+ addl %ecx, %esi
+
+ subl %ebx, %edx
+ andl %esi, %eax
+ andl %edi, %edx
+ orl %eax, %edx
+ movl 4(%esp), %eax
+ roll $10, %edi
+ leal 1548603684(%ecx,%edx),%ecx
+ movl $-1, %edx
+ addl %eax, %ecx
+ movl %edi, %eax
+ roll $13, %ecx
+ addl %ebp, %ecx
+
+ subl %edi, %edx
+ andl %ecx, %eax
+ andl %esi, %edx
+ orl %eax, %edx
+ movl 8(%esp), %eax
+ roll $10, %esi
+ leal 1548603684(%ebp,%edx),%ebp
+ movl $-1, %edx
+ addl %eax, %ebp
+ subl %ecx, %edx
+ roll $11, %ebp
+ addl %ebx, %ebp
+
+ movl 60(%esp), %eax
+ orl %ebp, %edx
+ addl %eax, %ebx
+ xorl %esi, %edx
+ movl $-1, %eax
+ roll $10, %ecx
+ leal 1836072691(%ebx,%edx,1),%ebx
+ subl %ebp, %eax
+ roll $9, %ebx
+ addl %edi, %ebx
+
+ movl 20(%esp), %edx
+ orl %ebx, %eax
+ addl %edx, %edi
+ xorl %ecx, %eax
+ movl $-1, %edx
+ roll $10, %ebp
+ leal 1836072691(%edi,%eax,1),%edi
+ subl %ebx, %edx
+ roll $7, %edi
+ addl %esi, %edi
+
+ movl 4(%esp), %eax
+ orl %edi, %edx
+ addl %eax, %esi
+ xorl %ebp, %edx
+ movl $-1, %eax
+ roll $10, %ebx
+ leal 1836072691(%esi,%edx,1),%esi
+ subl %edi, %eax
+ roll $15, %esi
+ addl %ecx, %esi
+
+ movl 12(%esp), %edx
+ orl %esi, %eax
+ addl %edx, %ecx
+ xorl %ebx, %eax
+ movl $-1, %edx
+ roll $10, %edi
+ leal 1836072691(%ecx,%eax,1),%ecx
+ subl %esi, %edx
+ roll $11, %ecx
+ addl %ebp, %ecx
+
+ movl 28(%esp), %eax
+ orl %ecx, %edx
+ addl %eax, %ebp
+ xorl %edi, %edx
+ movl $-1, %eax
+ roll $10, %esi
+ leal 1836072691(%ebp,%edx,1),%ebp
+ subl %ecx, %eax
+ roll $8, %ebp
+ addl %ebx, %ebp
+
+ movl 56(%esp), %edx
+ orl %ebp, %eax
+ addl %edx, %ebx
+ xorl %esi, %eax
+ movl $-1, %edx
+ roll $10, %ecx
+ leal 1836072691(%ebx,%eax,1),%ebx
+ subl %ebp, %edx
+ roll $6, %ebx
+ addl %edi, %ebx
+
+ movl 24(%esp), %eax
+ orl %ebx, %edx
+ addl %eax, %edi
+ xorl %ecx, %edx
+ movl $-1, %eax
+ roll $10, %ebp
+ leal 1836072691(%edi,%edx,1),%edi
+ subl %ebx, %eax
+ roll $6, %edi
+ addl %esi, %edi
+
+ movl 36(%esp), %edx
+ orl %edi, %eax
+ addl %edx, %esi
+ xorl %ebp, %eax
+ movl $-1, %edx
+ roll $10, %ebx
+ leal 1836072691(%esi,%eax,1),%esi
+ subl %edi, %edx
+ roll $14, %esi
+ addl %ecx, %esi
+
+ movl 44(%esp), %eax
+ orl %esi, %edx
+ addl %eax, %ecx
+ xorl %ebx, %edx
+ movl $-1, %eax
+ roll $10, %edi
+ leal 1836072691(%ecx,%edx,1),%ecx
+ subl %esi, %eax
+ roll $12, %ecx
+ addl %ebp, %ecx
+
+ movl 32(%esp), %edx
+ orl %ecx, %eax
+ addl %edx, %ebp
+ xorl %edi, %eax
+ movl $-1, %edx
+ roll $10, %esi
+ leal 1836072691(%ebp,%eax,1),%ebp
+ subl %ecx, %edx
+ roll $13, %ebp
+ addl %ebx, %ebp
+
+ movl 48(%esp), %eax
+ orl %ebp, %edx
+ addl %eax, %ebx
+ xorl %esi, %edx
+ movl $-1, %eax
+ roll $10, %ecx
+ leal 1836072691(%ebx,%edx,1),%ebx
+ subl %ebp, %eax
+ roll $5, %ebx
+ addl %edi, %ebx
+
+ movl 8(%esp), %edx
+ orl %ebx, %eax
+ addl %edx, %edi
+ xorl %ecx, %eax
+ movl $-1, %edx
+ roll $10, %ebp
+ leal 1836072691(%edi,%eax,1),%edi
+ subl %ebx, %edx
+ roll $14, %edi
+ addl %esi, %edi
+
+ movl 40(%esp), %eax
+ orl %edi, %edx
+ addl %eax, %esi
+ xorl %ebp, %edx
+ movl $-1, %eax
+ roll $10, %ebx
+ leal 1836072691(%esi,%edx,1),%esi
+ subl %edi, %eax
+ roll $13, %esi
+ addl %ecx, %esi
+
+ movl (%esp), %edx
+ orl %esi, %eax
+ addl %edx, %ecx
+ xorl %ebx, %eax
+ movl $-1, %edx
+ roll $10, %edi
+ leal 1836072691(%ecx,%eax,1),%ecx
+ subl %esi, %edx
+ roll $13, %ecx
+ addl %ebp, %ecx
+
+ movl 16(%esp), %eax
+ orl %ecx, %edx
+ addl %eax, %ebp
+ xorl %edi, %edx
+ movl $-1, %eax
+ roll $10, %esi
+ leal 1836072691(%ebp,%edx,1),%ebp
+ subl %ecx, %eax
+ roll $7, %ebp
+ addl %ebx, %ebp
+
+ movl 52(%esp), %edx
+ orl %ebp, %eax
+ addl %edx, %ebx
+ xorl %esi, %eax
+ movl 32(%esp), %edx
+ roll $10, %ecx
+ leal 1836072691(%ebx,%eax,1),%ebx
+ movl $-1, %eax
+ roll $5, %ebx
+ addl %edi, %ebx
+
+ addl %edx, %edi
+ movl %ebp, %edx
+ subl %ebx, %eax
+ andl %ebx, %edx
+ andl %ecx, %eax
+ orl %eax, %edx
+ movl 24(%esp), %eax
+ roll $10, %ebp
+ leal 2053994217(%edi,%edx,1),%edi
+ movl $-1, %edx
+ roll $15, %edi
+ addl %esi, %edi
+
+ addl %eax, %esi
+ movl %ebx, %eax
+ subl %edi, %edx
+ andl %edi, %eax
+ andl %ebp, %edx
+ orl %edx, %eax
+ movl 16(%esp), %edx
+ roll $10, %ebx
+ leal 2053994217(%esi,%eax,1),%esi
+ movl $-1, %eax
+ roll $5, %esi
+ addl %ecx, %esi
+
+ addl %edx, %ecx
+ movl %edi, %edx
+ subl %esi, %eax
+ andl %esi, %edx
+ andl %ebx, %eax
+ orl %eax, %edx
+ movl 4(%esp), %eax
+ roll $10, %edi
+ leal 2053994217(%ecx,%edx,1),%ecx
+ movl $-1, %edx
+ roll $8, %ecx
+ addl %ebp, %ecx
+
+ addl %eax, %ebp
+ movl %esi, %eax
+ subl %ecx, %edx
+ andl %ecx, %eax
+ andl %edi, %edx
+ orl %edx, %eax
+ movl 12(%esp), %edx
+ roll $10, %esi
+ leal 2053994217(%ebp,%eax,1),%ebp
+ movl $-1, %eax
+ roll $11, %ebp
+ addl %ebx, %ebp
+
+ addl %edx, %ebx
+ movl %ecx, %edx
+ subl %ebp, %eax
+ andl %ebp, %edx
+ andl %esi, %eax
+ orl %eax, %edx
+ movl 44(%esp), %eax
+ roll $10, %ecx
+ leal 2053994217(%ebx,%edx,1),%ebx
+ movl $-1, %edx
+ roll $14, %ebx
+ addl %edi, %ebx
+
+ addl %eax, %edi
+ movl %ebp, %eax
+ subl %ebx, %edx
+ andl %ebx, %eax
+ andl %ecx, %edx
+ orl %edx, %eax
+ movl 60(%esp), %edx
+ roll $10, %ebp
+ leal 2053994217(%edi,%eax,1),%edi
+ movl $-1, %eax
+ roll $14, %edi
+ addl %esi, %edi
+
+ addl %edx, %esi
+ movl %ebx, %edx
+ subl %edi, %eax
+ andl %edi, %edx
+ andl %ebp, %eax
+ orl %eax, %edx
+ movl (%esp), %eax
+ roll $10, %ebx
+ leal 2053994217(%esi,%edx,1),%esi
+ movl $-1, %edx
+ roll $6, %esi
+ addl %ecx, %esi
+
+ addl %eax, %ecx
+ movl %edi, %eax
+ subl %esi, %edx
+ andl %esi, %eax
+ andl %ebx, %edx
+ orl %edx, %eax
+ movl 20(%esp), %edx
+ roll $10, %edi
+ leal 2053994217(%ecx,%eax,1),%ecx
+ movl $-1, %eax
+ roll $14, %ecx
+ addl %ebp, %ecx
+
+ addl %edx, %ebp
+ movl %esi, %edx
+ subl %ecx, %eax
+ andl %ecx, %edx
+ andl %edi, %eax
+ orl %eax, %edx
+ movl 48(%esp), %eax
+ roll $10, %esi
+ leal 2053994217(%ebp,%edx,1),%ebp
+ movl $-1, %edx
+ roll $6, %ebp
+ addl %ebx, %ebp
+
+ addl %eax, %ebx
+ movl %ecx, %eax
+ subl %ebp, %edx
+ andl %ebp, %eax
+ andl %esi, %edx
+ orl %edx, %eax
+ movl 8(%esp), %edx
+ roll $10, %ecx
+ leal 2053994217(%ebx,%eax,1),%ebx
+ movl $-1, %eax
+ roll $9, %ebx
+ addl %edi, %ebx
+
+ addl %edx, %edi
+ movl %ebp, %edx
+ subl %ebx, %eax
+ andl %ebx, %edx
+ andl %ecx, %eax
+ orl %eax, %edx
+ movl 52(%esp), %eax
+ roll $10, %ebp
+ leal 2053994217(%edi,%edx,1),%edi
+ movl $-1, %edx
+ roll $12, %edi
+ addl %esi, %edi
+
+ addl %eax, %esi
+ movl %ebx, %eax
+ subl %edi, %edx
+ andl %edi, %eax
+ andl %ebp, %edx
+ orl %edx, %eax
+ movl 36(%esp), %edx
+ roll $10, %ebx
+ leal 2053994217(%esi,%eax,1),%esi
+ movl $-1, %eax
+ roll $9, %esi
+ addl %ecx, %esi
+
+ addl %edx, %ecx
+ movl %edi, %edx
+ subl %esi, %eax
+ andl %esi, %edx
+ andl %ebx, %eax
+ orl %eax, %edx
+ movl 28(%esp), %eax
+ roll $10, %edi
+ leal 2053994217(%ecx,%edx,1),%ecx
+ movl $-1, %edx
+ roll $12, %ecx
+ addl %ebp, %ecx
+
+ addl %eax, %ebp
+ movl %esi, %eax
+ subl %ecx, %edx
+ andl %ecx, %eax
+ andl %edi, %edx
+ orl %edx, %eax
+ movl 40(%esp), %edx
+ roll $10, %esi
+ leal 2053994217(%ebp,%eax,1),%ebp
+ movl $-1, %eax
+ roll $5, %ebp
+ addl %ebx, %ebp
+
+ addl %edx, %ebx
+ movl %ecx, %edx
+ subl %ebp, %eax
+ andl %ebp, %edx
+ andl %esi, %eax
+ orl %eax, %edx
+ movl 56(%esp), %eax
+ roll $10, %ecx
+ leal 2053994217(%ebx,%edx,1),%ebx
+ movl $-1, %edx
+ roll $15, %ebx
+ addl %edi, %ebx
+
+ addl %eax, %edi
+ movl %ebp, %eax
+ subl %ebx, %edx
+ andl %ebx, %eax
+ andl %ecx, %edx
+ orl %eax, %edx
+ movl %ebx, %eax
+ roll $10, %ebp
+ leal 2053994217(%edi,%edx,1),%edi
+ xorl %ebp, %eax
+ roll $8, %edi
+ addl %esi, %edi
+
+ movl 48(%esp), %edx
+ xorl %edi, %eax
+ addl %edx, %esi
+ roll $10, %ebx
+ addl %eax, %esi
+ movl %edi, %eax
+ roll $8, %esi
+ addl %ecx, %esi
+
+ xorl %ebx, %eax
+ movl 60(%esp), %edx
+ xorl %esi, %eax
+ addl %eax, %ecx
+ movl %esi, %eax
+ roll $10, %edi
+ addl %edx, %ecx
+ xorl %edi, %eax
+ roll $5, %ecx
+ addl %ebp, %ecx
+
+ movl 40(%esp), %edx
+ xorl %ecx, %eax
+ addl %edx, %ebp
+ roll $10, %esi
+ addl %eax, %ebp
+ movl %ecx, %eax
+ roll $12, %ebp
+ addl %ebx, %ebp
+
+ xorl %esi, %eax
+ movl 16(%esp), %edx
+ xorl %ebp, %eax
+ addl %eax, %ebx
+ movl %ebp, %eax
+ roll $10, %ecx
+ addl %edx, %ebx
+ xorl %ecx, %eax
+ roll $9, %ebx
+ addl %edi, %ebx
+
+ movl 4(%esp), %edx
+ xorl %ebx, %eax
+ addl %edx, %edi
+ roll $10, %ebp
+ addl %eax, %edi
+ movl %ebx, %eax
+ roll $12, %edi
+ addl %esi, %edi
+
+ xorl %ebp, %eax
+ movl 20(%esp), %edx
+ xorl %edi, %eax
+ addl %eax, %esi
+ movl %edi, %eax
+ roll $10, %ebx
+ addl %edx, %esi
+ xorl %ebx, %eax
+ roll $5, %esi
+ addl %ecx, %esi
+
+ movl 32(%esp), %edx
+ xorl %esi, %eax
+ addl %edx, %ecx
+ roll $10, %edi
+ addl %eax, %ecx
+ movl %esi, %eax
+ roll $14, %ecx
+ addl %ebp, %ecx
+
+ xorl %edi, %eax
+ movl 28(%esp), %edx
+ xorl %ecx, %eax
+ addl %eax, %ebp
+ movl %ecx, %eax
+ roll $10, %esi
+ addl %edx, %ebp
+ xorl %esi, %eax
+ roll $6, %ebp
+ addl %ebx, %ebp
+
+ movl 24(%esp), %edx
+ xorl %ebp, %eax
+ addl %edx, %ebx
+ roll $10, %ecx
+ addl %eax, %ebx
+ movl %ebp, %eax
+ roll $8, %ebx
+ addl %edi, %ebx
+
+ xorl %ecx, %eax
+ movl 8(%esp), %edx
+ xorl %ebx, %eax
+ addl %eax, %edi
+ movl %ebx, %eax
+ roll $10, %ebp
+ addl %edx, %edi
+ xorl %ebp, %eax
+ roll $13, %edi
+ addl %esi, %edi
+
+ movl 52(%esp), %edx
+ xorl %edi, %eax
+ addl %edx, %esi
+ roll $10, %ebx
+ addl %eax, %esi
+ movl %edi, %eax
+ roll $6, %esi
+ addl %ecx, %esi
+
+ xorl %ebx, %eax
+ movl 56(%esp), %edx
+ xorl %esi, %eax
+ addl %eax, %ecx
+ movl %esi, %eax
+ roll $10, %edi
+ addl %edx, %ecx
+ xorl %edi, %eax
+ roll $5, %ecx
+ addl %ebp, %ecx
+
+ movl (%esp), %edx
+ xorl %ecx, %eax
+ addl %edx, %ebp
+ roll $10, %esi
+ addl %eax, %ebp
+ movl %ecx, %eax
+ roll $15, %ebp
+ addl %ebx, %ebp
+
+ xorl %esi, %eax
+ movl 12(%esp), %edx
+ xorl %ebp, %eax
+ addl %eax, %ebx
+ movl %ebp, %eax
+ roll $10, %ecx
+ addl %edx, %ebx
+ xorl %ecx, %eax
+ roll $13, %ebx
+ addl %edi, %ebx
+
+ movl 36(%esp), %edx
+ xorl %ebx, %eax
+ addl %edx, %edi
+ roll $10, %ebp
+ addl %eax, %edi
+ movl %ebx, %eax
+ roll $11, %edi
+ addl %esi, %edi
+
+ xorl %ebp, %eax
+ movl 44(%esp), %edx
+ xorl %edi, %eax
+ addl %eax, %esi
+ roll $10, %ebx
+ addl %edx, %esi
+ movl 128(%esp), %edx
+ roll $11, %esi
+ addl %ecx, %esi
+ movl 4(%edx), %eax
+ addl %eax, %ebx
+ movl 72(%esp), %eax
+ addl %eax, %ebx
+ movl 8(%edx), %eax
+ addl %eax, %ebp
+ movl 76(%esp), %eax
+ addl %eax, %ebp
+ movl 12(%edx), %eax
+ addl %eax, %ecx
+ movl 80(%esp), %eax
+ addl %eax, %ecx
+ movl 16(%edx), %eax
+ addl %eax, %esi
+ movl 64(%esp), %eax
+ addl %eax, %esi
+ movl (%edx), %eax
+ addl %eax, %edi
+ movl 68(%esp), %eax
+ addl %eax, %edi
+ movl 136(%esp), %eax
+ movl %ebx, (%edx)
+ movl %ebp, 4(%edx)
+ movl %ecx, 8(%edx)
+ subl $1, %eax
+ movl %esi, 12(%edx)
+ movl %edi, 16(%edx)
+ jle .L001get_out
+ movl %eax, 136(%esp)
+ movl %ecx, %edi
+ movl 132(%esp), %eax
+ movl %ebx, %ecx
+ addl $64, %eax
+ movl %ebp, %esi
+ movl %eax, 132(%esp)
+ jmp .L000start
+.L001get_out:
+ addl $108, %esp
+ popl %ebx
+ popl %ebp
+ popl %edi
+ popl %esi
+ ret
+.L_ripemd160_block_asm_host_order_end:
+ .size ripemd160_block_asm_host_order,.L_ripemd160_block_asm_host_order_end-ripemd160_block_asm_host_order
+.ident "desasm.pl"
diff --git a/secure/lib/libcrypto/i386/sha1-586.s b/secure/lib/libcrypto/i386/sha1-586.s
new file mode 100644
index 0000000..4a35f9d
--- /dev/null
+++ b/secure/lib/libcrypto/i386/sha1-586.s
@@ -0,0 +1,1537 @@
+ # $FreeBSD$
+
+
+
+
+
+
+ .file "sha1-586.s"
+ .version "01.01"
+gcc2_compiled.:
+.text
+ .align 16
+.globl sha1_block_asm_data_order
+ .type sha1_block_asm_data_order,@function
+sha1_block_asm_data_order:
+ movl 12(%esp), %ecx
+ pushl %esi
+ sall $6, %ecx
+ movl 12(%esp), %esi
+ pushl %ebp
+ addl %esi, %ecx
+ pushl %ebx
+ movl 16(%esp), %ebp
+ pushl %edi
+ movl 12(%ebp), %edx
+ subl $108, %esp
+ movl 16(%ebp), %edi
+ movl 8(%ebp), %ebx
+ movl %ecx, 68(%esp)
+
+.L000start:
+
+ movl (%esi), %eax
+ movl 4(%esi), %ecx
+.byte 15
+.byte 200
+.byte 15
+.byte 201
+ movl %eax, (%esp)
+ movl %ecx, 4(%esp)
+ movl 8(%esi), %eax
+ movl 12(%esi), %ecx
+.byte 15
+.byte 200
+.byte 15
+.byte 201
+ movl %eax, 8(%esp)
+ movl %ecx, 12(%esp)
+ movl 16(%esi), %eax
+ movl 20(%esi), %ecx
+.byte 15
+.byte 200
+.byte 15
+.byte 201
+ movl %eax, 16(%esp)
+ movl %ecx, 20(%esp)
+ movl 24(%esi), %eax
+ movl 28(%esi), %ecx
+.byte 15
+.byte 200
+.byte 15
+.byte 201
+ movl %eax, 24(%esp)
+ movl %ecx, 28(%esp)
+ movl 32(%esi), %eax
+ movl 36(%esi), %ecx
+.byte 15
+.byte 200
+.byte 15
+.byte 201
+ movl %eax, 32(%esp)
+ movl %ecx, 36(%esp)
+ movl 40(%esi), %eax
+ movl 44(%esi), %ecx
+.byte 15
+.byte 200
+.byte 15
+.byte 201
+ movl %eax, 40(%esp)
+ movl %ecx, 44(%esp)
+ movl 48(%esi), %eax
+ movl 52(%esi), %ecx
+.byte 15
+.byte 200
+.byte 15
+.byte 201
+ movl %eax, 48(%esp)
+ movl %ecx, 52(%esp)
+ movl 56(%esi), %eax
+ movl 60(%esi), %ecx
+.byte 15
+.byte 200
+.byte 15
+.byte 201
+ movl %eax, 56(%esp)
+ movl %ecx, 60(%esp)
+
+
+ movl %esi, 132(%esp)
+.L001shortcut:
+
+
+ movl (%ebp), %eax
+ movl 4(%ebp), %ecx
+
+ movl %eax, %ebp
+ movl %ebx, %esi
+ roll $5, %ebp
+ xorl %edx, %esi
+ andl %ecx, %esi
+ rorl $2, %ecx
+ addl %edi, %ebp
+ movl (%esp), %edi
+ xorl %edx, %esi
+ leal 1518500249(%ebp,%edi,1),%ebp
+ addl %ebp, %esi
+
+ movl %esi, %ebp
+ movl %ecx, %edi
+ roll $5, %ebp
+ xorl %ebx, %edi
+ andl %eax, %edi
+ rorl $2, %eax
+ addl %edx, %ebp
+ movl 4(%esp), %edx
+ xorl %ebx, %edi
+ leal 1518500249(%ebp,%edx,1),%ebp
+ addl %ebp, %edi
+
+ movl %edi, %ebp
+ movl %eax, %edx
+ roll $5, %ebp
+ xorl %ecx, %edx
+ andl %esi, %edx
+ rorl $2, %esi
+ addl %ebx, %ebp
+ movl 8(%esp), %ebx
+ xorl %ecx, %edx
+ leal 1518500249(%ebp,%ebx,1),%ebp
+ addl %ebp, %edx
+
+ movl %edx, %ebp
+ movl %esi, %ebx
+ roll $5, %ebp
+ xorl %eax, %ebx
+ andl %edi, %ebx
+ rorl $2, %edi
+ addl %ecx, %ebp
+ movl 12(%esp), %ecx
+ xorl %eax, %ebx
+ leal 1518500249(%ebp,%ecx,1),%ebp
+ addl %ebp, %ebx
+
+ movl %ebx, %ebp
+ movl %edi, %ecx
+ roll $5, %ebp
+ xorl %esi, %ecx
+ andl %edx, %ecx
+ rorl $2, %edx
+ addl %eax, %ebp
+ movl 16(%esp), %eax
+ xorl %esi, %ecx
+ leal 1518500249(%ebp,%eax,1),%ebp
+ addl %ebp, %ecx
+
+ movl %ecx, %ebp
+ movl %edx, %eax
+ roll $5, %ebp
+ xorl %edi, %eax
+ andl %ebx, %eax
+ rorl $2, %ebx
+ addl %esi, %ebp
+ movl 20(%esp), %esi
+ xorl %edi, %eax
+ leal 1518500249(%ebp,%esi,1),%ebp
+ addl %ebp, %eax
+
+ movl %eax, %ebp
+ movl %ebx, %esi
+ roll $5, %ebp
+ xorl %edx, %esi
+ andl %ecx, %esi
+ rorl $2, %ecx
+ addl %edi, %ebp
+ movl 24(%esp), %edi
+ xorl %edx, %esi
+ leal 1518500249(%ebp,%edi,1),%ebp
+ addl %ebp, %esi
+
+ movl %esi, %ebp
+ movl %ecx, %edi
+ roll $5, %ebp
+ xorl %ebx, %edi
+ andl %eax, %edi
+ rorl $2, %eax
+ addl %edx, %ebp
+ movl 28(%esp), %edx
+ xorl %ebx, %edi
+ leal 1518500249(%ebp,%edx,1),%ebp
+ addl %ebp, %edi
+
+ movl %edi, %ebp
+ movl %eax, %edx
+ roll $5, %ebp
+ xorl %ecx, %edx
+ andl %esi, %edx
+ rorl $2, %esi
+ addl %ebx, %ebp
+ movl 32(%esp), %ebx
+ xorl %ecx, %edx
+ leal 1518500249(%ebp,%ebx,1),%ebp
+ addl %ebp, %edx
+
+ movl %edx, %ebp
+ movl %esi, %ebx
+ roll $5, %ebp
+ xorl %eax, %ebx
+ andl %edi, %ebx
+ rorl $2, %edi
+ addl %ecx, %ebp
+ movl 36(%esp), %ecx
+ xorl %eax, %ebx
+ leal 1518500249(%ebp,%ecx,1),%ebp
+ addl %ebp, %ebx
+
+ movl %ebx, %ebp
+ movl %edi, %ecx
+ roll $5, %ebp
+ xorl %esi, %ecx
+ andl %edx, %ecx
+ rorl $2, %edx
+ addl %eax, %ebp
+ movl 40(%esp), %eax
+ xorl %esi, %ecx
+ leal 1518500249(%ebp,%eax,1),%ebp
+ addl %ebp, %ecx
+
+ movl %ecx, %ebp
+ movl %edx, %eax
+ roll $5, %ebp
+ xorl %edi, %eax
+ andl %ebx, %eax
+ rorl $2, %ebx
+ addl %esi, %ebp
+ movl 44(%esp), %esi
+ xorl %edi, %eax
+ leal 1518500249(%ebp,%esi,1),%ebp
+ addl %ebp, %eax
+
+ movl %eax, %ebp
+ movl %ebx, %esi
+ roll $5, %ebp
+ xorl %edx, %esi
+ andl %ecx, %esi
+ rorl $2, %ecx
+ addl %edi, %ebp
+ movl 48(%esp), %edi
+ xorl %edx, %esi
+ leal 1518500249(%ebp,%edi,1),%ebp
+ addl %ebp, %esi
+
+ movl %esi, %ebp
+ movl %ecx, %edi
+ roll $5, %ebp
+ xorl %ebx, %edi
+ andl %eax, %edi
+ rorl $2, %eax
+ addl %edx, %ebp
+ movl 52(%esp), %edx
+ xorl %ebx, %edi
+ leal 1518500249(%ebp,%edx,1),%ebp
+ addl %ebp, %edi
+
+ movl %edi, %ebp
+ movl %eax, %edx
+ roll $5, %ebp
+ xorl %ecx, %edx
+ andl %esi, %edx
+ rorl $2, %esi
+ addl %ebx, %ebp
+ movl 56(%esp), %ebx
+ xorl %ecx, %edx
+ leal 1518500249(%ebp,%ebx,1),%ebp
+ addl %ebp, %edx
+
+ movl %edx, %ebp
+ movl %esi, %ebx
+ roll $5, %ebp
+ xorl %eax, %ebx
+ andl %edi, %ebx
+ rorl $2, %edi
+ addl %ecx, %ebp
+ movl 60(%esp), %ecx
+ xorl %eax, %ebx
+ leal 1518500249(%ebp,%ecx,1),%ebp
+ addl %ebp, %ebx
+
+ movl 8(%esp), %ecx
+ movl %edi, %ebp
+ xorl (%esp), %ecx
+ xorl %esi, %ebp
+ xorl 32(%esp), %ecx
+ andl %edx, %ebp
+ xorl 52(%esp), %ecx
+ rorl $2, %edx
+ xorl %esi, %ebp
+.byte 209
+.byte 193
+ movl %ecx, (%esp)
+ leal 1518500249(%ecx,%eax,1),%ecx
+ movl %ebx, %eax
+ addl %ebp, %ecx
+ roll $5, %eax
+ addl %eax, %ecx
+
+ movl 12(%esp), %eax
+ movl %edx, %ebp
+ xorl 4(%esp), %eax
+ xorl %edi, %ebp
+ xorl 36(%esp), %eax
+ andl %ebx, %ebp
+ xorl 56(%esp), %eax
+ rorl $2, %ebx
+ xorl %edi, %ebp
+.byte 209
+.byte 192
+ movl %eax, 4(%esp)
+ leal 1518500249(%eax,%esi,1),%eax
+ movl %ecx, %esi
+ addl %ebp, %eax
+ roll $5, %esi
+ addl %esi, %eax
+
+ movl 16(%esp), %esi
+ movl %ebx, %ebp
+ xorl 8(%esp), %esi
+ xorl %edx, %ebp
+ xorl 40(%esp), %esi
+ andl %ecx, %ebp
+ xorl 60(%esp), %esi
+ rorl $2, %ecx
+ xorl %edx, %ebp
+.byte 209
+.byte 198
+ movl %esi, 8(%esp)
+ leal 1518500249(%esi,%edi,1),%esi
+ movl %eax, %edi
+ addl %ebp, %esi
+ roll $5, %edi
+ addl %edi, %esi
+
+ movl 20(%esp), %edi
+ movl %ecx, %ebp
+ xorl 12(%esp), %edi
+ xorl %ebx, %ebp
+ xorl 44(%esp), %edi
+ andl %eax, %ebp
+ xorl (%esp), %edi
+ rorl $2, %eax
+ xorl %ebx, %ebp
+.byte 209
+.byte 199
+ movl %edi, 12(%esp)
+ leal 1518500249(%edi,%edx,1),%edi
+ movl %esi, %edx
+ addl %ebp, %edi
+ roll $5, %edx
+ addl %edx, %edi
+
+ movl 16(%esp), %edx
+ movl %esi, %ebp
+ xorl 24(%esp), %edx
+ rorl $2, %esi
+ xorl 48(%esp), %edx
+ xorl %eax, %ebp
+ xorl 4(%esp), %edx
+ xorl %ecx, %ebp
+.byte 209
+.byte 194
+ movl %edx, 16(%esp)
+ leal 1859775393(%edx,%ebx,1),%edx
+ movl %edi, %ebx
+ roll $5, %ebx
+ addl %ebp, %edx
+ addl %ebx, %edx
+
+ movl 20(%esp), %ebx
+ movl %edi, %ebp
+ xorl 28(%esp), %ebx
+ rorl $2, %edi
+ xorl 52(%esp), %ebx
+ xorl %esi, %ebp
+ xorl 8(%esp), %ebx
+ xorl %eax, %ebp
+.byte 209
+.byte 195
+ movl %ebx, 20(%esp)
+ leal 1859775393(%ebx,%ecx,1),%ebx
+ movl %edx, %ecx
+ roll $5, %ecx
+ addl %ebp, %ebx
+ addl %ecx, %ebx
+
+ movl 24(%esp), %ecx
+ movl %edx, %ebp
+ xorl 32(%esp), %ecx
+ rorl $2, %edx
+ xorl 56(%esp), %ecx
+ xorl %edi, %ebp
+ xorl 12(%esp), %ecx
+ xorl %esi, %ebp
+.byte 209
+.byte 193
+ movl %ecx, 24(%esp)
+ leal 1859775393(%ecx,%eax,1),%ecx
+ movl %ebx, %eax
+ roll $5, %eax
+ addl %ebp, %ecx
+ addl %eax, %ecx
+
+ movl 28(%esp), %eax
+ movl %ebx, %ebp
+ xorl 36(%esp), %eax
+ rorl $2, %ebx
+ xorl 60(%esp), %eax
+ xorl %edx, %ebp
+ xorl 16(%esp), %eax
+ xorl %edi, %ebp
+.byte 209
+.byte 192
+ movl %eax, 28(%esp)
+ leal 1859775393(%eax,%esi,1),%eax
+ movl %ecx, %esi
+ roll $5, %esi
+ addl %ebp, %eax
+ addl %esi, %eax
+
+ movl 32(%esp), %esi
+ movl %ecx, %ebp
+ xorl 40(%esp), %esi
+ rorl $2, %ecx
+ xorl (%esp), %esi
+ xorl %ebx, %ebp
+ xorl 20(%esp), %esi
+ xorl %edx, %ebp
+.byte 209
+.byte 198
+ movl %esi, 32(%esp)
+ leal 1859775393(%esi,%edi,1),%esi
+ movl %eax, %edi
+ roll $5, %edi
+ addl %ebp, %esi
+ addl %edi, %esi
+
+ movl 36(%esp), %edi
+ movl %eax, %ebp
+ xorl 44(%esp), %edi
+ rorl $2, %eax
+ xorl 4(%esp), %edi
+ xorl %ecx, %ebp
+ xorl 24(%esp), %edi
+ xorl %ebx, %ebp
+.byte 209
+.byte 199
+ movl %edi, 36(%esp)
+ leal 1859775393(%edi,%edx,1),%edi
+ movl %esi, %edx
+ roll $5, %edx
+ addl %ebp, %edi
+ addl %edx, %edi
+
+ movl 40(%esp), %edx
+ movl %esi, %ebp
+ xorl 48(%esp), %edx
+ rorl $2, %esi
+ xorl 8(%esp), %edx
+ xorl %eax, %ebp
+ xorl 28(%esp), %edx
+ xorl %ecx, %ebp
+.byte 209
+.byte 194
+ movl %edx, 40(%esp)
+ leal 1859775393(%edx,%ebx,1),%edx
+ movl %edi, %ebx
+ roll $5, %ebx
+ addl %ebp, %edx
+ addl %ebx, %edx
+
+ movl 44(%esp), %ebx
+ movl %edi, %ebp
+ xorl 52(%esp), %ebx
+ rorl $2, %edi
+ xorl 12(%esp), %ebx
+ xorl %esi, %ebp
+ xorl 32(%esp), %ebx
+ xorl %eax, %ebp
+.byte 209
+.byte 195
+ movl %ebx, 44(%esp)
+ leal 1859775393(%ebx,%ecx,1),%ebx
+ movl %edx, %ecx
+ roll $5, %ecx
+ addl %ebp, %ebx
+ addl %ecx, %ebx
+
+ movl 48(%esp), %ecx
+ movl %edx, %ebp
+ xorl 56(%esp), %ecx
+ rorl $2, %edx
+ xorl 16(%esp), %ecx
+ xorl %edi, %ebp
+ xorl 36(%esp), %ecx
+ xorl %esi, %ebp
+.byte 209
+.byte 193
+ movl %ecx, 48(%esp)
+ leal 1859775393(%ecx,%eax,1),%ecx
+ movl %ebx, %eax
+ roll $5, %eax
+ addl %ebp, %ecx
+ addl %eax, %ecx
+
+ movl 52(%esp), %eax
+ movl %ebx, %ebp
+ xorl 60(%esp), %eax
+ rorl $2, %ebx
+ xorl 20(%esp), %eax
+ xorl %edx, %ebp
+ xorl 40(%esp), %eax
+ xorl %edi, %ebp
+.byte 209
+.byte 192
+ movl %eax, 52(%esp)
+ leal 1859775393(%eax,%esi,1),%eax
+ movl %ecx, %esi
+ roll $5, %esi
+ addl %ebp, %eax
+ addl %esi, %eax
+
+ movl 56(%esp), %esi
+ movl %ecx, %ebp
+ xorl (%esp), %esi
+ rorl $2, %ecx
+ xorl 24(%esp), %esi
+ xorl %ebx, %ebp
+ xorl 44(%esp), %esi
+ xorl %edx, %ebp
+.byte 209
+.byte 198
+ movl %esi, 56(%esp)
+ leal 1859775393(%esi,%edi,1),%esi
+ movl %eax, %edi
+ roll $5, %edi
+ addl %ebp, %esi
+ addl %edi, %esi
+
+ movl 60(%esp), %edi
+ movl %eax, %ebp
+ xorl 4(%esp), %edi
+ rorl $2, %eax
+ xorl 28(%esp), %edi
+ xorl %ecx, %ebp
+ xorl 48(%esp), %edi
+ xorl %ebx, %ebp
+.byte 209
+.byte 199
+ movl %edi, 60(%esp)
+ leal 1859775393(%edi,%edx,1),%edi
+ movl %esi, %edx
+ roll $5, %edx
+ addl %ebp, %edi
+ addl %edx, %edi
+
+ movl (%esp), %edx
+ movl %esi, %ebp
+ xorl 8(%esp), %edx
+ rorl $2, %esi
+ xorl 32(%esp), %edx
+ xorl %eax, %ebp
+ xorl 52(%esp), %edx
+ xorl %ecx, %ebp
+.byte 209
+.byte 194
+ movl %edx, (%esp)
+ leal 1859775393(%edx,%ebx,1),%edx
+ movl %edi, %ebx
+ roll $5, %ebx
+ addl %ebp, %edx
+ addl %ebx, %edx
+
+ movl 4(%esp), %ebx
+ movl %edi, %ebp
+ xorl 12(%esp), %ebx
+ rorl $2, %edi
+ xorl 36(%esp), %ebx
+ xorl %esi, %ebp
+ xorl 56(%esp), %ebx
+ xorl %eax, %ebp
+.byte 209
+.byte 195
+ movl %ebx, 4(%esp)
+ leal 1859775393(%ebx,%ecx,1),%ebx
+ movl %edx, %ecx
+ roll $5, %ecx
+ addl %ebp, %ebx
+ addl %ecx, %ebx
+
+ movl 8(%esp), %ecx
+ movl %edx, %ebp
+ xorl 16(%esp), %ecx
+ rorl $2, %edx
+ xorl 40(%esp), %ecx
+ xorl %edi, %ebp
+ xorl 60(%esp), %ecx
+ xorl %esi, %ebp
+.byte 209
+.byte 193
+ movl %ecx, 8(%esp)
+ leal 1859775393(%ecx,%eax,1),%ecx
+ movl %ebx, %eax
+ roll $5, %eax
+ addl %ebp, %ecx
+ addl %eax, %ecx
+
+ movl 12(%esp), %eax
+ movl %ebx, %ebp
+ xorl 20(%esp), %eax
+ rorl $2, %ebx
+ xorl 44(%esp), %eax
+ xorl %edx, %ebp
+ xorl (%esp), %eax
+ xorl %edi, %ebp
+.byte 209
+.byte 192
+ movl %eax, 12(%esp)
+ leal 1859775393(%eax,%esi,1),%eax
+ movl %ecx, %esi
+ roll $5, %esi
+ addl %ebp, %eax
+ addl %esi, %eax
+
+ movl 16(%esp), %esi
+ movl %ecx, %ebp
+ xorl 24(%esp), %esi
+ rorl $2, %ecx
+ xorl 48(%esp), %esi
+ xorl %ebx, %ebp
+ xorl 4(%esp), %esi
+ xorl %edx, %ebp
+.byte 209
+.byte 198
+ movl %esi, 16(%esp)
+ leal 1859775393(%esi,%edi,1),%esi
+ movl %eax, %edi
+ roll $5, %edi
+ addl %ebp, %esi
+ addl %edi, %esi
+
+ movl 20(%esp), %edi
+ movl %eax, %ebp
+ xorl 28(%esp), %edi
+ rorl $2, %eax
+ xorl 52(%esp), %edi
+ xorl %ecx, %ebp
+ xorl 8(%esp), %edi
+ xorl %ebx, %ebp
+.byte 209
+.byte 199
+ movl %edi, 20(%esp)
+ leal 1859775393(%edi,%edx,1),%edi
+ movl %esi, %edx
+ roll $5, %edx
+ addl %ebp, %edi
+ addl %edx, %edi
+
+ movl 24(%esp), %edx
+ movl %esi, %ebp
+ xorl 32(%esp), %edx
+ rorl $2, %esi
+ xorl 56(%esp), %edx
+ xorl %eax, %ebp
+ xorl 12(%esp), %edx
+ xorl %ecx, %ebp
+.byte 209
+.byte 194
+ movl %edx, 24(%esp)
+ leal 1859775393(%edx,%ebx,1),%edx
+ movl %edi, %ebx
+ roll $5, %ebx
+ addl %ebp, %edx
+ addl %ebx, %edx
+
+ movl 28(%esp), %ebx
+ movl %edi, %ebp
+ xorl 36(%esp), %ebx
+ rorl $2, %edi
+ xorl 60(%esp), %ebx
+ xorl %esi, %ebp
+ xorl 16(%esp), %ebx
+ xorl %eax, %ebp
+.byte 209
+.byte 195
+ movl %ebx, 28(%esp)
+ leal 1859775393(%ebx,%ecx,1),%ebx
+ movl %edx, %ecx
+ roll $5, %ecx
+ addl %ebp, %ebx
+ addl %ecx, %ebx
+
+ movl 32(%esp), %ecx
+ movl %edx, %ebp
+ xorl 40(%esp), %ecx
+ orl %edi, %ebp
+ xorl (%esp), %ecx
+ andl %esi, %ebp
+ xorl 20(%esp), %ecx
+.byte 209
+.byte 193
+ movl %ecx, 32(%esp)
+ leal 2400959708(%ecx,%eax,1),%ecx
+ movl %edx, %eax
+ rorl $2, %edx
+ andl %edi, %eax
+ orl %eax, %ebp
+ movl %ebx, %eax
+ roll $5, %eax
+ addl %eax, %ebp
+ addl %ebp, %ecx
+
+ movl 36(%esp), %eax
+ movl %ebx, %ebp
+ xorl 44(%esp), %eax
+ orl %edx, %ebp
+ xorl 4(%esp), %eax
+ andl %edi, %ebp
+ xorl 24(%esp), %eax
+.byte 209
+.byte 192
+ movl %eax, 36(%esp)
+ leal 2400959708(%eax,%esi,1),%eax
+ movl %ebx, %esi
+ rorl $2, %ebx
+ andl %edx, %esi
+ orl %esi, %ebp
+ movl %ecx, %esi
+ roll $5, %esi
+ addl %esi, %ebp
+ addl %ebp, %eax
+
+ movl 40(%esp), %esi
+ movl %ecx, %ebp
+ xorl 48(%esp), %esi
+ orl %ebx, %ebp
+ xorl 8(%esp), %esi
+ andl %edx, %ebp
+ xorl 28(%esp), %esi
+.byte 209
+.byte 198
+ movl %esi, 40(%esp)
+ leal 2400959708(%esi,%edi,1),%esi
+ movl %ecx, %edi
+ rorl $2, %ecx
+ andl %ebx, %edi
+ orl %edi, %ebp
+ movl %eax, %edi
+ roll $5, %edi
+ addl %edi, %ebp
+ addl %ebp, %esi
+
+ movl 44(%esp), %edi
+ movl %eax, %ebp
+ xorl 52(%esp), %edi
+ orl %ecx, %ebp
+ xorl 12(%esp), %edi
+ andl %ebx, %ebp
+ xorl 32(%esp), %edi
+.byte 209
+.byte 199
+ movl %edi, 44(%esp)
+ leal 2400959708(%edi,%edx,1),%edi
+ movl %eax, %edx
+ rorl $2, %eax
+ andl %ecx, %edx
+ orl %edx, %ebp
+ movl %esi, %edx
+ roll $5, %edx
+ addl %edx, %ebp
+ addl %ebp, %edi
+
+ movl 48(%esp), %edx
+ movl %esi, %ebp
+ xorl 56(%esp), %edx
+ orl %eax, %ebp
+ xorl 16(%esp), %edx
+ andl %ecx, %ebp
+ xorl 36(%esp), %edx
+.byte 209
+.byte 194
+ movl %edx, 48(%esp)
+ leal 2400959708(%edx,%ebx,1),%edx
+ movl %esi, %ebx
+ rorl $2, %esi
+ andl %eax, %ebx
+ orl %ebx, %ebp
+ movl %edi, %ebx
+ roll $5, %ebx
+ addl %ebx, %ebp
+ addl %ebp, %edx
+
+ movl 52(%esp), %ebx
+ movl %edi, %ebp
+ xorl 60(%esp), %ebx
+ orl %esi, %ebp
+ xorl 20(%esp), %ebx
+ andl %eax, %ebp
+ xorl 40(%esp), %ebx
+.byte 209
+.byte 195
+ movl %ebx, 52(%esp)
+ leal 2400959708(%ebx,%ecx,1),%ebx
+ movl %edi, %ecx
+ rorl $2, %edi
+ andl %esi, %ecx
+ orl %ecx, %ebp
+ movl %edx, %ecx
+ roll $5, %ecx
+ addl %ecx, %ebp
+ addl %ebp, %ebx
+
+ movl 56(%esp), %ecx
+ movl %edx, %ebp
+ xorl (%esp), %ecx
+ orl %edi, %ebp
+ xorl 24(%esp), %ecx
+ andl %esi, %ebp
+ xorl 44(%esp), %ecx
+.byte 209
+.byte 193
+ movl %ecx, 56(%esp)
+ leal 2400959708(%ecx,%eax,1),%ecx
+ movl %edx, %eax
+ rorl $2, %edx
+ andl %edi, %eax
+ orl %eax, %ebp
+ movl %ebx, %eax
+ roll $5, %eax
+ addl %eax, %ebp
+ addl %ebp, %ecx
+
+ movl 60(%esp), %eax
+ movl %ebx, %ebp
+ xorl 4(%esp), %eax
+ orl %edx, %ebp
+ xorl 28(%esp), %eax
+ andl %edi, %ebp
+ xorl 48(%esp), %eax
+.byte 209
+.byte 192
+ movl %eax, 60(%esp)
+ leal 2400959708(%eax,%esi,1),%eax
+ movl %ebx, %esi
+ rorl $2, %ebx
+ andl %edx, %esi
+ orl %esi, %ebp
+ movl %ecx, %esi
+ roll $5, %esi
+ addl %esi, %ebp
+ addl %ebp, %eax
+
+ movl (%esp), %esi
+ movl %ecx, %ebp
+ xorl 8(%esp), %esi
+ orl %ebx, %ebp
+ xorl 32(%esp), %esi
+ andl %edx, %ebp
+ xorl 52(%esp), %esi
+.byte 209
+.byte 198
+ movl %esi, (%esp)
+ leal 2400959708(%esi,%edi,1),%esi
+ movl %ecx, %edi
+ rorl $2, %ecx
+ andl %ebx, %edi
+ orl %edi, %ebp
+ movl %eax, %edi
+ roll $5, %edi
+ addl %edi, %ebp
+ addl %ebp, %esi
+
+ movl 4(%esp), %edi
+ movl %eax, %ebp
+ xorl 12(%esp), %edi
+ orl %ecx, %ebp
+ xorl 36(%esp), %edi
+ andl %ebx, %ebp
+ xorl 56(%esp), %edi
+.byte 209
+.byte 199
+ movl %edi, 4(%esp)
+ leal 2400959708(%edi,%edx,1),%edi
+ movl %eax, %edx
+ rorl $2, %eax
+ andl %ecx, %edx
+ orl %edx, %ebp
+ movl %esi, %edx
+ roll $5, %edx
+ addl %edx, %ebp
+ addl %ebp, %edi
+
+ movl 8(%esp), %edx
+ movl %esi, %ebp
+ xorl 16(%esp), %edx
+ orl %eax, %ebp
+ xorl 40(%esp), %edx
+ andl %ecx, %ebp
+ xorl 60(%esp), %edx
+.byte 209
+.byte 194
+ movl %edx, 8(%esp)
+ leal 2400959708(%edx,%ebx,1),%edx
+ movl %esi, %ebx
+ rorl $2, %esi
+ andl %eax, %ebx
+ orl %ebx, %ebp
+ movl %edi, %ebx
+ roll $5, %ebx
+ addl %ebx, %ebp
+ addl %ebp, %edx
+
+ movl 12(%esp), %ebx
+ movl %edi, %ebp
+ xorl 20(%esp), %ebx
+ orl %esi, %ebp
+ xorl 44(%esp), %ebx
+ andl %eax, %ebp
+ xorl (%esp), %ebx
+.byte 209
+.byte 195
+ movl %ebx, 12(%esp)
+ leal 2400959708(%ebx,%ecx,1),%ebx
+ movl %edi, %ecx
+ rorl $2, %edi
+ andl %esi, %ecx
+ orl %ecx, %ebp
+ movl %edx, %ecx
+ roll $5, %ecx
+ addl %ecx, %ebp
+ addl %ebp, %ebx
+
+ movl 16(%esp), %ecx
+ movl %edx, %ebp
+ xorl 24(%esp), %ecx
+ orl %edi, %ebp
+ xorl 48(%esp), %ecx
+ andl %esi, %ebp
+ xorl 4(%esp), %ecx
+.byte 209
+.byte 193
+ movl %ecx, 16(%esp)
+ leal 2400959708(%ecx,%eax,1),%ecx
+ movl %edx, %eax
+ rorl $2, %edx
+ andl %edi, %eax
+ orl %eax, %ebp
+ movl %ebx, %eax
+ roll $5, %eax
+ addl %eax, %ebp
+ addl %ebp, %ecx
+
+ movl 20(%esp), %eax
+ movl %ebx, %ebp
+ xorl 28(%esp), %eax
+ orl %edx, %ebp
+ xorl 52(%esp), %eax
+ andl %edi, %ebp
+ xorl 8(%esp), %eax
+.byte 209
+.byte 192
+ movl %eax, 20(%esp)
+ leal 2400959708(%eax,%esi,1),%eax
+ movl %ebx, %esi
+ rorl $2, %ebx
+ andl %edx, %esi
+ orl %esi, %ebp
+ movl %ecx, %esi
+ roll $5, %esi
+ addl %esi, %ebp
+ addl %ebp, %eax
+
+ movl 24(%esp), %esi
+ movl %ecx, %ebp
+ xorl 32(%esp), %esi
+ orl %ebx, %ebp
+ xorl 56(%esp), %esi
+ andl %edx, %ebp
+ xorl 12(%esp), %esi
+.byte 209
+.byte 198
+ movl %esi, 24(%esp)
+ leal 2400959708(%esi,%edi,1),%esi
+ movl %ecx, %edi
+ rorl $2, %ecx
+ andl %ebx, %edi
+ orl %edi, %ebp
+ movl %eax, %edi
+ roll $5, %edi
+ addl %edi, %ebp
+ addl %ebp, %esi
+
+ movl 28(%esp), %edi
+ movl %eax, %ebp
+ xorl 36(%esp), %edi
+ orl %ecx, %ebp
+ xorl 60(%esp), %edi
+ andl %ebx, %ebp
+ xorl 16(%esp), %edi
+.byte 209
+.byte 199
+ movl %edi, 28(%esp)
+ leal 2400959708(%edi,%edx,1),%edi
+ movl %eax, %edx
+ rorl $2, %eax
+ andl %ecx, %edx
+ orl %edx, %ebp
+ movl %esi, %edx
+ roll $5, %edx
+ addl %edx, %ebp
+ addl %ebp, %edi
+
+ movl 32(%esp), %edx
+ movl %esi, %ebp
+ xorl 40(%esp), %edx
+ orl %eax, %ebp
+ xorl (%esp), %edx
+ andl %ecx, %ebp
+ xorl 20(%esp), %edx
+.byte 209
+.byte 194
+ movl %edx, 32(%esp)
+ leal 2400959708(%edx,%ebx,1),%edx
+ movl %esi, %ebx
+ rorl $2, %esi
+ andl %eax, %ebx
+ orl %ebx, %ebp
+ movl %edi, %ebx
+ roll $5, %ebx
+ addl %ebx, %ebp
+ addl %ebp, %edx
+
+ movl 36(%esp), %ebx
+ movl %edi, %ebp
+ xorl 44(%esp), %ebx
+ orl %esi, %ebp
+ xorl 4(%esp), %ebx
+ andl %eax, %ebp
+ xorl 24(%esp), %ebx
+.byte 209
+.byte 195
+ movl %ebx, 36(%esp)
+ leal 2400959708(%ebx,%ecx,1),%ebx
+ movl %edi, %ecx
+ rorl $2, %edi
+ andl %esi, %ecx
+ orl %ecx, %ebp
+ movl %edx, %ecx
+ roll $5, %ecx
+ addl %ecx, %ebp
+ addl %ebp, %ebx
+
+ movl 40(%esp), %ecx
+ movl %edx, %ebp
+ xorl 48(%esp), %ecx
+ orl %edi, %ebp
+ xorl 8(%esp), %ecx
+ andl %esi, %ebp
+ xorl 28(%esp), %ecx
+.byte 209
+.byte 193
+ movl %ecx, 40(%esp)
+ leal 2400959708(%ecx,%eax,1),%ecx
+ movl %edx, %eax
+ rorl $2, %edx
+ andl %edi, %eax
+ orl %eax, %ebp
+ movl %ebx, %eax
+ roll $5, %eax
+ addl %eax, %ebp
+ addl %ebp, %ecx
+
+ movl 44(%esp), %eax
+ movl %ebx, %ebp
+ xorl 52(%esp), %eax
+ orl %edx, %ebp
+ xorl 12(%esp), %eax
+ andl %edi, %ebp
+ xorl 32(%esp), %eax
+.byte 209
+.byte 192
+ movl %eax, 44(%esp)
+ leal 2400959708(%eax,%esi,1),%eax
+ movl %ebx, %esi
+ rorl $2, %ebx
+ andl %edx, %esi
+ orl %esi, %ebp
+ movl %ecx, %esi
+ roll $5, %esi
+ addl %esi, %ebp
+ addl %ebp, %eax
+
+ movl 48(%esp), %esi
+ movl %ecx, %ebp
+ xorl 56(%esp), %esi
+ rorl $2, %ecx
+ xorl 16(%esp), %esi
+ xorl %ebx, %ebp
+ xorl 36(%esp), %esi
+ xorl %edx, %ebp
+.byte 209
+.byte 198
+ movl %esi, 48(%esp)
+ leal 3395469782(%esi,%edi,1),%esi
+ movl %eax, %edi
+ roll $5, %edi
+ addl %ebp, %esi
+ addl %edi, %esi
+
+ movl 52(%esp), %edi
+ movl %eax, %ebp
+ xorl 60(%esp), %edi
+ rorl $2, %eax
+ xorl 20(%esp), %edi
+ xorl %ecx, %ebp
+ xorl 40(%esp), %edi
+ xorl %ebx, %ebp
+.byte 209
+.byte 199
+ movl %edi, 52(%esp)
+ leal 3395469782(%edi,%edx,1),%edi
+ movl %esi, %edx
+ roll $5, %edx
+ addl %ebp, %edi
+ addl %edx, %edi
+
+ movl 56(%esp), %edx
+ movl %esi, %ebp
+ xorl (%esp), %edx
+ rorl $2, %esi
+ xorl 24(%esp), %edx
+ xorl %eax, %ebp
+ xorl 44(%esp), %edx
+ xorl %ecx, %ebp
+.byte 209
+.byte 194
+ movl %edx, 56(%esp)
+ leal 3395469782(%edx,%ebx,1),%edx
+ movl %edi, %ebx
+ roll $5, %ebx
+ addl %ebp, %edx
+ addl %ebx, %edx
+
+ movl 60(%esp), %ebx
+ movl %edi, %ebp
+ xorl 4(%esp), %ebx
+ rorl $2, %edi
+ xorl 28(%esp), %ebx
+ xorl %esi, %ebp
+ xorl 48(%esp), %ebx
+ xorl %eax, %ebp
+.byte 209
+.byte 195
+ movl %ebx, 60(%esp)
+ leal 3395469782(%ebx,%ecx,1),%ebx
+ movl %edx, %ecx
+ roll $5, %ecx
+ addl %ebp, %ebx
+ addl %ecx, %ebx
+
+ movl (%esp), %ecx
+ movl %edx, %ebp
+ xorl 8(%esp), %ecx
+ rorl $2, %edx
+ xorl 32(%esp), %ecx
+ xorl %edi, %ebp
+ xorl 52(%esp), %ecx
+ xorl %esi, %ebp
+.byte 209
+.byte 193
+ movl %ecx, (%esp)
+ leal 3395469782(%ecx,%eax,1),%ecx
+ movl %ebx, %eax
+ roll $5, %eax
+ addl %ebp, %ecx
+ addl %eax, %ecx
+
+ movl 4(%esp), %eax
+ movl %ebx, %ebp
+ xorl 12(%esp), %eax
+ rorl $2, %ebx
+ xorl 36(%esp), %eax
+ xorl %edx, %ebp
+ xorl 56(%esp), %eax
+ xorl %edi, %ebp
+.byte 209
+.byte 192
+ movl %eax, 4(%esp)
+ leal 3395469782(%eax,%esi,1),%eax
+ movl %ecx, %esi
+ roll $5, %esi
+ addl %ebp, %eax
+ addl %esi, %eax
+
+ movl 8(%esp), %esi
+ movl %ecx, %ebp
+ xorl 16(%esp), %esi
+ rorl $2, %ecx
+ xorl 40(%esp), %esi
+ xorl %ebx, %ebp
+ xorl 60(%esp), %esi
+ xorl %edx, %ebp
+.byte 209
+.byte 198
+ movl %esi, 8(%esp)
+ leal 3395469782(%esi,%edi,1),%esi
+ movl %eax, %edi
+ roll $5, %edi
+ addl %ebp, %esi
+ addl %edi, %esi
+
+ movl 12(%esp), %edi
+ movl %eax, %ebp
+ xorl 20(%esp), %edi
+ rorl $2, %eax
+ xorl 44(%esp), %edi
+ xorl %ecx, %ebp
+ xorl (%esp), %edi
+ xorl %ebx, %ebp
+.byte 209
+.byte 199
+ movl %edi, 12(%esp)
+ leal 3395469782(%edi,%edx,1),%edi
+ movl %esi, %edx
+ roll $5, %edx
+ addl %ebp, %edi
+ addl %edx, %edi
+
+ movl 16(%esp), %edx
+ movl %esi, %ebp
+ xorl 24(%esp), %edx
+ rorl $2, %esi
+ xorl 48(%esp), %edx
+ xorl %eax, %ebp
+ xorl 4(%esp), %edx
+ xorl %ecx, %ebp
+.byte 209
+.byte 194
+ movl %edx, 16(%esp)
+ leal 3395469782(%edx,%ebx,1),%edx
+ movl %edi, %ebx
+ roll $5, %ebx
+ addl %ebp, %edx
+ addl %ebx, %edx
+
+ movl 20(%esp), %ebx
+ movl %edi, %ebp
+ xorl 28(%esp), %ebx
+ rorl $2, %edi
+ xorl 52(%esp), %ebx
+ xorl %esi, %ebp
+ xorl 8(%esp), %ebx
+ xorl %eax, %ebp
+.byte 209
+.byte 195
+ movl %ebx, 20(%esp)
+ leal 3395469782(%ebx,%ecx,1),%ebx
+ movl %edx, %ecx
+ roll $5, %ecx
+ addl %ebp, %ebx
+ addl %ecx, %ebx
+
+ movl 24(%esp), %ecx
+ movl %edx, %ebp
+ xorl 32(%esp), %ecx
+ rorl $2, %edx
+ xorl 56(%esp), %ecx
+ xorl %edi, %ebp
+ xorl 12(%esp), %ecx
+ xorl %esi, %ebp
+.byte 209
+.byte 193
+ movl %ecx, 24(%esp)
+ leal 3395469782(%ecx,%eax,1),%ecx
+ movl %ebx, %eax
+ roll $5, %eax
+ addl %ebp, %ecx
+ addl %eax, %ecx
+
+ movl 28(%esp), %eax
+ movl %ebx, %ebp
+ xorl 36(%esp), %eax
+ rorl $2, %ebx
+ xorl 60(%esp), %eax
+ xorl %edx, %ebp
+ xorl 16(%esp), %eax
+ xorl %edi, %ebp
+.byte 209
+.byte 192
+ movl %eax, 28(%esp)
+ leal 3395469782(%eax,%esi,1),%eax
+ movl %ecx, %esi
+ roll $5, %esi
+ addl %ebp, %eax
+ addl %esi, %eax
+
+ movl 32(%esp), %esi
+ movl %ecx, %ebp
+ xorl 40(%esp), %esi
+ rorl $2, %ecx
+ xorl (%esp), %esi
+ xorl %ebx, %ebp
+ xorl 20(%esp), %esi
+ xorl %edx, %ebp
+.byte 209
+.byte 198
+ movl %esi, 32(%esp)
+ leal 3395469782(%esi,%edi,1),%esi
+ movl %eax, %edi
+ roll $5, %edi
+ addl %ebp, %esi
+ addl %edi, %esi
+
+ movl 36(%esp), %edi
+ movl %eax, %ebp
+ xorl 44(%esp), %edi
+ rorl $2, %eax
+ xorl 4(%esp), %edi
+ xorl %ecx, %ebp
+ xorl 24(%esp), %edi
+ xorl %ebx, %ebp
+.byte 209
+.byte 199
+ movl %edi, 36(%esp)
+ leal 3395469782(%edi,%edx,1),%edi
+ movl %esi, %edx
+ roll $5, %edx
+ addl %ebp, %edi
+ addl %edx, %edi
+
+ movl 40(%esp), %edx
+ movl %esi, %ebp
+ xorl 48(%esp), %edx
+ rorl $2, %esi
+ xorl 8(%esp), %edx
+ xorl %eax, %ebp
+ xorl 28(%esp), %edx
+ xorl %ecx, %ebp
+.byte 209
+.byte 194
+ movl %edx, 40(%esp)
+ leal 3395469782(%edx,%ebx,1),%edx
+ movl %edi, %ebx
+ roll $5, %ebx
+ addl %ebp, %edx
+ addl %ebx, %edx
+
+ movl 44(%esp), %ebx
+ movl %edi, %ebp
+ xorl 52(%esp), %ebx
+ rorl $2, %edi
+ xorl 12(%esp), %ebx
+ xorl %esi, %ebp
+ xorl 32(%esp), %ebx
+ xorl %eax, %ebp
+.byte 209
+.byte 195
+ movl %ebx, 44(%esp)
+ leal 3395469782(%ebx,%ecx,1),%ebx
+ movl %edx, %ecx
+ roll $5, %ecx
+ addl %ebp, %ebx
+ addl %ecx, %ebx
+
+ movl 48(%esp), %ecx
+ movl %edx, %ebp
+ xorl 56(%esp), %ecx
+ rorl $2, %edx
+ xorl 16(%esp), %ecx
+ xorl %edi, %ebp
+ xorl 36(%esp), %ecx
+ xorl %esi, %ebp
+.byte 209
+.byte 193
+ movl %ecx, 48(%esp)
+ leal 3395469782(%ecx,%eax,1),%ecx
+ movl %ebx, %eax
+ roll $5, %eax
+ addl %ebp, %ecx
+ addl %eax, %ecx
+
+ movl 52(%esp), %eax
+ movl %ebx, %ebp
+ xorl 60(%esp), %eax
+ rorl $2, %ebx
+ xorl 20(%esp), %eax
+ xorl %edx, %ebp
+ xorl 40(%esp), %eax
+ xorl %edi, %ebp
+.byte 209
+.byte 192
+ movl %eax, 52(%esp)
+ leal 3395469782(%eax,%esi,1),%eax
+ movl %ecx, %esi
+ roll $5, %esi
+ addl %ebp, %eax
+ addl %esi, %eax
+
+ movl 56(%esp), %esi
+ movl %ecx, %ebp
+ xorl (%esp), %esi
+ rorl $2, %ecx
+ xorl 24(%esp), %esi
+ xorl %ebx, %ebp
+ xorl 44(%esp), %esi
+ xorl %edx, %ebp
+.byte 209
+.byte 198
+ movl %esi, 56(%esp)
+ leal 3395469782(%esi,%edi,1),%esi
+ movl %eax, %edi
+ roll $5, %edi
+ addl %ebp, %esi
+ addl %edi, %esi
+
+ movl 60(%esp), %edi
+ movl %eax, %ebp
+ xorl 4(%esp), %edi
+ rorl $2, %eax
+ xorl 28(%esp), %edi
+ xorl %ecx, %ebp
+ xorl 48(%esp), %edi
+ xorl %ebx, %ebp
+.byte 209
+.byte 199
+ movl %edi, 60(%esp)
+ leal 3395469782(%edi,%edx,1),%edi
+ movl %esi, %edx
+ roll $5, %edx
+ addl %ebp, %edi
+ addl %edx, %edi
+
+
+ movl 128(%esp), %ebp
+ movl 12(%ebp), %edx
+ addl %ecx, %edx
+ movl 4(%ebp), %ecx
+ addl %esi, %ecx
+ movl %eax, %esi
+ movl (%ebp), %eax
+ movl %edx, 12(%ebp)
+ addl %edi, %eax
+ movl 16(%ebp), %edi
+ addl %ebx, %edi
+ movl 8(%ebp), %ebx
+ addl %esi, %ebx
+ movl %eax, (%ebp)
+ movl 132(%esp), %esi
+ movl %ebx, 8(%ebp)
+ addl $64, %esi
+ movl 68(%esp), %eax
+ movl %edi, 16(%ebp)
+ cmpl %eax, %esi
+ movl %ecx, 4(%ebp)
+ jl .L000start
+ addl $108, %esp
+ popl %edi
+ popl %ebx
+ popl %ebp
+ popl %esi
+ ret
+.L_sha1_block_asm_data_order_end:
+ .size sha1_block_asm_data_order,.L_sha1_block_asm_data_order_end-sha1_block_asm_data_order
+.ident "desasm.pl"
+.text
+ .align 16
+.globl sha1_block_asm_host_order
+ .type sha1_block_asm_host_order,@function
+sha1_block_asm_host_order:
+ movl 12(%esp), %ecx
+ pushl %esi
+ sall $6, %ecx
+ movl 12(%esp), %esi
+ pushl %ebp
+ addl %esi, %ecx
+ pushl %ebx
+ movl 16(%esp), %ebp
+ pushl %edi
+ movl 12(%ebp), %edx
+ subl $108, %esp
+ movl 16(%ebp), %edi
+ movl 8(%ebp), %ebx
+ movl %ecx, 68(%esp)
+
+ movl (%esi), %eax
+ movl 4(%esi), %ecx
+ movl %eax, (%esp)
+ movl %ecx, 4(%esp)
+ movl 8(%esi), %eax
+ movl 12(%esi), %ecx
+ movl %eax, 8(%esp)
+ movl %ecx, 12(%esp)
+ movl 16(%esi), %eax
+ movl 20(%esi), %ecx
+ movl %eax, 16(%esp)
+ movl %ecx, 20(%esp)
+ movl 24(%esi), %eax
+ movl 28(%esi), %ecx
+ movl %eax, 24(%esp)
+ movl %ecx, 28(%esp)
+ movl 32(%esi), %eax
+ movl 36(%esi), %ecx
+ movl %eax, 32(%esp)
+ movl %ecx, 36(%esp)
+ movl 40(%esi), %eax
+ movl 44(%esi), %ecx
+ movl %eax, 40(%esp)
+ movl %ecx, 44(%esp)
+ movl 48(%esi), %eax
+ movl 52(%esi), %ecx
+ movl %eax, 48(%esp)
+ movl %ecx, 52(%esp)
+ movl 56(%esi), %eax
+ movl 60(%esi), %ecx
+ movl %eax, 56(%esp)
+ movl %ecx, 60(%esp)
+ jmp .L001shortcut
+.L_sha1_block_asm_host_order_end:
+ .size sha1_block_asm_host_order,.L_sha1_block_asm_host_order_end-sha1_block_asm_host_order
+.ident "desasm.pl"
diff --git a/secure/lib/libcrypto/man/ASN1_OBJECT_new.3 b/secure/lib/libcrypto/man/ASN1_OBJECT_new.3
new file mode 100644
index 0000000..a1e248e
--- /dev/null
+++ b/secure/lib/libcrypto/man/ASN1_OBJECT_new.3
@@ -0,0 +1,167 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "ASN1_OBJECT_new 3"
+.TH ASN1_OBJECT_new 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+ASN1_OBJECT_new, ASN1_OBJECT_free, \- object allocation functions
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/asn1.h>
+\&
+\& ASN1_OBJECT *ASN1_OBJECT_new(void);
+\& void ASN1_OBJECT_free(ASN1_OBJECT *a);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+The \s-1ASN1_OBJECT\s0 allocation routines, allocate and free an
+\&\s-1ASN1_OBJECT\s0 structure, which represents an \s-1ASN1\s0 \s-1OBJECT\s0 \s-1IDENTIFIER\s0.
+.PP
+\&\fIASN1_OBJECT_new()\fR allocates and initializes a \s-1ASN1_OBJECT\s0 structure.
+.PP
+\&\fIASN1_OBJECT_free()\fR frees up the \fB\s-1ASN1_OBJECT\s0\fR structure \fBa\fR.
+.SH "NOTES"
+.IX Header "NOTES"
+Although \fIASN1_OBJECT_new()\fR allocates a new \s-1ASN1_OBJECT\s0 structure it
+is almost never used in applications. The \s-1ASN1\s0 object utility functions
+such as \fIOBJ_nid2obj()\fR are used instead.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+If the allocation fails, \fIASN1_OBJECT_new()\fR returns \fB\s-1NULL\s0\fR and sets an error
+code that can be obtained by \fIERR_get_error\fR\|(3).
+Otherwise it returns a pointer to the newly allocated structure.
+.PP
+\&\fIASN1_OBJECT_free()\fR returns no value.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIERR_get_error\fR\|(3), \fId2i_ASN1_OBJECT\fR\|(3)
+.SH "HISTORY"
+.IX Header "HISTORY"
+\&\fIASN1_OBJECT_new()\fR and \fIASN1_OBJECT_free()\fR are available in all versions of SSLeay and OpenSSL.
diff --git a/secure/lib/libcrypto/man/ASN1_STRING_length.3 b/secure/lib/libcrypto/man/ASN1_STRING_length.3
new file mode 100644
index 0000000..5472c30
--- /dev/null
+++ b/secure/lib/libcrypto/man/ASN1_STRING_length.3
@@ -0,0 +1,207 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "ASN1_STRING_length 3"
+.TH ASN1_STRING_length 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+ASN1_STRING_dup, ASN1_STRING_cmp, ASN1_STRING_set, ASN1_STRING_length,
+ASN1_STRING_length_set, ASN1_STRING_type, ASN1_STRING_data \-
+ASN1_STRING utility functions
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/asn1.h>
+\&
+\& int ASN1_STRING_length(ASN1_STRING *x);
+\& unsigned char * ASN1_STRING_data(ASN1_STRING *x);
+\&
+\& ASN1_STRING * ASN1_STRING_dup(ASN1_STRING *a);
+\&
+\& int ASN1_STRING_cmp(ASN1_STRING *a, ASN1_STRING *b);
+\&
+\& int ASN1_STRING_set(ASN1_STRING *str, const void *data, int len);
+\&
+\& int ASN1_STRING_type(ASN1_STRING *x);
+\&
+\& int ASN1_STRING_to_UTF8(unsigned char **out, ASN1_STRING *in);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+These functions allow an \fB\s-1ASN1_STRING\s0\fR structure to be manipulated.
+.PP
+\&\fIASN1_STRING_length()\fR returns the length of the content of \fBx\fR.
+.PP
+\&\fIASN1_STRING_data()\fR returns an internal pointer to the data of \fBx\fR.
+Since this is an internal pointer it should \fBnot\fR be freed or
+modified in any way.
+.PP
+\&\fIASN1_STRING_dup()\fR returns a copy of the structure \fBa\fR.
+.PP
+\&\fIASN1_STRING_cmp()\fR compares \fBa\fR and \fBb\fR returning 0 if the two
+are identical. The string types and content are compared.
+.PP
+\&\fIASN1_STRING_set()\fR sets the data of string \fBstr\fR to the buffer
+\&\fBdata\fR or length \fBlen\fR. The supplied data is copied. If \fBlen\fR
+is \-1 then the length is determined by strlen(data).
+.PP
+\&\fIASN1_STRING_type()\fR returns the type of \fBx\fR, using standard constants
+such as \fBV_ASN1_OCTET_STRING\fR.
+.PP
+\&\fIASN1_STRING_to_UTF8()\fR converts the string \fBin\fR to \s-1UTF8\s0 format, the
+converted data is allocated in a buffer in \fB*out\fR. The length of
+\&\fBout\fR is returned or a negative error code. The buffer \fB*out\fR
+should be free using \fIOPENSSL_free()\fR.
+.SH "NOTES"
+.IX Header "NOTES"
+Almost all \s-1ASN1\s0 types in OpenSSL are represented as an \fB\s-1ASN1_STRING\s0\fR
+structure. Other types such as \fB\s-1ASN1_OCTET_STRING\s0\fR are simply typedefed
+to \fB\s-1ASN1_STRING\s0\fR and the functions call the \fB\s-1ASN1_STRING\s0\fR equivalents.
+\&\fB\s-1ASN1_STRING\s0\fR is also used for some \fB\s-1CHOICE\s0\fR types which consist
+entirely of primitive string types such as \fBDirectoryString\fR and
+\&\fBTime\fR.
+.PP
+These functions should \fBnot\fR be used to examine or modify \fB\s-1ASN1_INTEGER\s0\fR
+or \fB\s-1ASN1_ENUMERATED\s0\fR types: the relevant \fB\s-1INTEGER\s0\fR or \fB\s-1ENUMERATED\s0\fR
+utility functions should be used instead.
+.PP
+In general it cannot be assumed that the data returned by \fIASN1_STRING_data()\fR
+is null terminated or does not contain embedded nulls. The actual format
+of the data will depend on the actual string type itself: for example
+for and IA5String the data will be \s-1ASCII\s0, for a BMPString two bytes per
+character in big endian format, UTF8String will be in \s-1UTF8\s0 format.
+.PP
+Similar care should be take to ensure the data is in the correct format
+when calling \fIASN1_STRING_set()\fR.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIERR_get_error\fR\|(3)
+.SH "HISTORY"
+.IX Header "HISTORY"
diff --git a/secure/lib/libcrypto/man/ASN1_STRING_new.3 b/secure/lib/libcrypto/man/ASN1_STRING_new.3
new file mode 100644
index 0000000..04b6e8a
--- /dev/null
+++ b/secure/lib/libcrypto/man/ASN1_STRING_new.3
@@ -0,0 +1,168 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "ASN1_STRING_new 3"
+.TH ASN1_STRING_new 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+ASN1_STRING_new, ASN1_STRING_type_new, ASN1_STRING_free \-
+ASN1_STRING allocation functions
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/asn1.h>
+\&
+\& ASN1_STRING * ASN1_STRING_new(void);
+\& ASN1_STRING * ASN1_STRING_type_new(int type);
+\& void ASN1_STRING_free(ASN1_STRING *a);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\fIASN1_STRING_new()\fR returns an allocated \fB\s-1ASN1_STRING\s0\fR structure. Its type
+is undefined.
+.PP
+\&\fIASN1_STRING_type_new()\fR returns an allocated \fB\s-1ASN1_STRING\s0\fR structure of
+type \fBtype\fR.
+.PP
+\&\fIASN1_STRING_free()\fR frees up \fBa\fR.
+.SH "NOTES"
+.IX Header "NOTES"
+Other string types call the \fB\s-1ASN1_STRING\s0\fR functions. For example
+\&\fIASN1_OCTET_STRING_new()\fR calls ASN1_STRING_type(V_ASN1_OCTET_STRING).
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+\&\fIASN1_STRING_new()\fR and \fIASN1_STRING_type_new()\fR return a valid
+\&\s-1ASN1_STRING\s0 structure or \fB\s-1NULL\s0\fR if an error occurred.
+.PP
+\&\fIASN1_STRING_free()\fR does not return a value.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIERR_get_error\fR\|(3)
+.SH "HISTORY"
+.IX Header "HISTORY"
+\&\s-1TBA\s0
diff --git a/secure/lib/libcrypto/man/ASN1_STRING_print_ex.3 b/secure/lib/libcrypto/man/ASN1_STRING_print_ex.3
new file mode 100644
index 0000000..a56f6aa
--- /dev/null
+++ b/secure/lib/libcrypto/man/ASN1_STRING_print_ex.3
@@ -0,0 +1,218 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "ASN1_STRING_print_ex 3"
+.TH ASN1_STRING_print_ex 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+ASN1_STRING_print_ex, ASN1_STRING_print_ex_fp \- ASN1_STRING output routines.
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/asn1.h>
+\&
+\& int ASN1_STRING_print_ex(BIO *out, ASN1_STRING *str, unsigned long flags);
+\& int ASN1_STRING_print_ex_fp(FILE *fp, ASN1_STRING *str, unsigned long flags);
+\& int ASN1_STRING_print(BIO *out, ASN1_STRING *str);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+These functions output an \fB\s-1ASN1_STRING\s0\fR structure. \fB\s-1ASN1_STRING\s0\fR is used to
+represent all the \s-1ASN1\s0 string types.
+.PP
+\&\fIASN1_STRING_print_ex()\fR outputs \fBstr\fR to \fBout\fR, the format is determined by
+the options \fBflags\fR. \fIASN1_STRING_print_ex_fp()\fR is identical except it outputs
+to \fBfp\fR instead.
+.PP
+\&\fIASN1_STRING_print()\fR prints \fBstr\fR to \fBout\fR but using a different format to
+\&\fIASN1_STRING_print_ex()\fR. It replaces unprintable characters (other than \s-1CR\s0, \s-1LF\s0)
+with '.'.
+.SH "NOTES"
+.IX Header "NOTES"
+\&\fIASN1_STRING_print()\fR is a legacy function which should be avoided in new applications.
+.PP
+Although there are a large number of options frequently \fB\s-1ASN1_STRFLGS_RFC2253\s0\fR is
+suitable, or on \s-1UTF8\s0 terminals \fB\s-1ASN1_STRFLGS_RFC2253\s0 & ~ASN1_STRFLGS_ESC_MSB\fR.
+.PP
+The complete set of supported options for \fBflags\fR is listed below.
+.PP
+Various characters can be escaped. If \fB\s-1ASN1_STRFLGS_ESC_2253\s0\fR is set the characters
+determined by \s-1RFC2253\s0 are escaped. If \fB\s-1ASN1_STRFLGS_ESC_CTRL\s0\fR is set control
+characters are escaped. If \fB\s-1ASN1_STRFLGS_ESC_MSB\s0\fR is set characters with the
+\&\s-1MSB\s0 set are escaped: this option should \fBnot\fR be used if the terminal correctly
+interprets \s-1UTF8\s0 sequences.
+.PP
+Escaping takes several forms.
+.PP
+If the character being escaped is a 16 bit character then the form \*(L"\eUXXXX\*(R" is used
+using exactly four characters for the hex representation. If it is 32 bits then
+\&\*(L"\eWXXXXXXXX\*(R" is used using eight characters of its hex representation. These forms
+will only be used if \s-1UTF8\s0 conversion is not set (see below).
+.PP
+Printable characters are normally escaped using the backslash '\e' character. If
+\&\fB\s-1ASN1_STRFLGS_ESC_QUOTE\s0\fR is set then the whole string is instead surrounded by
+double quote characters: this is arguably more readable than the backslash
+notation. Other characters use the \*(L"\eXX\*(R" using exactly two characters of the hex
+representation.
+.PP
+If \fB\s-1ASN1_STRFLGS_UTF8_CONVERT\s0\fR is set then characters are converted to \s-1UTF8\s0
+format first. If the terminal supports the display of \s-1UTF8\s0 sequences then this
+option will correctly display multi byte characters.
+.PP
+If \fB\s-1ASN1_STRFLGS_IGNORE_TYPE\s0\fR is set then the string type is not interpreted at
+all: everything is assumed to be one byte per character. This is primarily for
+debugging purposes and can result in confusing output in multi character strings.
+.PP
+If \fB\s-1ASN1_STRFLGS_SHOW_TYPE\s0\fR is set then the string type itself is printed out
+before its value (for example \*(L"\s-1BMPSTRING\s0\*(R"), this actually uses \fIASN1_tag2str()\fR.
+.PP
+The content of a string instead of being interpreted can be \*(L"dumped\*(R": this just
+outputs the value of the string using the form #XXXX using hex format for each
+octet.
+.PP
+If \fB\s-1ASN1_STRFLGS_DUMP_ALL\s0\fR is set then any type is dumped.
+.PP
+Normally non character string types (such as \s-1OCTET\s0 \s-1STRING\s0) are assumed to be
+one byte per character, if \fB\s-1ASN1_STRFLGS_DUMP_UNKNOWN\s0\fR is set then they will
+be dumped instead.
+.PP
+When a type is dumped normally just the content octets are printed, if
+\&\fB\s-1ASN1_STRFLGS_DUMP_DER\s0\fR is set then the complete encoding is dumped
+instead (including tag and length octets).
+.PP
+\&\fB\s-1ASN1_STRFLGS_RFC2253\s0\fR includes all the flags required by \s-1RFC2253\s0. It is
+equivalent to:
+ \s-1ASN1_STRFLGS_ESC_2253\s0 | \s-1ASN1_STRFLGS_ESC_CTRL\s0 | \s-1ASN1_STRFLGS_ESC_MSB\s0 |
+ \s-1ASN1_STRFLGS_UTF8_CONVERT\s0 | \s-1ASN1_STRFLGS_DUMP_UNKNOWN\s0 \s-1ASN1_STRFLGS_DUMP_DER\s0
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIX509_NAME_print_ex\fR\|(3),
+\&\fIASN1_tag2str\fR\|(3)
+.SH "HISTORY"
+.IX Header "HISTORY"
+\&\s-1TBA\s0
diff --git a/secure/lib/libcrypto/man/ASN1_generate_nconf.3 b/secure/lib/libcrypto/man/ASN1_generate_nconf.3
new file mode 100644
index 0000000..6be122a
--- /dev/null
+++ b/secure/lib/libcrypto/man/ASN1_generate_nconf.3
@@ -0,0 +1,367 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "ASN1_generate_nconf 3"
+.TH ASN1_generate_nconf 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+ASN1_generate_nconf, ASN1_generate_v3 \- ASN1 generation functions
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/asn1.h>
+\&
+\& ASN1_TYPE *ASN1_generate_nconf(char *str, CONF *nconf);
+\& ASN1_TYPE *ASN1_generate_v3(char *str, X509V3_CTX *cnf);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+These functions generate the \s-1ASN1\s0 encoding of a string
+in an \fB\s-1ASN1_TYPE\s0\fR structure.
+.PP
+\&\fBstr\fR contains the string to encode \fBnconf\fR or \fBcnf\fR contains
+the optional configuration information where additional strings
+will be read from. \fBnconf\fR will typically come from a config
+file wherease \fBcnf\fR is obtained from an \fBX509V3_CTX\fR structure
+which will typically be used by X509 v3 certificate extension
+functions. \fBcnf\fR or \fBnconf\fR can be set to \fB\s-1NULL\s0\fR if no additional
+configuration will be used.
+.SH "GENERATION STRING FORMAT"
+.IX Header "GENERATION STRING FORMAT"
+The actual data encoded is determined by the string \fBstr\fR and
+the configuration information. The general format of the string
+is:
+.IP "\fB[modifier,]type[:value]\fR" 2
+.IX Item "[modifier,]type[:value]"
+.PP
+That is zero or more comma separated modifiers followed by a type
+followed by an optional colon and a value. The formats of \fBtype\fR,
+\&\fBvalue\fR and \fBmodifier\fR are explained below.
+.SS "\s-1SUPPORTED\s0 \s-1TYPES\s0"
+.IX Subsection "SUPPORTED TYPES"
+The supported types are listed below. Unless otherwise specified
+only the \fB\s-1ASCII\s0\fR format is permissible.
+.IP "\fB\s-1BOOLEAN\s0\fR, \fB\s-1BOOL\s0\fR" 2
+.IX Item "BOOLEAN, BOOL"
+This encodes a boolean type. The \fBvalue\fR string is mandatory and
+should be \fB\s-1TRUE\s0\fR or \fB\s-1FALSE\s0\fR. Additionally \fB\s-1TRUE\s0\fR, \fBtrue\fR, \fBY\fR,
+\&\fBy\fR, \fB\s-1YES\s0\fR, \fByes\fR, \fB\s-1FALSE\s0\fR, \fBfalse\fR, \fBN\fR, \fBn\fR, \fB\s-1NO\s0\fR and \fBno\fR
+are acceptable.
+.IP "\fB\s-1NULL\s0\fR" 2
+.IX Item "NULL"
+Encode the \fB\s-1NULL\s0\fR type, the \fBvalue\fR string must not be present.
+.IP "\fB\s-1INTEGER\s0\fR, \fB\s-1INT\s0\fR" 2
+.IX Item "INTEGER, INT"
+Encodes an \s-1ASN1\s0 \fB\s-1INTEGER\s0\fR type. The \fBvalue\fR string represents
+the value of the integer, it can be preceeded by a minus sign and
+is normally interpreted as a decimal value unless the prefix \fB0x\fR
+is included.
+.IP "\fB\s-1ENUMERATED\s0\fR, \fB\s-1ENUM\s0\fR" 2
+.IX Item "ENUMERATED, ENUM"
+Encodes the \s-1ASN1\s0 \fB\s-1ENUMERATED\s0\fR type, it is otherwise identical to
+\&\fB\s-1INTEGER\s0\fR.
+.IP "\fB\s-1OBJECT\s0\fR, \fB\s-1OID\s0\fR" 2
+.IX Item "OBJECT, OID"
+Encodes an \s-1ASN1\s0 \fB\s-1OBJECT\s0 \s-1IDENTIFIER\s0\fR, the \fBvalue\fR string can be
+a short name, a long name or numerical format.
+.IP "\fB\s-1UTCTIME\s0\fR, \fB\s-1UTC\s0\fR" 2
+.IX Item "UTCTIME, UTC"
+Encodes an \s-1ASN1\s0 \fBUTCTime\fR structure, the value should be in
+the format \fB\s-1YYMMDDHHMMSSZ\s0\fR.
+.IP "\fB\s-1GENERALIZEDTIME\s0\fR, \fB\s-1GENTIME\s0\fR" 2
+.IX Item "GENERALIZEDTIME, GENTIME"
+Encodes an \s-1ASN1\s0 \fBGeneralizedTime\fR structure, the value should be in
+the format \fB\s-1YYYYMMDDHHMMSSZ\s0\fR.
+.IP "\fB\s-1OCTETSTRING\s0\fR, \fB\s-1OCT\s0\fR" 2
+.IX Item "OCTETSTRING, OCT"
+Encodes an \s-1ASN1\s0 \fB\s-1OCTET\s0 \s-1STRING\s0\fR. \fBvalue\fR represents the contents
+of this structure, the format strings \fB\s-1ASCII\s0\fR and \fB\s-1HEX\s0\fR can be
+used to specify the format of \fBvalue\fR.
+.IP "\fB\s-1BITSTRING\s0\fR, \fB\s-1BITSTR\s0\fR" 2
+.IX Item "BITSTRING, BITSTR"
+Encodes an \s-1ASN1\s0 \fB\s-1BIT\s0 \s-1STRING\s0\fR. \fBvalue\fR represents the contents
+of this structure, the format strings \fB\s-1ASCII\s0\fR, \fB\s-1HEX\s0\fR and \fB\s-1BITLIST\s0\fR
+can be used to specify the format of \fBvalue\fR.
+.Sp
+If the format is anything other than \fB\s-1BITLIST\s0\fR the number of unused
+bits is set to zero.
+.IP "\fB\s-1UNIVERSALSTRING\s0\fR, \fB\s-1UNIV\s0\fR, \fB\s-1IA5\s0\fR, \fB\s-1IA5STRING\s0\fR, \fB\s-1UTF8\s0\fR, \fBUTF8String\fR, \fB\s-1BMP\s0\fR, \fB\s-1BMPSTRING\s0\fR, \fB\s-1VISIBLESTRING\s0\fR, \fB\s-1VISIBLE\s0\fR, \fB\s-1PRINTABLESTRING\s0\fR, \fB\s-1PRINTABLE\s0\fR, \fBT61\fR, \fBT61STRING\fR, \fB\s-1TELETEXSTRING\s0\fR, \fBGeneralString\fR" 2
+.IX Item "UNIVERSALSTRING, UNIV, IA5, IA5STRING, UTF8, UTF8String, BMP, BMPSTRING, VISIBLESTRING, VISIBLE, PRINTABLESTRING, PRINTABLE, T61, T61STRING, TELETEXSTRING, GeneralString"
+These encode the corresponding string types. \fBvalue\fR represents the
+contents of this structure. The format can be \fB\s-1ASCII\s0\fR or \fB\s-1UTF8\s0\fR.
+.IP "\fB\s-1SEQUENCE\s0\fR, \fB\s-1SEQ\s0\fR, \fB\s-1SET\s0\fR" 2
+.IX Item "SEQUENCE, SEQ, SET"
+Formats the result as an \s-1ASN1\s0 \fB\s-1SEQUENCE\s0\fR or \fB\s-1SET\s0\fR type. \fBvalue\fR
+should be a section name which will contain the contents. The
+field names in the section are ignored and the values are in the
+generated string format. If \fBvalue\fR is absent then an empty \s-1SEQUENCE\s0
+will be encoded.
+.SS "\s-1MODIFIERS\s0"
+.IX Subsection "MODIFIERS"
+Modifiers affect the following structure, they can be used to
+add \s-1EXPLICIT\s0 or \s-1IMPLICIT\s0 tagging, add wrappers or to change
+the string format of the final type and value. The supported
+formats are documented below.
+.IP "\fB\s-1EXPLICIT\s0\fR, \fB\s-1EXP\s0\fR" 2
+.IX Item "EXPLICIT, EXP"
+Add an explicit tag to the following structure. This string
+should be followed by a colon and the tag value to use as a
+decimal value.
+.Sp
+By following the number with \fBU\fR, \fBA\fR, \fBP\fR or \fBC\fR \s-1UNIVERSAL\s0,
+\&\s-1APPLICATION\s0, \s-1PRIVATE\s0 or \s-1CONTEXT\s0 \s-1SPECIFIC\s0 tagging can be used,
+the default is \s-1CONTEXT\s0 \s-1SPECIFIC\s0.
+.IP "\fB\s-1IMPLICIT\s0\fR, \fB\s-1IMP\s0\fR" 2
+.IX Item "IMPLICIT, IMP"
+This is the same as \fB\s-1EXPLICIT\s0\fR except \s-1IMPLICIT\s0 tagging is used
+instead.
+.IP "\fB\s-1OCTWRAP\s0\fR, \fB\s-1SEQWRAP\s0\fR, \fB\s-1SETWRAP\s0\fR, \fB\s-1BITWRAP\s0\fR" 2
+.IX Item "OCTWRAP, SEQWRAP, SETWRAP, BITWRAP"
+The following structure is surrounded by an \s-1OCTET\s0 \s-1STRING\s0, a \s-1SEQUENCE\s0,
+a \s-1SET\s0 or a \s-1BIT\s0 \s-1STRING\s0 respectively. For a \s-1BIT\s0 \s-1STRING\s0 the number of unused
+bits is set to zero.
+.IP "\fB\s-1FORMAT\s0\fR" 2
+.IX Item "FORMAT"
+This specifies the format of the ultimate value. It should be followed
+by a colon and one of the strings \fB\s-1ASCII\s0\fR, \fB\s-1UTF8\s0\fR, \fB\s-1HEX\s0\fR or \fB\s-1BITLIST\s0\fR.
+.Sp
+If no format specifier is included then \fB\s-1ASCII\s0\fR is used. If \fB\s-1UTF8\s0\fR is
+specified then the value string must be a valid \fB\s-1UTF8\s0\fR string. For \fB\s-1HEX\s0\fR the
+output must be a set of hex digits. \fB\s-1BITLIST\s0\fR (which is only valid for a \s-1BIT\s0
+\&\s-1STRING\s0) is a comma separated list of the indices of the set bits, all other
+bits are zero.
+.SH "EXAMPLES"
+.IX Header "EXAMPLES"
+A simple IA5String:
+.PP
+.Vb 1
+\& IA5STRING:Hello World
+.Ve
+.PP
+An IA5String explicitly tagged:
+.PP
+.Vb 1
+\& EXPLICIT:0,IA5STRING:Hello World
+.Ve
+.PP
+An IA5String explicitly tagged using \s-1APPLICATION\s0 tagging:
+.PP
+.Vb 1
+\& EXPLICIT:0A,IA5STRING:Hello World
+.Ve
+.PP
+A \s-1BITSTRING\s0 with bits 1 and 5 set and all others zero:
+.PP
+.Vb 1
+\& FORMAT:BITLIST,BITSTRING:1,5
+.Ve
+.PP
+A more complex example using a config file to produce a
+\&\s-1SEQUENCE\s0 consiting of a \s-1BOOL\s0 an \s-1OID\s0 and a UTF8String:
+.PP
+.Vb 1
+\& asn1 = SEQUENCE:seq_section
+\&
+\& [seq_section]
+\&
+\& field1 = BOOLEAN:TRUE
+\& field2 = OID:commonName
+\& field3 = UTF8:Third field
+.Ve
+.PP
+This example produces an RSAPrivateKey structure, this is the
+key contained in the file client.pem in all OpenSSL distributions
+(note: the field names such as 'coeff' are ignored and are present just
+for clarity):
+.PP
+.Vb 3
+\& asn1=SEQUENCE:private_key
+\& [private_key]
+\& version=INTEGER:0
+\&
+\& n=INTEGER:0xBB6FE79432CC6EA2D8F970675A5A87BFBE1AFF0BE63E879F2AFFB93644\e
+\& D4D2C6D000430DEC66ABF47829E74B8C5108623A1C0EE8BE217B3AD8D36D5EB4FCA1D9
+\&
+\& e=INTEGER:0x010001
+\&
+\& d=INTEGER:0x6F05EAD2F27FFAEC84BEC360C4B928FD5F3A9865D0FCAAD291E2A52F4A\e
+\& F810DC6373278C006A0ABBA27DC8C63BF97F7E666E27C5284D7D3B1FFFE16B7A87B51D
+\&
+\& p=INTEGER:0xF3929B9435608F8A22C208D86795271D54EBDFB09DDEF539AB083DA912\e
+\& D4BD57
+\&
+\& q=INTEGER:0xC50016F89DFF2561347ED1186A46E150E28BF2D0F539A1594BBD7FE467\e
+\& 46EC4F
+\&
+\& exp1=INTEGER:0x9E7D4326C924AFC1DEA40B45650134966D6F9DFA3A7F9D698CD4ABEA\e
+\& 9C0A39B9
+\&
+\& exp2=INTEGER:0xBA84003BB95355AFB7C50DF140C60513D0BA51D637272E355E397779\e
+\& E7B2458F
+\&
+\& coeff=INTEGER:0x30B9E4F2AFA5AC679F920FC83F1F2DF1BAF1779CF989447FABC2F5\e
+\& 628657053A
+.Ve
+.PP
+This example is the corresponding public key in a SubjectPublicKeyInfo
+structure:
+.PP
+.Vb 2
+\& # Start with a SEQUENCE
+\& asn1=SEQUENCE:pubkeyinfo
+\&
+\& # pubkeyinfo contains an algorithm identifier and the public key wrapped
+\& # in a BIT STRING
+\& [pubkeyinfo]
+\& algorithm=SEQUENCE:rsa_alg
+\& pubkey=BITWRAP,SEQUENCE:rsapubkey
+\&
+\& # algorithm ID for RSA is just an OID and a NULL
+\& [rsa_alg]
+\& algorithm=OID:rsaEncryption
+\& parameter=NULL
+\&
+\& # Actual public key: modulus and exponent
+\& [rsapubkey]
+\& n=INTEGER:0xBB6FE79432CC6EA2D8F970675A5A87BFBE1AFF0BE63E879F2AFFB93644\e
+\& D4D2C6D000430DEC66ABF47829E74B8C5108623A1C0EE8BE217B3AD8D36D5EB4FCA1D9
+\&
+\& e=INTEGER:0x010001
+.Ve
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+\&\fIASN1_generate_nconf()\fR and \fIASN1_generate_v3()\fR return the encoded
+data as an \fB\s-1ASN1_TYPE\s0\fR structure or \fB\s-1NULL\s0\fR if an error occurred.
+.PP
+The error codes that can be obtained by \fIERR_get_error\fR\|(3).
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIERR_get_error\fR\|(3)
+.SH "HISTORY"
+.IX Header "HISTORY"
+\&\fIASN1_generate_nconf()\fR and \fIASN1_generate_v3()\fR were added to OpenSSL 0.9.8
diff --git a/secure/lib/libcrypto/man/BIO_ctrl.3 b/secure/lib/libcrypto/man/BIO_ctrl.3
new file mode 100644
index 0000000..d58eb62
--- /dev/null
+++ b/secure/lib/libcrypto/man/BIO_ctrl.3
@@ -0,0 +1,252 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "BIO_ctrl 3"
+.TH BIO_ctrl 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+BIO_ctrl, BIO_callback_ctrl, BIO_ptr_ctrl, BIO_int_ctrl, BIO_reset,
+BIO_seek, BIO_tell, BIO_flush, BIO_eof, BIO_set_close, BIO_get_close,
+BIO_pending, BIO_wpending, BIO_ctrl_pending, BIO_ctrl_wpending,
+BIO_get_info_callback, BIO_set_info_callback \- BIO control operations
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/bio.h>
+\&
+\& long BIO_ctrl(BIO *bp,int cmd,long larg,void *parg);
+\& long BIO_callback_ctrl(BIO *b, int cmd, void (*fp)(struct bio_st *, int, const char *, int, long, long));
+\& char * BIO_ptr_ctrl(BIO *bp,int cmd,long larg);
+\& long BIO_int_ctrl(BIO *bp,int cmd,long larg,int iarg);
+\&
+\& int BIO_reset(BIO *b);
+\& int BIO_seek(BIO *b, int ofs);
+\& int BIO_tell(BIO *b);
+\& int BIO_flush(BIO *b);
+\& int BIO_eof(BIO *b);
+\& int BIO_set_close(BIO *b,long flag);
+\& int BIO_get_close(BIO *b);
+\& int BIO_pending(BIO *b);
+\& int BIO_wpending(BIO *b);
+\& size_t BIO_ctrl_pending(BIO *b);
+\& size_t BIO_ctrl_wpending(BIO *b);
+\&
+\& int BIO_get_info_callback(BIO *b,bio_info_cb **cbp);
+\& int BIO_set_info_callback(BIO *b,bio_info_cb *cb);
+\&
+\& typedef void bio_info_cb(BIO *b, int oper, const char *ptr, int arg1, long arg2, long arg3);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\fIBIO_ctrl()\fR, \fIBIO_callback_ctrl()\fR, \fIBIO_ptr_ctrl()\fR and \fIBIO_int_ctrl()\fR
+are \s-1BIO\s0 \*(L"control\*(R" operations taking arguments of various types.
+These functions are not normally called directly, various macros
+are used instead. The standard macros are described below, macros
+specific to a particular type of \s-1BIO\s0 are described in the specific
+BIOs manual page as well as any special features of the standard
+calls.
+.PP
+\&\fIBIO_reset()\fR typically resets a \s-1BIO\s0 to some initial state, in the case
+of file related BIOs for example it rewinds the file pointer to the
+start of the file.
+.PP
+\&\fIBIO_seek()\fR resets a file related \s-1BIO\s0's (that is file descriptor and
+\&\s-1FILE\s0 BIOs) file position pointer to \fBofs\fR bytes from start of file.
+.PP
+\&\fIBIO_tell()\fR returns the current file position of a file related \s-1BIO\s0.
+.PP
+\&\fIBIO_flush()\fR normally writes out any internally buffered data, in some
+cases it is used to signal \s-1EOF\s0 and that no more data will be written.
+.PP
+\&\fIBIO_eof()\fR returns 1 if the \s-1BIO\s0 has read \s-1EOF\s0, the precise meaning of
+\&\*(L"\s-1EOF\s0\*(R" varies according to the \s-1BIO\s0 type.
+.PP
+\&\fIBIO_set_close()\fR sets the \s-1BIO\s0 \fBb\fR close flag to \fBflag\fR. \fBflag\fR can
+take the value \s-1BIO_CLOSE\s0 or \s-1BIO_NOCLOSE\s0. Typically \s-1BIO_CLOSE\s0 is used
+in a source/sink \s-1BIO\s0 to indicate that the underlying I/O stream should
+be closed when the \s-1BIO\s0 is freed.
+.PP
+\&\fIBIO_get_close()\fR returns the BIOs close flag.
+.PP
+\&\fIBIO_pending()\fR, \fIBIO_ctrl_pending()\fR, \fIBIO_wpending()\fR and \fIBIO_ctrl_wpending()\fR
+return the number of pending characters in the BIOs read and write buffers.
+Not all BIOs support these calls. \fIBIO_ctrl_pending()\fR and \fIBIO_ctrl_wpending()\fR
+return a size_t type and are functions, \fIBIO_pending()\fR and \fIBIO_wpending()\fR are
+macros which call \fIBIO_ctrl()\fR.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+\&\fIBIO_reset()\fR normally returns 1 for success and 0 or \-1 for failure. File
+BIOs are an exception, they return 0 for success and \-1 for failure.
+.PP
+\&\fIBIO_seek()\fR and \fIBIO_tell()\fR both return the current file position on success
+and \-1 for failure, except file BIOs which for \fIBIO_seek()\fR always return 0
+for success and \-1 for failure.
+.PP
+\&\fIBIO_flush()\fR returns 1 for success and 0 or \-1 for failure.
+.PP
+\&\fIBIO_eof()\fR returns 1 if \s-1EOF\s0 has been reached 0 otherwise.
+.PP
+\&\fIBIO_set_close()\fR always returns 1.
+.PP
+\&\fIBIO_get_close()\fR returns the close flag value: \s-1BIO_CLOSE\s0 or \s-1BIO_NOCLOSE\s0.
+.PP
+\&\fIBIO_pending()\fR, \fIBIO_ctrl_pending()\fR, \fIBIO_wpending()\fR and \fIBIO_ctrl_wpending()\fR
+return the amount of pending data.
+.SH "NOTES"
+.IX Header "NOTES"
+\&\fIBIO_flush()\fR, because it can write data may return 0 or \-1 indicating
+that the call should be retried later in a similar manner to \fIBIO_write()\fR.
+The \fIBIO_should_retry()\fR call should be used and appropriate action taken
+is the call fails.
+.PP
+The return values of \fIBIO_pending()\fR and \fIBIO_wpending()\fR may not reliably
+determine the amount of pending data in all cases. For example in the
+case of a file \s-1BIO\s0 some data may be available in the \s-1FILE\s0 structures
+internal buffers but it is not possible to determine this in a
+portably way. For other types of \s-1BIO\s0 they may not be supported.
+.PP
+Filter BIOs if they do not internally handle a particular \fIBIO_ctrl()\fR
+operation usually pass the operation to the next \s-1BIO\s0 in the chain.
+This often means there is no need to locate the required \s-1BIO\s0 for
+a particular operation, it can be called on a chain and it will
+be automatically passed to the relevant \s-1BIO\s0. However this can cause
+unexpected results: for example no current filter BIOs implement
+\&\fIBIO_seek()\fR, but this may still succeed if the chain ends in a \s-1FILE\s0
+or file descriptor \s-1BIO\s0.
+.PP
+Source/sink BIOs return an 0 if they do not recognize the \fIBIO_ctrl()\fR
+operation.
+.SH "BUGS"
+.IX Header "BUGS"
+Some of the return values are ambiguous and care should be taken. In
+particular a return value of 0 can be returned if an operation is not
+supported, if an error occurred, if \s-1EOF\s0 has not been reached and in
+the case of \fIBIO_seek()\fR on a file \s-1BIO\s0 for a successful operation.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\s-1TBA\s0
diff --git a/secure/lib/libcrypto/man/BIO_f_base64.3 b/secure/lib/libcrypto/man/BIO_f_base64.3
new file mode 100644
index 0000000..936ea90
--- /dev/null
+++ b/secure/lib/libcrypto/man/BIO_f_base64.3
@@ -0,0 +1,208 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "BIO_f_base64 3"
+.TH BIO_f_base64 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+BIO_f_base64 \- base64 BIO filter
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 2
+\& #include <openssl/bio.h>
+\& #include <openssl/evp.h>
+\&
+\& BIO_METHOD * BIO_f_base64(void);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\fIBIO_f_base64()\fR returns the base64 \s-1BIO\s0 method. This is a filter
+\&\s-1BIO\s0 that base64 encodes any data written through it and decodes
+any data read through it.
+.PP
+Base64 BIOs do not support \fIBIO_gets()\fR or \fIBIO_puts()\fR.
+.PP
+\&\fIBIO_flush()\fR on a base64 \s-1BIO\s0 that is being written through is
+used to signal that no more data is to be encoded: this is used
+to flush the final block through the \s-1BIO\s0.
+.PP
+The flag \s-1BIO_FLAGS_BASE64_NO_NL\s0 can be set with \fIBIO_set_flags()\fR
+to encode the data all on one line or expect the data to be all
+on one line.
+.SH "NOTES"
+.IX Header "NOTES"
+Because of the format of base64 encoding the end of the encoded
+block cannot always be reliably determined.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+\&\fIBIO_f_base64()\fR returns the base64 \s-1BIO\s0 method.
+.SH "EXAMPLES"
+.IX Header "EXAMPLES"
+Base64 encode the string \*(L"Hello World\en\*(R" and write the result
+to standard output:
+.PP
+.Vb 2
+\& BIO *bio, *b64;
+\& char message[] = "Hello World \en";
+\&
+\& b64 = BIO_new(BIO_f_base64());
+\& bio = BIO_new_fp(stdout, BIO_NOCLOSE);
+\& bio = BIO_push(b64, bio);
+\& BIO_write(bio, message, strlen(message));
+\& BIO_flush(bio);
+\&
+\& BIO_free_all(bio);
+.Ve
+.PP
+Read Base64 encoded data from standard input and write the decoded
+data to standard output:
+.PP
+.Vb 3
+\& BIO *bio, *b64, *bio_out;
+\& char inbuf[512];
+\& int inlen;
+\&
+\& b64 = BIO_new(BIO_f_base64());
+\& bio = BIO_new_fp(stdin, BIO_NOCLOSE);
+\& bio_out = BIO_new_fp(stdout, BIO_NOCLOSE);
+\& bio = BIO_push(b64, bio);
+\& while((inlen = BIO_read(bio, inbuf, 512)) > 0)
+\& BIO_write(bio_out, inbuf, inlen);
+\&
+\& BIO_free_all(bio);
+.Ve
+.SH "BUGS"
+.IX Header "BUGS"
+The ambiguity of \s-1EOF\s0 in base64 encoded data can cause additional
+data following the base64 encoded block to be misinterpreted.
+.PP
+There should be some way of specifying a test that the \s-1BIO\s0 can perform
+to reliably determine \s-1EOF\s0 (for example a \s-1MIME\s0 boundary).
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\s-1TBA\s0
diff --git a/secure/lib/libcrypto/man/BIO_f_buffer.3 b/secure/lib/libcrypto/man/BIO_f_buffer.3
new file mode 100644
index 0000000..ebc0c16
--- /dev/null
+++ b/secure/lib/libcrypto/man/BIO_f_buffer.3
@@ -0,0 +1,199 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "BIO_f_buffer 3"
+.TH BIO_f_buffer 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+BIO_f_buffer \- buffering BIO
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/bio.h>
+\&
+\& BIO_METHOD * BIO_f_buffer(void);
+\&
+\& #define BIO_get_buffer_num_lines(b) BIO_ctrl(b,BIO_C_GET_BUFF_NUM_LINES,0,NULL)
+\& #define BIO_set_read_buffer_size(b,size) BIO_int_ctrl(b,BIO_C_SET_BUFF_SIZE,size,0)
+\& #define BIO_set_write_buffer_size(b,size) BIO_int_ctrl(b,BIO_C_SET_BUFF_SIZE,size,1)
+\& #define BIO_set_buffer_size(b,size) BIO_ctrl(b,BIO_C_SET_BUFF_SIZE,size,NULL)
+\& #define BIO_set_buffer_read_data(b,buf,num) BIO_ctrl(b,BIO_C_SET_BUFF_READ_DATA,num,buf)
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\fIBIO_f_buffer()\fR returns the buffering \s-1BIO\s0 method.
+.PP
+Data written to a buffering \s-1BIO\s0 is buffered and periodically written
+to the next \s-1BIO\s0 in the chain. Data read from a buffering \s-1BIO\s0 comes from
+an internal buffer which is filled from the next \s-1BIO\s0 in the chain.
+Both \fIBIO_gets()\fR and \fIBIO_puts()\fR are supported.
+.PP
+Calling \fIBIO_reset()\fR on a buffering \s-1BIO\s0 clears any buffered data.
+.PP
+\&\fIBIO_get_buffer_num_lines()\fR returns the number of lines currently buffered.
+.PP
+\&\fIBIO_set_read_buffer_size()\fR, \fIBIO_set_write_buffer_size()\fR and \fIBIO_set_buffer_size()\fR
+set the read, write or both read and write buffer sizes to \fBsize\fR. The initial
+buffer size is \s-1DEFAULT_BUFFER_SIZE\s0, currently 4096. Any attempt to reduce the
+buffer size below \s-1DEFAULT_BUFFER_SIZE\s0 is ignored. Any buffered data is cleared
+when the buffer is resized.
+.PP
+\&\fIBIO_set_buffer_read_data()\fR clears the read buffer and fills it with \fBnum\fR
+bytes of \fBbuf\fR. If \fBnum\fR is larger than the current buffer size the buffer
+is expanded.
+.SH "NOTES"
+.IX Header "NOTES"
+Buffering BIOs implement \fIBIO_gets()\fR by using \fIBIO_read()\fR operations on the
+next \s-1BIO\s0 in the chain. By prepending a buffering \s-1BIO\s0 to a chain it is therefore
+possible to provide \fIBIO_gets()\fR functionality if the following BIOs do not
+support it (for example \s-1SSL\s0 BIOs).
+.PP
+Data is only written to the next \s-1BIO\s0 in the chain when the write buffer fills
+or when \fIBIO_flush()\fR is called. It is therefore important to call \fIBIO_flush()\fR
+whenever any pending data should be written such as when removing a buffering
+\&\s-1BIO\s0 using \fIBIO_pop()\fR. \fIBIO_flush()\fR may need to be retried if the ultimate
+source/sink \s-1BIO\s0 is non blocking.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+\&\fIBIO_f_buffer()\fR returns the buffering \s-1BIO\s0 method.
+.PP
+\&\fIBIO_get_buffer_num_lines()\fR returns the number of lines buffered (may be 0).
+.PP
+\&\fIBIO_set_read_buffer_size()\fR, \fIBIO_set_write_buffer_size()\fR and \fIBIO_set_buffer_size()\fR
+return 1 if the buffer was successfully resized or 0 for failure.
+.PP
+\&\fIBIO_set_buffer_read_data()\fR returns 1 if the data was set correctly or 0 if
+there was an error.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\s-1\fIBIO\s0\fR\|(3),
+\&\fIBIO_reset\fR\|(3),
+\&\fIBIO_flush\fR\|(3),
+\&\fIBIO_pop\fR\|(3),
+\&\fIBIO_ctrl\fR\|(3),
+\&\fIBIO_int_ctrl\fR\|(3)
diff --git a/secure/lib/libcrypto/man/BIO_f_cipher.3 b/secure/lib/libcrypto/man/BIO_f_cipher.3
new file mode 100644
index 0000000..2a7f885
--- /dev/null
+++ b/secure/lib/libcrypto/man/BIO_f_cipher.3
@@ -0,0 +1,200 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "BIO_f_cipher 3"
+.TH BIO_f_cipher 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+BIO_f_cipher, BIO_set_cipher, BIO_get_cipher_status, BIO_get_cipher_ctx \- cipher BIO filter
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 2
+\& #include <openssl/bio.h>
+\& #include <openssl/evp.h>
+\&
+\& BIO_METHOD * BIO_f_cipher(void);
+\& void BIO_set_cipher(BIO *b,const EVP_CIPHER *cipher,
+\& unsigned char *key, unsigned char *iv, int enc);
+\& int BIO_get_cipher_status(BIO *b)
+\& int BIO_get_cipher_ctx(BIO *b, EVP_CIPHER_CTX **pctx)
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\fIBIO_f_cipher()\fR returns the cipher \s-1BIO\s0 method. This is a filter
+\&\s-1BIO\s0 that encrypts any data written through it, and decrypts any data
+read from it. It is a \s-1BIO\s0 wrapper for the cipher routines
+\&\fIEVP_CipherInit()\fR, \fIEVP_CipherUpdate()\fR and \fIEVP_CipherFinal()\fR.
+.PP
+Cipher BIOs do not support \fIBIO_gets()\fR or \fIBIO_puts()\fR.
+.PP
+\&\fIBIO_flush()\fR on an encryption \s-1BIO\s0 that is being written through is
+used to signal that no more data is to be encrypted: this is used
+to flush and possibly pad the final block through the \s-1BIO\s0.
+.PP
+\&\fIBIO_set_cipher()\fR sets the cipher of \s-1BIO\s0 \fBb\fR to \fBcipher\fR using key \fBkey\fR
+and \s-1IV\s0 \fBiv\fR. \fBenc\fR should be set to 1 for encryption and zero for
+decryption.
+.PP
+When reading from an encryption \s-1BIO\s0 the final block is automatically
+decrypted and checked when \s-1EOF\s0 is detected. \fIBIO_get_cipher_status()\fR
+is a \fIBIO_ctrl()\fR macro which can be called to determine whether the
+decryption operation was successful.
+.PP
+\&\fIBIO_get_cipher_ctx()\fR is a \fIBIO_ctrl()\fR macro which retrieves the internal
+\&\s-1BIO\s0 cipher context. The retrieved context can be used in conjunction
+with the standard cipher routines to set it up. This is useful when
+\&\fIBIO_set_cipher()\fR is not flexible enough for the applications needs.
+.SH "NOTES"
+.IX Header "NOTES"
+When encrypting \fIBIO_flush()\fR \fBmust\fR be called to flush the final block
+through the \s-1BIO\s0. If it is not then the final block will fail a subsequent
+decrypt.
+.PP
+When decrypting an error on the final block is signalled by a zero
+return value from the read operation. A successful decrypt followed
+by \s-1EOF\s0 will also return zero for the final read. \fIBIO_get_cipher_status()\fR
+should be called to determine if the decrypt was successful.
+.PP
+As always, if \fIBIO_gets()\fR or \fIBIO_puts()\fR support is needed then it can
+be achieved by preceding the cipher \s-1BIO\s0 with a buffering \s-1BIO\s0.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+\&\fIBIO_f_cipher()\fR returns the cipher \s-1BIO\s0 method.
+.PP
+\&\fIBIO_set_cipher()\fR does not return a value.
+.PP
+\&\fIBIO_get_cipher_status()\fR returns 1 for a successful decrypt and 0
+for failure.
+.PP
+\&\fIBIO_get_cipher_ctx()\fR currently always returns 1.
+.SH "EXAMPLES"
+.IX Header "EXAMPLES"
+\&\s-1TBA\s0
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\s-1TBA\s0
diff --git a/secure/lib/libcrypto/man/BIO_f_md.3 b/secure/lib/libcrypto/man/BIO_f_md.3
new file mode 100644
index 0000000..0f44132
--- /dev/null
+++ b/secure/lib/libcrypto/man/BIO_f_md.3
@@ -0,0 +1,267 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "BIO_f_md 3"
+.TH BIO_f_md 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+BIO_f_md, BIO_set_md, BIO_get_md, BIO_get_md_ctx \- message digest BIO filter
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 2
+\& #include <openssl/bio.h>
+\& #include <openssl/evp.h>
+\&
+\& BIO_METHOD * BIO_f_md(void);
+\& int BIO_set_md(BIO *b,EVP_MD *md);
+\& int BIO_get_md(BIO *b,EVP_MD **mdp);
+\& int BIO_get_md_ctx(BIO *b,EVP_MD_CTX **mdcp);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\fIBIO_f_md()\fR returns the message digest \s-1BIO\s0 method. This is a filter
+\&\s-1BIO\s0 that digests any data passed through it, it is a \s-1BIO\s0 wrapper
+for the digest routines \fIEVP_DigestInit()\fR, \fIEVP_DigestUpdate()\fR
+and \fIEVP_DigestFinal()\fR.
+.PP
+Any data written or read through a digest \s-1BIO\s0 using \fIBIO_read()\fR and
+\&\fIBIO_write()\fR is digested.
+.PP
+\&\fIBIO_gets()\fR, if its \fBsize\fR parameter is large enough finishes the
+digest calculation and returns the digest value. \fIBIO_puts()\fR is
+not supported.
+.PP
+\&\fIBIO_reset()\fR reinitialises a digest \s-1BIO\s0.
+.PP
+\&\fIBIO_set_md()\fR sets the message digest of \s-1BIO\s0 \fBb\fR to \fBmd\fR: this
+must be called to initialize a digest \s-1BIO\s0 before any data is
+passed through it. It is a \fIBIO_ctrl()\fR macro.
+.PP
+\&\fIBIO_get_md()\fR places the a pointer to the digest BIOs digest method
+in \fBmdp\fR, it is a \fIBIO_ctrl()\fR macro.
+.PP
+\&\fIBIO_get_md_ctx()\fR returns the digest BIOs context into \fBmdcp\fR.
+.SH "NOTES"
+.IX Header "NOTES"
+The context returned by \fIBIO_get_md_ctx()\fR can be used in calls
+to \fIEVP_DigestFinal()\fR and also the signature routines \fIEVP_SignFinal()\fR
+and \fIEVP_VerifyFinal()\fR.
+.PP
+The context returned by \fIBIO_get_md_ctx()\fR is an internal context
+structure. Changes made to this context will affect the digest
+\&\s-1BIO\s0 itself and the context pointer will become invalid when the digest
+\&\s-1BIO\s0 is freed.
+.PP
+After the digest has been retrieved from a digest \s-1BIO\s0 it must be
+reinitialized by calling \fIBIO_reset()\fR, or \fIBIO_set_md()\fR before any more
+data is passed through it.
+.PP
+If an application needs to call \fIBIO_gets()\fR or \fIBIO_puts()\fR through
+a chain containing digest BIOs then this can be done by prepending
+a buffering \s-1BIO\s0.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+\&\fIBIO_f_md()\fR returns the digest \s-1BIO\s0 method.
+.PP
+\&\fIBIO_set_md()\fR, \fIBIO_get_md()\fR and \fIBIO_md_ctx()\fR return 1 for success and
+0 for failure.
+.SH "EXAMPLES"
+.IX Header "EXAMPLES"
+The following example creates a \s-1BIO\s0 chain containing an \s-1SHA1\s0 and \s-1MD5\s0
+digest \s-1BIO\s0 and passes the string \*(L"Hello World\*(R" through it. Error
+checking has been omitted for clarity.
+.PP
+.Vb 10
+\& BIO *bio, *mdtmp;
+\& char message[] = "Hello World";
+\& bio = BIO_new(BIO_s_null());
+\& mdtmp = BIO_new(BIO_f_md());
+\& BIO_set_md(mdtmp, EVP_sha1());
+\& /* For BIO_push() we want to append the sink BIO and keep a note of
+\& * the start of the chain.
+\& */
+\& bio = BIO_push(mdtmp, bio);
+\& mdtmp = BIO_new(BIO_f_md());
+\& BIO_set_md(mdtmp, EVP_md5());
+\& bio = BIO_push(mdtmp, bio);
+\& /* Note: mdtmp can now be discarded */
+\& BIO_write(bio, message, strlen(message));
+.Ve
+.PP
+The next example digests data by reading through a chain instead:
+.PP
+.Vb 10
+\& BIO *bio, *mdtmp;
+\& char buf[1024];
+\& int rdlen;
+\& bio = BIO_new_file(file, "rb");
+\& mdtmp = BIO_new(BIO_f_md());
+\& BIO_set_md(mdtmp, EVP_sha1());
+\& bio = BIO_push(mdtmp, bio);
+\& mdtmp = BIO_new(BIO_f_md());
+\& BIO_set_md(mdtmp, EVP_md5());
+\& bio = BIO_push(mdtmp, bio);
+\& do {
+\& rdlen = BIO_read(bio, buf, sizeof(buf));
+\& /* Might want to do something with the data here */
+\& } while(rdlen > 0);
+.Ve
+.PP
+This next example retrieves the message digests from a \s-1BIO\s0 chain and
+outputs them. This could be used with the examples above.
+.PP
+.Vb 10
+\& BIO *mdtmp;
+\& unsigned char mdbuf[EVP_MAX_MD_SIZE];
+\& int mdlen;
+\& int i;
+\& mdtmp = bio; /* Assume bio has previously been set up */
+\& do {
+\& EVP_MD *md;
+\& mdtmp = BIO_find_type(mdtmp, BIO_TYPE_MD);
+\& if(!mdtmp) break;
+\& BIO_get_md(mdtmp, &md);
+\& printf("%s digest", OBJ_nid2sn(EVP_MD_type(md)));
+\& mdlen = BIO_gets(mdtmp, mdbuf, EVP_MAX_MD_SIZE);
+\& for(i = 0; i < mdlen; i++) printf(":%02X", mdbuf[i]);
+\& printf("\en");
+\& mdtmp = BIO_next(mdtmp);
+\& } while(mdtmp);
+\&
+\& BIO_free_all(bio);
+.Ve
+.SH "BUGS"
+.IX Header "BUGS"
+The lack of support for \fIBIO_puts()\fR and the non standard behaviour of
+\&\fIBIO_gets()\fR could be regarded as anomalous. It could be argued that \fIBIO_gets()\fR
+and \fIBIO_puts()\fR should be passed to the next \s-1BIO\s0 in the chain and digest
+the data passed through and that digests should be retrieved using a
+separate \fIBIO_ctrl()\fR call.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\s-1TBA\s0
diff --git a/secure/lib/libcrypto/man/BIO_f_null.3 b/secure/lib/libcrypto/man/BIO_f_null.3
new file mode 100644
index 0000000..06f6cc7
--- /dev/null
+++ b/secure/lib/libcrypto/man/BIO_f_null.3
@@ -0,0 +1,157 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "BIO_f_null 3"
+.TH BIO_f_null 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+BIO_f_null \- null filter
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/bio.h>
+\&
+\& BIO_METHOD * BIO_f_null(void);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\fIBIO_f_null()\fR returns the null filter \s-1BIO\s0 method. This is a filter \s-1BIO\s0
+that does nothing.
+.PP
+All requests to a null filter \s-1BIO\s0 are passed through to the next \s-1BIO\s0 in
+the chain: this means that a \s-1BIO\s0 chain containing a null filter \s-1BIO\s0
+behaves just as though the \s-1BIO\s0 was not there.
+.SH "NOTES"
+.IX Header "NOTES"
+As may be apparent a null filter \s-1BIO\s0 is not particularly useful.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+\&\fIBIO_f_null()\fR returns the null filter \s-1BIO\s0 method.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\s-1TBA\s0
diff --git a/secure/lib/libcrypto/man/BIO_f_ssl.3 b/secure/lib/libcrypto/man/BIO_f_ssl.3
new file mode 100644
index 0000000..8e95630
--- /dev/null
+++ b/secure/lib/libcrypto/man/BIO_f_ssl.3
@@ -0,0 +1,441 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "BIO_f_ssl 3"
+.TH BIO_f_ssl 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+BIO_f_ssl, BIO_set_ssl, BIO_get_ssl, BIO_set_ssl_mode, BIO_set_ssl_renegotiate_bytes,
+BIO_get_num_renegotiates, BIO_set_ssl_renegotiate_timeout, BIO_new_ssl,
+BIO_new_ssl_connect, BIO_new_buffer_ssl_connect, BIO_ssl_copy_session_id,
+BIO_ssl_shutdown \- SSL BIO
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 2
+\& #include <openssl/bio.h>
+\& #include <openssl/ssl.h>
+\&
+\& BIO_METHOD *BIO_f_ssl(void);
+\&
+\& #define BIO_set_ssl(b,ssl,c) BIO_ctrl(b,BIO_C_SET_SSL,c,(char *)ssl)
+\& #define BIO_get_ssl(b,sslp) BIO_ctrl(b,BIO_C_GET_SSL,0,(char *)sslp)
+\& #define BIO_set_ssl_mode(b,client) BIO_ctrl(b,BIO_C_SSL_MODE,client,NULL)
+\& #define BIO_set_ssl_renegotiate_bytes(b,num) \e
+\& BIO_ctrl(b,BIO_C_SET_SSL_RENEGOTIATE_BYTES,num,NULL);
+\& #define BIO_set_ssl_renegotiate_timeout(b,seconds) \e
+\& BIO_ctrl(b,BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT,seconds,NULL);
+\& #define BIO_get_num_renegotiates(b) \e
+\& BIO_ctrl(b,BIO_C_SET_SSL_NUM_RENEGOTIATES,0,NULL);
+\&
+\& BIO *BIO_new_ssl(SSL_CTX *ctx,int client);
+\& BIO *BIO_new_ssl_connect(SSL_CTX *ctx);
+\& BIO *BIO_new_buffer_ssl_connect(SSL_CTX *ctx);
+\& int BIO_ssl_copy_session_id(BIO *to,BIO *from);
+\& void BIO_ssl_shutdown(BIO *bio);
+\&
+\& #define BIO_do_handshake(b) BIO_ctrl(b,BIO_C_DO_STATE_MACHINE,0,NULL)
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\fIBIO_f_ssl()\fR returns the \s-1SSL\s0 \s-1BIO\s0 method. This is a filter \s-1BIO\s0 which
+is a wrapper round the OpenSSL \s-1SSL\s0 routines adding a \s-1BIO\s0 \*(L"flavour\*(R" to
+\&\s-1SSL\s0 I/O.
+.PP
+I/O performed on an \s-1SSL\s0 \s-1BIO\s0 communicates using the \s-1SSL\s0 protocol with
+the SSLs read and write BIOs. If an \s-1SSL\s0 connection is not established
+then an attempt is made to establish one on the first I/O call.
+.PP
+If a \s-1BIO\s0 is appended to an \s-1SSL\s0 \s-1BIO\s0 using \fIBIO_push()\fR it is automatically
+used as the \s-1SSL\s0 BIOs read and write BIOs.
+.PP
+Calling \fIBIO_reset()\fR on an \s-1SSL\s0 \s-1BIO\s0 closes down any current \s-1SSL\s0 connection
+by calling \fISSL_shutdown()\fR. \fIBIO_reset()\fR is then sent to the next \s-1BIO\s0 in
+the chain: this will typically disconnect the underlying transport.
+The \s-1SSL\s0 \s-1BIO\s0 is then reset to the initial accept or connect state.
+.PP
+If the close flag is set when an \s-1SSL\s0 \s-1BIO\s0 is freed then the internal
+\&\s-1SSL\s0 structure is also freed using \fISSL_free()\fR.
+.PP
+\&\fIBIO_set_ssl()\fR sets the internal \s-1SSL\s0 pointer of \s-1BIO\s0 \fBb\fR to \fBssl\fR using
+the close flag \fBc\fR.
+.PP
+\&\fIBIO_get_ssl()\fR retrieves the \s-1SSL\s0 pointer of \s-1BIO\s0 \fBb\fR, it can then be
+manipulated using the standard \s-1SSL\s0 library functions.
+.PP
+\&\fIBIO_set_ssl_mode()\fR sets the \s-1SSL\s0 \s-1BIO\s0 mode to \fBclient\fR. If \fBclient\fR
+is 1 client mode is set. If \fBclient\fR is 0 server mode is set.
+.PP
+\&\fIBIO_set_ssl_renegotiate_bytes()\fR sets the renegotiate byte count
+to \fBnum\fR. When set after every \fBnum\fR bytes of I/O (read and write)
+the \s-1SSL\s0 session is automatically renegotiated. \fBnum\fR must be at
+least 512 bytes.
+.PP
+\&\fIBIO_set_ssl_renegotiate_timeout()\fR sets the renegotiate timeout to
+\&\fBseconds\fR. When the renegotiate timeout elapses the session is
+automatically renegotiated.
+.PP
+\&\fIBIO_get_num_renegotiates()\fR returns the total number of session
+renegotiations due to I/O or timeout.
+.PP
+\&\fIBIO_new_ssl()\fR allocates an \s-1SSL\s0 \s-1BIO\s0 using \s-1SSL_CTX\s0 \fBctx\fR and using
+client mode if \fBclient\fR is non zero.
+.PP
+\&\fIBIO_new_ssl_connect()\fR creates a new \s-1BIO\s0 chain consisting of an
+\&\s-1SSL\s0 \s-1BIO\s0 (using \fBctx\fR) followed by a connect \s-1BIO\s0.
+.PP
+\&\fIBIO_new_buffer_ssl_connect()\fR creates a new \s-1BIO\s0 chain consisting
+of a buffering \s-1BIO\s0, an \s-1SSL\s0 \s-1BIO\s0 (using \fBctx\fR) and a connect
+\&\s-1BIO\s0.
+.PP
+\&\fIBIO_ssl_copy_session_id()\fR copies an \s-1SSL\s0 session id between
+\&\s-1BIO\s0 chains \fBfrom\fR and \fBto\fR. It does this by locating the
+\&\s-1SSL\s0 BIOs in each chain and calling \fISSL_copy_session_id()\fR on
+the internal \s-1SSL\s0 pointer.
+.PP
+\&\fIBIO_ssl_shutdown()\fR closes down an \s-1SSL\s0 connection on \s-1BIO\s0
+chain \fBbio\fR. It does this by locating the \s-1SSL\s0 \s-1BIO\s0 in the
+chain and calling \fISSL_shutdown()\fR on its internal \s-1SSL\s0
+pointer.
+.PP
+\&\fIBIO_do_handshake()\fR attempts to complete an \s-1SSL\s0 handshake on the
+supplied \s-1BIO\s0 and establish the \s-1SSL\s0 connection. It returns 1
+if the connection was established successfully. A zero or negative
+value is returned if the connection could not be established, the
+call \fIBIO_should_retry()\fR should be used for non blocking connect BIOs
+to determine if the call should be retried. If an \s-1SSL\s0 connection has
+already been established this call has no effect.
+.SH "NOTES"
+.IX Header "NOTES"
+\&\s-1SSL\s0 BIOs are exceptional in that if the underlying transport
+is non blocking they can still request a retry in exceptional
+circumstances. Specifically this will happen if a session
+renegotiation takes place during a \fIBIO_read()\fR operation, one
+case where this happens is when \s-1SGC\s0 or step up occurs.
+.PP
+In OpenSSL 0.9.6 and later the \s-1SSL\s0 flag \s-1SSL_AUTO_RETRY\s0 can be
+set to disable this behaviour. That is when this flag is set
+an \s-1SSL\s0 \s-1BIO\s0 using a blocking transport will never request a
+retry.
+.PP
+Since unknown \fIBIO_ctrl()\fR operations are sent through filter
+BIOs the servers name and port can be set using \fIBIO_set_host()\fR
+on the \s-1BIO\s0 returned by \fIBIO_new_ssl_connect()\fR without having
+to locate the connect \s-1BIO\s0 first.
+.PP
+Applications do not have to call \fIBIO_do_handshake()\fR but may wish
+to do so to separate the handshake process from other I/O
+processing.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+\&\s-1TBA\s0
+.SH "EXAMPLE"
+.IX Header "EXAMPLE"
+This \s-1SSL/TLS\s0 client example, attempts to retrieve a page from an
+\&\s-1SSL/TLS\s0 web server. The I/O routines are identical to those of the
+unencrypted example in \fIBIO_s_connect\fR\|(3).
+.PP
+.Vb 5
+\& BIO *sbio, *out;
+\& int len;
+\& char tmpbuf[1024];
+\& SSL_CTX *ctx;
+\& SSL *ssl;
+\&
+\& ERR_load_crypto_strings();
+\& ERR_load_SSL_strings();
+\& OpenSSL_add_all_algorithms();
+\&
+\& /* We would seed the PRNG here if the platform didn\*(Aqt
+\& * do it automatically
+\& */
+\&
+\& ctx = SSL_CTX_new(SSLv23_client_method());
+\&
+\& /* We\*(Aqd normally set some stuff like the verify paths and
+\& * mode here because as things stand this will connect to
+\& * any server whose certificate is signed by any CA.
+\& */
+\&
+\& sbio = BIO_new_ssl_connect(ctx);
+\&
+\& BIO_get_ssl(sbio, &ssl);
+\&
+\& if(!ssl) {
+\& fprintf(stderr, "Can\*(Aqt locate SSL pointer\en");
+\& /* whatever ... */
+\& }
+\&
+\& /* Don\*(Aqt want any retries */
+\& SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY);
+\&
+\& /* We might want to do other things with ssl here */
+\&
+\& BIO_set_conn_hostname(sbio, "localhost:https");
+\&
+\& out = BIO_new_fp(stdout, BIO_NOCLOSE);
+\& if(BIO_do_connect(sbio) <= 0) {
+\& fprintf(stderr, "Error connecting to server\en");
+\& ERR_print_errors_fp(stderr);
+\& /* whatever ... */
+\& }
+\&
+\& if(BIO_do_handshake(sbio) <= 0) {
+\& fprintf(stderr, "Error establishing SSL connection\en");
+\& ERR_print_errors_fp(stderr);
+\& /* whatever ... */
+\& }
+\&
+\& /* Could examine ssl here to get connection info */
+\&
+\& BIO_puts(sbio, "GET / HTTP/1.0\en\en");
+\& for(;;) {
+\& len = BIO_read(sbio, tmpbuf, 1024);
+\& if(len <= 0) break;
+\& BIO_write(out, tmpbuf, len);
+\& }
+\& BIO_free_all(sbio);
+\& BIO_free(out);
+.Ve
+.PP
+Here is a simple server example. It makes use of a buffering
+\&\s-1BIO\s0 to allow lines to be read from the \s-1SSL\s0 \s-1BIO\s0 using BIO_gets.
+It creates a pseudo web page containing the actual request from
+a client and also echoes the request to standard output.
+.PP
+.Vb 5
+\& BIO *sbio, *bbio, *acpt, *out;
+\& int len;
+\& char tmpbuf[1024];
+\& SSL_CTX *ctx;
+\& SSL *ssl;
+\&
+\& ERR_load_crypto_strings();
+\& ERR_load_SSL_strings();
+\& OpenSSL_add_all_algorithms();
+\&
+\& /* Might seed PRNG here */
+\&
+\& ctx = SSL_CTX_new(SSLv23_server_method());
+\&
+\& if (!SSL_CTX_use_certificate_file(ctx,"server.pem",SSL_FILETYPE_PEM)
+\& || !SSL_CTX_use_PrivateKey_file(ctx,"server.pem",SSL_FILETYPE_PEM)
+\& || !SSL_CTX_check_private_key(ctx)) {
+\&
+\& fprintf(stderr, "Error setting up SSL_CTX\en");
+\& ERR_print_errors_fp(stderr);
+\& return 0;
+\& }
+\&
+\& /* Might do other things here like setting verify locations and
+\& * DH and/or RSA temporary key callbacks
+\& */
+\&
+\& /* New SSL BIO setup as server */
+\& sbio=BIO_new_ssl(ctx,0);
+\&
+\& BIO_get_ssl(sbio, &ssl);
+\&
+\& if(!ssl) {
+\& fprintf(stderr, "Can\*(Aqt locate SSL pointer\en");
+\& /* whatever ... */
+\& }
+\&
+\& /* Don\*(Aqt want any retries */
+\& SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY);
+\&
+\& /* Create the buffering BIO */
+\&
+\& bbio = BIO_new(BIO_f_buffer());
+\&
+\& /* Add to chain */
+\& sbio = BIO_push(bbio, sbio);
+\&
+\& acpt=BIO_new_accept("4433");
+\&
+\& /* By doing this when a new connection is established
+\& * we automatically have sbio inserted into it. The
+\& * BIO chain is now \*(Aqswallowed\*(Aq by the accept BIO and
+\& * will be freed when the accept BIO is freed.
+\& */
+\&
+\& BIO_set_accept_bios(acpt,sbio);
+\&
+\& out = BIO_new_fp(stdout, BIO_NOCLOSE);
+\&
+\& /* Setup accept BIO */
+\& if(BIO_do_accept(acpt) <= 0) {
+\& fprintf(stderr, "Error setting up accept BIO\en");
+\& ERR_print_errors_fp(stderr);
+\& return 0;
+\& }
+\&
+\& /* Now wait for incoming connection */
+\& if(BIO_do_accept(acpt) <= 0) {
+\& fprintf(stderr, "Error in connection\en");
+\& ERR_print_errors_fp(stderr);
+\& return 0;
+\& }
+\&
+\& /* We only want one connection so remove and free
+\& * accept BIO
+\& */
+\&
+\& sbio = BIO_pop(acpt);
+\&
+\& BIO_free_all(acpt);
+\&
+\& if(BIO_do_handshake(sbio) <= 0) {
+\& fprintf(stderr, "Error in SSL handshake\en");
+\& ERR_print_errors_fp(stderr);
+\& return 0;
+\& }
+\&
+\& BIO_puts(sbio, "HTTP/1.0 200 OK\er\enContent\-type: text/plain\er\en\er\en");
+\& BIO_puts(sbio, "\er\enConnection Established\er\enRequest headers:\er\en");
+\& BIO_puts(sbio, "\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\er\en");
+\&
+\& for(;;) {
+\& len = BIO_gets(sbio, tmpbuf, 1024);
+\& if(len <= 0) break;
+\& BIO_write(sbio, tmpbuf, len);
+\& BIO_write(out, tmpbuf, len);
+\& /* Look for blank line signifying end of headers*/
+\& if((tmpbuf[0] == \*(Aq\er\*(Aq) || (tmpbuf[0] == \*(Aq\en\*(Aq)) break;
+\& }
+\&
+\& BIO_puts(sbio, "\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\er\en");
+\& BIO_puts(sbio, "\er\en");
+\&
+\& /* Since there is a buffering BIO present we had better flush it */
+\& BIO_flush(sbio);
+\&
+\& BIO_free_all(sbio);
+.Ve
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\s-1TBA\s0
diff --git a/secure/lib/libcrypto/man/BIO_find_type.3 b/secure/lib/libcrypto/man/BIO_find_type.3
new file mode 100644
index 0000000..ff8eb3a
--- /dev/null
+++ b/secure/lib/libcrypto/man/BIO_find_type.3
@@ -0,0 +1,224 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "BIO_find_type 3"
+.TH BIO_find_type 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+BIO_find_type, BIO_next \- BIO chain traversal
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/bio.h>
+\&
+\& BIO * BIO_find_type(BIO *b,int bio_type);
+\& BIO * BIO_next(BIO *b);
+\&
+\& #define BIO_method_type(b) ((b)\->method\->type)
+\&
+\& #define BIO_TYPE_NONE 0
+\& #define BIO_TYPE_MEM (1|0x0400)
+\& #define BIO_TYPE_FILE (2|0x0400)
+\&
+\& #define BIO_TYPE_FD (4|0x0400|0x0100)
+\& #define BIO_TYPE_SOCKET (5|0x0400|0x0100)
+\& #define BIO_TYPE_NULL (6|0x0400)
+\& #define BIO_TYPE_SSL (7|0x0200)
+\& #define BIO_TYPE_MD (8|0x0200)
+\& #define BIO_TYPE_BUFFER (9|0x0200)
+\& #define BIO_TYPE_CIPHER (10|0x0200)
+\& #define BIO_TYPE_BASE64 (11|0x0200)
+\& #define BIO_TYPE_CONNECT (12|0x0400|0x0100)
+\& #define BIO_TYPE_ACCEPT (13|0x0400|0x0100)
+\& #define BIO_TYPE_PROXY_CLIENT (14|0x0200)
+\& #define BIO_TYPE_PROXY_SERVER (15|0x0200)
+\& #define BIO_TYPE_NBIO_TEST (16|0x0200)
+\& #define BIO_TYPE_NULL_FILTER (17|0x0200)
+\& #define BIO_TYPE_BER (18|0x0200)
+\& #define BIO_TYPE_BIO (19|0x0400)
+\&
+\& #define BIO_TYPE_DESCRIPTOR 0x0100
+\& #define BIO_TYPE_FILTER 0x0200
+\& #define BIO_TYPE_SOURCE_SINK 0x0400
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+The \fIBIO_find_type()\fR searches for a \s-1BIO\s0 of a given type in a chain, starting
+at \s-1BIO\s0 \fBb\fR. If \fBtype\fR is a specific type (such as \s-1BIO_TYPE_MEM\s0) then a search
+is made for a \s-1BIO\s0 of that type. If \fBtype\fR is a general type (such as
+\&\fB\s-1BIO_TYPE_SOURCE_SINK\s0\fR) then the next matching \s-1BIO\s0 of the given general type is
+searched for. \fIBIO_find_type()\fR returns the next matching \s-1BIO\s0 or \s-1NULL\s0 if none is
+found.
+.PP
+Note: not all the \fBBIO_TYPE_*\fR types above have corresponding \s-1BIO\s0 implementations.
+.PP
+\&\fIBIO_next()\fR returns the next \s-1BIO\s0 in a chain. It can be used to traverse all BIOs
+in a chain or used in conjunction with \fIBIO_find_type()\fR to find all BIOs of a
+certain type.
+.PP
+\&\fIBIO_method_type()\fR returns the type of a \s-1BIO\s0.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+\&\fIBIO_find_type()\fR returns a matching \s-1BIO\s0 or \s-1NULL\s0 for no match.
+.PP
+\&\fIBIO_next()\fR returns the next \s-1BIO\s0 in a chain.
+.PP
+\&\fIBIO_method_type()\fR returns the type of the \s-1BIO\s0 \fBb\fR.
+.SH "NOTES"
+.IX Header "NOTES"
+\&\fIBIO_next()\fR was added to OpenSSL 0.9.6 to provide a 'clean' way to traverse a \s-1BIO\s0
+chain or find multiple matches using \fIBIO_find_type()\fR. Previous versions had to
+use:
+.PP
+.Vb 1
+\& next = bio\->next_bio;
+.Ve
+.SH "BUGS"
+.IX Header "BUGS"
+\&\fIBIO_find_type()\fR in OpenSSL 0.9.5a and earlier could not be safely passed a
+\&\s-1NULL\s0 pointer for the \fBb\fR argument.
+.SH "EXAMPLE"
+.IX Header "EXAMPLE"
+Traverse a chain looking for digest BIOs:
+.PP
+.Vb 2
+\& BIO *btmp;
+\& btmp = in_bio; /* in_bio is chain to search through */
+\&
+\& do {
+\& btmp = BIO_find_type(btmp, BIO_TYPE_MD);
+\& if(btmp == NULL) break; /* Not found */
+\& /* btmp is a digest BIO, do something with it ...*/
+\& ...
+\&
+\& btmp = BIO_next(btmp);
+\& } while(btmp);
+.Ve
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\s-1TBA\s0
diff --git a/secure/lib/libcrypto/man/BIO_new.3 b/secure/lib/libcrypto/man/BIO_new.3
new file mode 100644
index 0000000..3457bae
--- /dev/null
+++ b/secure/lib/libcrypto/man/BIO_new.3
@@ -0,0 +1,191 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "BIO_new 3"
+.TH BIO_new 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+BIO_new, BIO_set, BIO_free, BIO_vfree, BIO_free_all \- BIO allocation and freeing functions
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/bio.h>
+\&
+\& BIO * BIO_new(BIO_METHOD *type);
+\& int BIO_set(BIO *a,BIO_METHOD *type);
+\& int BIO_free(BIO *a);
+\& void BIO_vfree(BIO *a);
+\& void BIO_free_all(BIO *a);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+The \fIBIO_new()\fR function returns a new \s-1BIO\s0 using method \fBtype\fR.
+.PP
+\&\fIBIO_set()\fR sets the method of an already existing \s-1BIO\s0.
+.PP
+\&\fIBIO_free()\fR frees up a single \s-1BIO\s0, \fIBIO_vfree()\fR also frees up a single \s-1BIO\s0
+but it does not return a value. Calling \fIBIO_free()\fR may also have some effect
+on the underlying I/O structure, for example it may close the file being
+referred to under certain circumstances. For more details see the individual
+\&\s-1BIO_METHOD\s0 descriptions.
+.PP
+\&\fIBIO_free_all()\fR frees up an entire \s-1BIO\s0 chain, it does not halt if an error
+occurs freeing up an individual \s-1BIO\s0 in the chain.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+\&\fIBIO_new()\fR returns a newly created \s-1BIO\s0 or \s-1NULL\s0 if the call fails.
+.PP
+\&\fIBIO_set()\fR, \fIBIO_free()\fR return 1 for success and 0 for failure.
+.PP
+\&\fIBIO_free_all()\fR and \fIBIO_vfree()\fR do not return values.
+.SH "NOTES"
+.IX Header "NOTES"
+Some BIOs (such as memory BIOs) can be used immediately after calling
+\&\fIBIO_new()\fR. Others (such as file BIOs) need some additional initialization,
+and frequently a utility function exists to create and initialize such BIOs.
+.PP
+If \fIBIO_free()\fR is called on a \s-1BIO\s0 chain it will only free one \s-1BIO\s0 resulting
+in a memory leak.
+.PP
+Calling \fIBIO_free_all()\fR a single \s-1BIO\s0 has the same effect as calling \fIBIO_free()\fR
+on it other than the discarded return value.
+.PP
+Normally the \fBtype\fR argument is supplied by a function which returns a
+pointer to a \s-1BIO_METHOD\s0. There is a naming convention for such functions:
+a source/sink \s-1BIO\s0 is normally called BIO_s_*() and a filter \s-1BIO\s0
+BIO_f_*();
+.SH "EXAMPLE"
+.IX Header "EXAMPLE"
+Create a memory \s-1BIO:\s0
+.PP
+.Vb 1
+\& BIO *mem = BIO_new(BIO_s_mem());
+.Ve
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\s-1TBA\s0
diff --git a/secure/lib/libcrypto/man/BIO_push.3 b/secure/lib/libcrypto/man/BIO_push.3
new file mode 100644
index 0000000..9d43372
--- /dev/null
+++ b/secure/lib/libcrypto/man/BIO_push.3
@@ -0,0 +1,199 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "BIO_push 3"
+.TH BIO_push 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+BIO_push, BIO_pop \- add and remove BIOs from a chain.
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/bio.h>
+\&
+\& BIO * BIO_push(BIO *b,BIO *append);
+\& BIO * BIO_pop(BIO *b);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+The \fIBIO_push()\fR function appends the \s-1BIO\s0 \fBappend\fR to \fBb\fR, it returns
+\&\fBb\fR.
+.PP
+\&\fIBIO_pop()\fR removes the \s-1BIO\s0 \fBb\fR from a chain and returns the next \s-1BIO\s0
+in the chain, or \s-1NULL\s0 if there is no next \s-1BIO\s0. The removed \s-1BIO\s0 then
+becomes a single \s-1BIO\s0 with no association with the original chain,
+it can thus be freed or attached to a different chain.
+.SH "NOTES"
+.IX Header "NOTES"
+The names of these functions are perhaps a little misleading. \fIBIO_push()\fR
+joins two \s-1BIO\s0 chains whereas \fIBIO_pop()\fR deletes a single \s-1BIO\s0 from a chain,
+the deleted \s-1BIO\s0 does not need to be at the end of a chain.
+.PP
+The process of calling \fIBIO_push()\fR and \fIBIO_pop()\fR on a \s-1BIO\s0 may have additional
+consequences (a control call is made to the affected BIOs) any effects will
+be noted in the descriptions of individual BIOs.
+.SH "EXAMPLES"
+.IX Header "EXAMPLES"
+For these examples suppose \fBmd1\fR and \fBmd2\fR are digest BIOs, \fBb64\fR is
+a base64 \s-1BIO\s0 and \fBf\fR is a file \s-1BIO\s0.
+.PP
+If the call:
+.PP
+.Vb 1
+\& BIO_push(b64, f);
+.Ve
+.PP
+is made then the new chain will be \fBb64\-chain\fR. After making the calls
+.PP
+.Vb 2
+\& BIO_push(md2, b64);
+\& BIO_push(md1, md2);
+.Ve
+.PP
+the new chain is \fBmd1\-md2\-b64\-f\fR. Data written to \fBmd1\fR will be digested
+by \fBmd1\fR and \fBmd2\fR, \fBbase64\fR encoded and written to \fBf\fR.
+.PP
+It should be noted that reading causes data to pass in the reverse
+direction, that is data is read from \fBf\fR, base64 \fBdecoded\fR and digested
+by \fBmd1\fR and \fBmd2\fR. If the call:
+.PP
+.Vb 1
+\& BIO_pop(md2);
+.Ve
+.PP
+The call will return \fBb64\fR and the new chain will be \fBmd1\-b64\-f\fR data can
+be written to \fBmd1\fR as before.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+\&\fIBIO_push()\fR returns the end of the chain, \fBb\fR.
+.PP
+\&\fIBIO_pop()\fR returns the next \s-1BIO\s0 in the chain, or \s-1NULL\s0 if there is no next
+\&\s-1BIO\s0.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\s-1TBA\s0
diff --git a/secure/lib/libcrypto/man/BIO_read.3 b/secure/lib/libcrypto/man/BIO_read.3
new file mode 100644
index 0000000..d2d585a
--- /dev/null
+++ b/secure/lib/libcrypto/man/BIO_read.3
@@ -0,0 +1,191 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "BIO_read 3"
+.TH BIO_read 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+BIO_read, BIO_write, BIO_gets, BIO_puts \- BIO I/O functions
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/bio.h>
+\&
+\& int BIO_read(BIO *b, void *buf, int len);
+\& int BIO_gets(BIO *b,char *buf, int size);
+\& int BIO_write(BIO *b, const void *buf, int len);
+\& int BIO_puts(BIO *b,const char *buf);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\fIBIO_read()\fR attempts to read \fBlen\fR bytes from \s-1BIO\s0 \fBb\fR and places
+the data in \fBbuf\fR.
+.PP
+\&\fIBIO_gets()\fR performs the BIOs \*(L"gets\*(R" operation and places the data
+in \fBbuf\fR. Usually this operation will attempt to read a line of data
+from the \s-1BIO\s0 of maximum length \fBlen\fR. There are exceptions to this
+however, for example \fIBIO_gets()\fR on a digest \s-1BIO\s0 will calculate and
+return the digest and other BIOs may not support \fIBIO_gets()\fR at all.
+.PP
+\&\fIBIO_write()\fR attempts to write \fBlen\fR bytes from \fBbuf\fR to \s-1BIO\s0 \fBb\fR.
+.PP
+\&\fIBIO_puts()\fR attempts to write a null terminated string \fBbuf\fR to \s-1BIO\s0 \fBb\fR
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+All these functions return either the amount of data successfully read or
+written (if the return value is positive) or that no data was successfully
+read or written if the result is 0 or \-1. If the return value is \-2 then
+the operation is not implemented in the specific \s-1BIO\s0 type.
+.SH "NOTES"
+.IX Header "NOTES"
+A 0 or \-1 return is not necessarily an indication of an error. In
+particular when the source/sink is non-blocking or of a certain type
+it may merely be an indication that no data is currently available and that
+the application should retry the operation later.
+.PP
+One technique sometimes used with blocking sockets is to use a system call
+(such as \fIselect()\fR, \fIpoll()\fR or equivalent) to determine when data is available
+and then call \fIread()\fR to read the data. The equivalent with BIOs (that is call
+\&\fIselect()\fR on the underlying I/O structure and then call \fIBIO_read()\fR to
+read the data) should \fBnot\fR be used because a single call to \fIBIO_read()\fR
+can cause several reads (and writes in the case of \s-1SSL\s0 BIOs) on the underlying
+I/O structure and may block as a result. Instead \fIselect()\fR (or equivalent)
+should be combined with non blocking I/O so successive reads will request
+a retry instead of blocking.
+.PP
+See \fIBIO_should_retry\fR\|(3) for details of how to
+determine the cause of a retry and other I/O issues.
+.PP
+If the \fIBIO_gets()\fR function is not supported by a \s-1BIO\s0 then it possible to
+work around this by adding a buffering \s-1BIO\s0 \fIBIO_f_buffer\fR\|(3)
+to the chain.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIBIO_should_retry\fR\|(3)
+.PP
+\&\s-1TBA\s0
diff --git a/secure/lib/libcrypto/man/BIO_s_accept.3 b/secure/lib/libcrypto/man/BIO_s_accept.3
new file mode 100644
index 0000000..17426b7
--- /dev/null
+++ b/secure/lib/libcrypto/man/BIO_s_accept.3
@@ -0,0 +1,323 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "BIO_s_accept 3"
+.TH BIO_s_accept 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+BIO_s_accept, BIO_set_accept_port, BIO_get_accept_port,
+BIO_set_nbio_accept, BIO_set_accept_bios, BIO_set_bind_mode,
+BIO_get_bind_mode, BIO_do_accept \- accept BIO
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/bio.h>
+\&
+\& BIO_METHOD *BIO_s_accept(void);
+\&
+\& long BIO_set_accept_port(BIO *b, char *name);
+\& char *BIO_get_accept_port(BIO *b);
+\&
+\& BIO *BIO_new_accept(char *host_port);
+\&
+\& long BIO_set_nbio_accept(BIO *b, int n);
+\& long BIO_set_accept_bios(BIO *b, char *bio);
+\&
+\& long BIO_set_bind_mode(BIO *b, long mode);
+\& long BIO_get_bind_mode(BIO *b, long dummy);
+\&
+\& #define BIO_BIND_NORMAL 0
+\& #define BIO_BIND_REUSEADDR_IF_UNUSED 1
+\& #define BIO_BIND_REUSEADDR 2
+\&
+\& int BIO_do_accept(BIO *b);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\fIBIO_s_accept()\fR returns the accept \s-1BIO\s0 method. This is a wrapper
+round the platform's \s-1TCP/IP\s0 socket accept routines.
+.PP
+Using accept BIOs, \s-1TCP/IP\s0 connections can be accepted and data
+transferred using only \s-1BIO\s0 routines. In this way any platform
+specific operations are hidden by the \s-1BIO\s0 abstraction.
+.PP
+Read and write operations on an accept \s-1BIO\s0 will perform I/O
+on the underlying connection. If no connection is established
+and the port (see below) is set up properly then the \s-1BIO\s0
+waits for an incoming connection.
+.PP
+Accept BIOs support \fIBIO_puts()\fR but not \fIBIO_gets()\fR.
+.PP
+If the close flag is set on an accept \s-1BIO\s0 then any active
+connection on that chain is shutdown and the socket closed when
+the \s-1BIO\s0 is freed.
+.PP
+Calling \fIBIO_reset()\fR on a accept \s-1BIO\s0 will close any active
+connection and reset the \s-1BIO\s0 into a state where it awaits another
+incoming connection.
+.PP
+\&\fIBIO_get_fd()\fR and \fIBIO_set_fd()\fR can be called to retrieve or set
+the accept socket. See \fIBIO_s_fd\fR\|(3)
+.PP
+\&\fIBIO_set_accept_port()\fR uses the string \fBname\fR to set the accept
+port. The port is represented as a string of the form \*(L"host:port\*(R",
+where \*(L"host\*(R" is the interface to use and \*(L"port\*(R" is the port.
+Either or both values can be \*(L"*\*(R" which is interpreted as meaning
+any interface or port respectively. \*(L"port\*(R" has the same syntax
+as the port specified in \fIBIO_set_conn_port()\fR for connect BIOs,
+that is it can be a numerical port string or a string to lookup
+using \fIgetservbyname()\fR and a string table.
+.PP
+\&\fIBIO_new_accept()\fR combines \fIBIO_new()\fR and \fIBIO_set_accept_port()\fR into
+a single call: that is it creates a new accept \s-1BIO\s0 with port
+\&\fBhost_port\fR.
+.PP
+\&\fIBIO_set_nbio_accept()\fR sets the accept socket to blocking mode
+(the default) if \fBn\fR is 0 or non blocking mode if \fBn\fR is 1.
+.PP
+\&\fIBIO_set_accept_bios()\fR can be used to set a chain of BIOs which
+will be duplicated and prepended to the chain when an incoming
+connection is received. This is useful if, for example, a
+buffering or \s-1SSL\s0 \s-1BIO\s0 is required for each connection. The
+chain of BIOs must not be freed after this call, they will
+be automatically freed when the accept \s-1BIO\s0 is freed.
+.PP
+\&\fIBIO_set_bind_mode()\fR and \fIBIO_get_bind_mode()\fR set and retrieve
+the current bind mode. If \s-1BIO_BIND_NORMAL\s0 (the default) is set
+then another socket cannot be bound to the same port. If
+\&\s-1BIO_BIND_REUSEADDR\s0 is set then other sockets can bind to the
+same port. If \s-1BIO_BIND_REUSEADDR_IF_UNUSED\s0 is set then and
+attempt is first made to use \s-1BIO_BIN_NORMAL\s0, if this fails
+and the port is not in use then a second attempt is made
+using \s-1BIO_BIND_REUSEADDR\s0.
+.PP
+\&\fIBIO_do_accept()\fR serves two functions. When it is first
+called, after the accept \s-1BIO\s0 has been setup, it will attempt
+to create the accept socket and bind an address to it. Second
+and subsequent calls to \fIBIO_do_accept()\fR will await an incoming
+connection, or request a retry in non blocking mode.
+.SH "NOTES"
+.IX Header "NOTES"
+When an accept \s-1BIO\s0 is at the end of a chain it will await an
+incoming connection before processing I/O calls. When an accept
+\&\s-1BIO\s0 is not at then end of a chain it passes I/O calls to the next
+\&\s-1BIO\s0 in the chain.
+.PP
+When a connection is established a new socket \s-1BIO\s0 is created for
+the connection and appended to the chain. That is the chain is now
+accept\->socket. This effectively means that attempting I/O on
+an initial accept socket will await an incoming connection then
+perform I/O on it.
+.PP
+If any additional BIOs have been set using \fIBIO_set_accept_bios()\fR
+then they are placed between the socket and the accept \s-1BIO\s0,
+that is the chain will be accept\->otherbios\->socket.
+.PP
+If a server wishes to process multiple connections (as is normally
+the case) then the accept \s-1BIO\s0 must be made available for further
+incoming connections. This can be done by waiting for a connection and
+then calling:
+.PP
+.Vb 1
+\& connection = BIO_pop(accept);
+.Ve
+.PP
+After this call \fBconnection\fR will contain a \s-1BIO\s0 for the recently
+established connection and \fBaccept\fR will now be a single \s-1BIO\s0
+again which can be used to await further incoming connections.
+If no further connections will be accepted the \fBaccept\fR can
+be freed using \fIBIO_free()\fR.
+.PP
+If only a single connection will be processed it is possible to
+perform I/O using the accept \s-1BIO\s0 itself. This is often undesirable
+however because the accept \s-1BIO\s0 will still accept additional incoming
+connections. This can be resolved by using \fIBIO_pop()\fR (see above)
+and freeing up the accept \s-1BIO\s0 after the initial connection.
+.PP
+If the underlying accept socket is non-blocking and \fIBIO_do_accept()\fR is
+called to await an incoming connection it is possible for
+\&\fIBIO_should_io_special()\fR with the reason \s-1BIO_RR_ACCEPT\s0. If this happens
+then it is an indication that an accept attempt would block: the application
+should take appropriate action to wait until the underlying socket has
+accepted a connection and retry the call.
+.PP
+\&\fIBIO_set_accept_port()\fR, \fIBIO_get_accept_port()\fR, \fIBIO_set_nbio_accept()\fR,
+\&\fIBIO_set_accept_bios()\fR, \fIBIO_set_bind_mode()\fR, \fIBIO_get_bind_mode()\fR and
+\&\fIBIO_do_accept()\fR are macros.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+\&\s-1TBA\s0
+.SH "EXAMPLE"
+.IX Header "EXAMPLE"
+This example accepts two connections on port 4444, sends messages
+down each and finally closes both down.
+.PP
+.Vb 3
+\& BIO *abio, *cbio, *cbio2;
+\& ERR_load_crypto_strings();
+\& abio = BIO_new_accept("4444");
+\&
+\& /* First call to BIO_accept() sets up accept BIO */
+\& if(BIO_do_accept(abio) <= 0) {
+\& fprintf(stderr, "Error setting up accept\en");
+\& ERR_print_errors_fp(stderr);
+\& exit(0);
+\& }
+\&
+\& /* Wait for incoming connection */
+\& if(BIO_do_accept(abio) <= 0) {
+\& fprintf(stderr, "Error accepting connection\en");
+\& ERR_print_errors_fp(stderr);
+\& exit(0);
+\& }
+\& fprintf(stderr, "Connection 1 established\en");
+\& /* Retrieve BIO for connection */
+\& cbio = BIO_pop(abio);
+\& BIO_puts(cbio, "Connection 1: Sending out Data on initial connection\en");
+\& fprintf(stderr, "Sent out data on connection 1\en");
+\& /* Wait for another connection */
+\& if(BIO_do_accept(abio) <= 0) {
+\& fprintf(stderr, "Error accepting connection\en");
+\& ERR_print_errors_fp(stderr);
+\& exit(0);
+\& }
+\& fprintf(stderr, "Connection 2 established\en");
+\& /* Close accept BIO to refuse further connections */
+\& cbio2 = BIO_pop(abio);
+\& BIO_free(abio);
+\& BIO_puts(cbio2, "Connection 2: Sending out Data on second\en");
+\& fprintf(stderr, "Sent out data on connection 2\en");
+\&
+\& BIO_puts(cbio, "Connection 1: Second connection established\en");
+\& /* Close the two established connections */
+\& BIO_free(cbio);
+\& BIO_free(cbio2);
+.Ve
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\s-1TBA\s0
diff --git a/secure/lib/libcrypto/man/BIO_s_bio.3 b/secure/lib/libcrypto/man/BIO_s_bio.3
new file mode 100644
index 0000000..f4aa8a1
--- /dev/null
+++ b/secure/lib/libcrypto/man/BIO_s_bio.3
@@ -0,0 +1,305 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "BIO_s_bio 3"
+.TH BIO_s_bio 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+BIO_s_bio, BIO_make_bio_pair, BIO_destroy_bio_pair, BIO_shutdown_wr,
+BIO_set_write_buf_size, BIO_get_write_buf_size, BIO_new_bio_pair,
+BIO_get_write_guarantee, BIO_ctrl_get_write_guarantee, BIO_get_read_request,
+BIO_ctrl_get_read_request, BIO_ctrl_reset_read_request \- BIO pair BIO
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/bio.h>
+\&
+\& BIO_METHOD *BIO_s_bio(void);
+\&
+\& #define BIO_make_bio_pair(b1,b2) (int)BIO_ctrl(b1,BIO_C_MAKE_BIO_PAIR,0,b2)
+\& #define BIO_destroy_bio_pair(b) (int)BIO_ctrl(b,BIO_C_DESTROY_BIO_PAIR,0,NULL)
+\&
+\& #define BIO_shutdown_wr(b) (int)BIO_ctrl(b, BIO_C_SHUTDOWN_WR, 0, NULL)
+\&
+\& #define BIO_set_write_buf_size(b,size) (int)BIO_ctrl(b,BIO_C_SET_WRITE_BUF_SIZE,size,NULL)
+\& #define BIO_get_write_buf_size(b,size) (size_t)BIO_ctrl(b,BIO_C_GET_WRITE_BUF_SIZE,size,NULL)
+\&
+\& int BIO_new_bio_pair(BIO **bio1, size_t writebuf1, BIO **bio2, size_t writebuf2);
+\&
+\& #define BIO_get_write_guarantee(b) (int)BIO_ctrl(b,BIO_C_GET_WRITE_GUARANTEE,0,NULL)
+\& size_t BIO_ctrl_get_write_guarantee(BIO *b);
+\&
+\& #define BIO_get_read_request(b) (int)BIO_ctrl(b,BIO_C_GET_READ_REQUEST,0,NULL)
+\& size_t BIO_ctrl_get_read_request(BIO *b);
+\&
+\& int BIO_ctrl_reset_read_request(BIO *b);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\fIBIO_s_bio()\fR returns the method for a \s-1BIO\s0 pair. A \s-1BIO\s0 pair is a pair of source/sink
+BIOs where data written to either half of the pair is buffered and can be read from
+the other half. Both halves must usually by handled by the same application thread
+since no locking is done on the internal data structures.
+.PP
+Since \s-1BIO\s0 chains typically end in a source/sink \s-1BIO\s0 it is possible to make this
+one half of a \s-1BIO\s0 pair and have all the data processed by the chain under application
+control.
+.PP
+One typical use of \s-1BIO\s0 pairs is to place \s-1TLS/SSL\s0 I/O under application control, this
+can be used when the application wishes to use a non standard transport for
+\&\s-1TLS/SSL\s0 or the normal socket routines are inappropriate.
+.PP
+Calls to \fIBIO_read()\fR will read data from the buffer or request a retry if no
+data is available.
+.PP
+Calls to \fIBIO_write()\fR will place data in the buffer or request a retry if the
+buffer is full.
+.PP
+The standard calls \fIBIO_ctrl_pending()\fR and \fIBIO_ctrl_wpending()\fR can be used to
+determine the amount of pending data in the read or write buffer.
+.PP
+\&\fIBIO_reset()\fR clears any data in the write buffer.
+.PP
+\&\fIBIO_make_bio_pair()\fR joins two separate BIOs into a connected pair.
+.PP
+\&\fIBIO_destroy_pair()\fR destroys the association between two connected BIOs. Freeing
+up any half of the pair will automatically destroy the association.
+.PP
+\&\fIBIO_shutdown_wr()\fR is used to close down a \s-1BIO\s0 \fBb\fR. After this call no further
+writes on \s-1BIO\s0 \fBb\fR are allowed (they will return an error). Reads on the other
+half of the pair will return any pending data or \s-1EOF\s0 when all pending data has
+been read.
+.PP
+\&\fIBIO_set_write_buf_size()\fR sets the write buffer size of \s-1BIO\s0 \fBb\fR to \fBsize\fR.
+If the size is not initialized a default value is used. This is currently
+17K, sufficient for a maximum size \s-1TLS\s0 record.
+.PP
+\&\fIBIO_get_write_buf_size()\fR returns the size of the write buffer.
+.PP
+\&\fIBIO_new_bio_pair()\fR combines the calls to \fIBIO_new()\fR, \fIBIO_make_bio_pair()\fR and
+\&\fIBIO_set_write_buf_size()\fR to create a connected pair of BIOs \fBbio1\fR, \fBbio2\fR
+with write buffer sizes \fBwritebuf1\fR and \fBwritebuf2\fR. If either size is
+zero then the default size is used. \fIBIO_new_bio_pair()\fR does not check whether
+\&\fBbio1\fR or \fBbio2\fR do point to some other \s-1BIO\s0, the values are overwritten,
+\&\fIBIO_free()\fR is not called.
+.PP
+\&\fIBIO_get_write_guarantee()\fR and \fIBIO_ctrl_get_write_guarantee()\fR return the maximum
+length of data that can be currently written to the \s-1BIO\s0. Writes larger than this
+value will return a value from \fIBIO_write()\fR less than the amount requested or if the
+buffer is full request a retry. \fIBIO_ctrl_get_write_guarantee()\fR is a function
+whereas \fIBIO_get_write_guarantee()\fR is a macro.
+.PP
+\&\fIBIO_get_read_request()\fR and \fIBIO_ctrl_get_read_request()\fR return the
+amount of data requested, or the buffer size if it is less, if the
+last read attempt at the other half of the \s-1BIO\s0 pair failed due to an
+empty buffer. This can be used to determine how much data should be
+written to the \s-1BIO\s0 so the next read will succeed: this is most useful
+in \s-1TLS/SSL\s0 applications where the amount of data read is usually
+meaningful rather than just a buffer size. After a successful read
+this call will return zero. It also will return zero once new data
+has been written satisfying the read request or part of it.
+Note that \fIBIO_get_read_request()\fR never returns an amount larger
+than that returned by \fIBIO_get_write_guarantee()\fR.
+.PP
+\&\fIBIO_ctrl_reset_read_request()\fR can also be used to reset the value returned by
+\&\fIBIO_get_read_request()\fR to zero.
+.SH "NOTES"
+.IX Header "NOTES"
+Both halves of a \s-1BIO\s0 pair should be freed. That is even if one half is implicit
+freed due to a \fIBIO_free_all()\fR or \fISSL_free()\fR call the other half needs to be freed.
+.PP
+When used in bidirectional applications (such as \s-1TLS/SSL\s0) care should be taken to
+flush any data in the write buffer. This can be done by calling \fIBIO_pending()\fR
+on the other half of the pair and, if any data is pending, reading it and sending
+it to the underlying transport. This must be done before any normal processing
+(such as calling \fIselect()\fR ) due to a request and \fIBIO_should_read()\fR being true.
+.PP
+To see why this is important consider a case where a request is sent using
+\&\fIBIO_write()\fR and a response read with \fIBIO_read()\fR, this can occur during an
+\&\s-1TLS/SSL\s0 handshake for example. \fIBIO_write()\fR will succeed and place data in the write
+buffer. \fIBIO_read()\fR will initially fail and \fIBIO_should_read()\fR will be true. If
+the application then waits for data to be available on the underlying transport
+before flushing the write buffer it will never succeed because the request was
+never sent!
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+\&\fIBIO_new_bio_pair()\fR returns 1 on success, with the new BIOs available in
+\&\fBbio1\fR and \fBbio2\fR, or 0 on failure, with \s-1NULL\s0 pointers stored into the
+locations for \fBbio1\fR and \fBbio2\fR. Check the error stack for more information.
+.PP
+[\s-1XXXXX:\s0 More return values need to be added here]
+.SH "EXAMPLE"
+.IX Header "EXAMPLE"
+The \s-1BIO\s0 pair can be used to have full control over the network access of an
+application. The application can call \fIselect()\fR on the socket as required
+without having to go through the SSL-interface.
+.PP
+.Vb 6
+\& BIO *internal_bio, *network_bio;
+\& ...
+\& BIO_new_bio_pair(internal_bio, 0, network_bio, 0);
+\& SSL_set_bio(ssl, internal_bio, internal_bio);
+\& SSL_operations();
+\& ...
+\&
+\& application | TLS\-engine
+\& | |
+\& +\-\-\-\-\-\-\-\-\-\-> SSL_operations()
+\& | /\e ||
+\& | || \e/
+\& | BIO\-pair (internal_bio)
+\& +\-\-\-\-\-\-\-\-\-\-< BIO\-pair (network_bio)
+\& | |
+\& socket |
+\&
+\& ...
+\& SSL_free(ssl); /* implicitly frees internal_bio */
+\& BIO_free(network_bio);
+\& ...
+.Ve
+.PP
+As the \s-1BIO\s0 pair will only buffer the data and never directly access the
+connection, it behaves non-blocking and will return as soon as the write
+buffer is full or the read buffer is drained. Then the application has to
+flush the write buffer and/or fill the read buffer.
+.PP
+Use the \fIBIO_ctrl_pending()\fR, to find out whether data is buffered in the \s-1BIO\s0
+and must be transfered to the network. Use \fIBIO_ctrl_get_read_request()\fR to
+find out, how many bytes must be written into the buffer before the
+\&\fISSL_operation()\fR can successfully be continued.
+.SH "WARNING"
+.IX Header "WARNING"
+As the data is buffered, \fISSL_operation()\fR may return with a \s-1ERROR_SSL_WANT_READ\s0
+condition, but there is still data in the write buffer. An application must
+not rely on the error value of \fISSL_operation()\fR but must assure that the
+write buffer is always flushed first. Otherwise a deadlock may occur as
+the peer might be waiting for the data before being able to continue.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fISSL_set_bio\fR\|(3), \fIssl\fR\|(3), \fIbio\fR\|(3),
+\&\fIBIO_should_retry\fR\|(3), \fIBIO_read\fR\|(3)
diff --git a/secure/lib/libcrypto/man/BIO_s_connect.3 b/secure/lib/libcrypto/man/BIO_s_connect.3
new file mode 100644
index 0000000..e55cd73
--- /dev/null
+++ b/secure/lib/libcrypto/man/BIO_s_connect.3
@@ -0,0 +1,316 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "BIO_s_connect 3"
+.TH BIO_s_connect 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+BIO_s_connect, BIO_set_conn_hostname, BIO_set_conn_port,
+BIO_set_conn_ip, BIO_set_conn_int_port, BIO_get_conn_hostname,
+BIO_get_conn_port, BIO_get_conn_ip, BIO_get_conn_int_port,
+BIO_set_nbio, BIO_do_connect \- connect BIO
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/bio.h>
+\&
+\& BIO_METHOD * BIO_s_connect(void);
+\&
+\& BIO *BIO_new_connect(char *name);
+\&
+\& long BIO_set_conn_hostname(BIO *b, char *name);
+\& long BIO_set_conn_port(BIO *b, char *port);
+\& long BIO_set_conn_ip(BIO *b, char *ip);
+\& long BIO_set_conn_int_port(BIO *b, char *port);
+\& char *BIO_get_conn_hostname(BIO *b);
+\& char *BIO_get_conn_port(BIO *b);
+\& char *BIO_get_conn_ip(BIO *b, dummy);
+\& long BIO_get_conn_int_port(BIO *b, int port);
+\&
+\& long BIO_set_nbio(BIO *b, long n);
+\&
+\& int BIO_do_connect(BIO *b);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\fIBIO_s_connect()\fR returns the connect \s-1BIO\s0 method. This is a wrapper
+round the platform's \s-1TCP/IP\s0 socket connection routines.
+.PP
+Using connect BIOs, \s-1TCP/IP\s0 connections can be made and data
+transferred using only \s-1BIO\s0 routines. In this way any platform
+specific operations are hidden by the \s-1BIO\s0 abstraction.
+.PP
+Read and write operations on a connect \s-1BIO\s0 will perform I/O
+on the underlying connection. If no connection is established
+and the port and hostname (see below) is set up properly then
+a connection is established first.
+.PP
+Connect BIOs support \fIBIO_puts()\fR but not \fIBIO_gets()\fR.
+.PP
+If the close flag is set on a connect \s-1BIO\s0 then any active
+connection is shutdown and the socket closed when the \s-1BIO\s0
+is freed.
+.PP
+Calling \fIBIO_reset()\fR on a connect \s-1BIO\s0 will close any active
+connection and reset the \s-1BIO\s0 into a state where it can connect
+to the same host again.
+.PP
+\&\fIBIO_get_fd()\fR places the underlying socket in \fBc\fR if it is not \s-1NULL\s0,
+it also returns the socket . If \fBc\fR is not \s-1NULL\s0 it should be of
+type (int *).
+.PP
+\&\fIBIO_set_conn_hostname()\fR uses the string \fBname\fR to set the hostname.
+The hostname can be an \s-1IP\s0 address. The hostname can also include the
+port in the form hostname:port . It is also acceptable to use the
+form \*(L"hostname/any/other/path\*(R" or \*(L"hostname:port/any/other/path\*(R".
+.PP
+\&\fIBIO_set_conn_port()\fR sets the port to \fBport\fR. \fBport\fR can be the
+numerical form or a string such as \*(L"http\*(R". A string will be looked
+up first using \fIgetservbyname()\fR on the host platform but if that
+fails a standard table of port names will be used. Currently the
+list is http, telnet, socks, https, ssl, ftp, gopher and wais.
+.PP
+\&\fIBIO_set_conn_ip()\fR sets the \s-1IP\s0 address to \fBip\fR using binary form,
+that is four bytes specifying the \s-1IP\s0 address in big-endian form.
+.PP
+\&\fIBIO_set_conn_int_port()\fR sets the port using \fBport\fR. \fBport\fR should
+be of type (int *).
+.PP
+\&\fIBIO_get_conn_hostname()\fR returns the hostname of the connect \s-1BIO\s0 or
+\&\s-1NULL\s0 if the \s-1BIO\s0 is initialized but no hostname is set.
+This return value is an internal pointer which should not be modified.
+.PP
+\&\fIBIO_get_conn_port()\fR returns the port as a string.
+.PP
+\&\fIBIO_get_conn_ip()\fR returns the \s-1IP\s0 address in binary form.
+.PP
+\&\fIBIO_get_conn_int_port()\fR returns the port as an int.
+.PP
+\&\fIBIO_set_nbio()\fR sets the non blocking I/O flag to \fBn\fR. If \fBn\fR is
+zero then blocking I/O is set. If \fBn\fR is 1 then non blocking I/O
+is set. Blocking I/O is the default. The call to \fIBIO_set_nbio()\fR
+should be made before the connection is established because
+non blocking I/O is set during the connect process.
+.PP
+\&\fIBIO_new_connect()\fR combines \fIBIO_new()\fR and \fIBIO_set_conn_hostname()\fR into
+a single call: that is it creates a new connect \s-1BIO\s0 with \fBname\fR.
+.PP
+\&\fIBIO_do_connect()\fR attempts to connect the supplied \s-1BIO\s0. It returns 1
+if the connection was established successfully. A zero or negative
+value is returned if the connection could not be established, the
+call \fIBIO_should_retry()\fR should be used for non blocking connect BIOs
+to determine if the call should be retried.
+.SH "NOTES"
+.IX Header "NOTES"
+If blocking I/O is set then a non positive return value from any
+I/O call is caused by an error condition, although a zero return
+will normally mean that the connection was closed.
+.PP
+If the port name is supplied as part of the host name then this will
+override any value set with \fIBIO_set_conn_port()\fR. This may be undesirable
+if the application does not wish to allow connection to arbitrary
+ports. This can be avoided by checking for the presence of the ':'
+character in the passed hostname and either indicating an error or
+truncating the string at that point.
+.PP
+The values returned by \fIBIO_get_conn_hostname()\fR, \fIBIO_get_conn_port()\fR,
+\&\fIBIO_get_conn_ip()\fR and \fIBIO_get_conn_int_port()\fR are updated when a
+connection attempt is made. Before any connection attempt the values
+returned are those set by the application itself.
+.PP
+Applications do not have to call \fIBIO_do_connect()\fR but may wish to do
+so to separate the connection process from other I/O processing.
+.PP
+If non blocking I/O is set then retries will be requested as appropriate.
+.PP
+It addition to \fIBIO_should_read()\fR and \fIBIO_should_write()\fR it is also
+possible for \fIBIO_should_io_special()\fR to be true during the initial
+connection process with the reason \s-1BIO_RR_CONNECT\s0. If this is returned
+then this is an indication that a connection attempt would block,
+the application should then take appropriate action to wait until
+the underlying socket has connected and retry the call.
+.PP
+\&\fIBIO_set_conn_hostname()\fR, \fIBIO_set_conn_port()\fR, \fIBIO_set_conn_ip()\fR,
+\&\fIBIO_set_conn_int_port()\fR, \fIBIO_get_conn_hostname()\fR, \fIBIO_get_conn_port()\fR,
+\&\fIBIO_get_conn_ip()\fR, \fIBIO_get_conn_int_port()\fR, \fIBIO_set_nbio()\fR and
+\&\fIBIO_do_connect()\fR are macros.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+\&\fIBIO_s_connect()\fR returns the connect \s-1BIO\s0 method.
+.PP
+\&\fIBIO_get_fd()\fR returns the socket or \-1 if the \s-1BIO\s0 has not
+been initialized.
+.PP
+\&\fIBIO_set_conn_hostname()\fR, \fIBIO_set_conn_port()\fR, \fIBIO_set_conn_ip()\fR and
+\&\fIBIO_set_conn_int_port()\fR always return 1.
+.PP
+\&\fIBIO_get_conn_hostname()\fR returns the connected hostname or \s-1NULL\s0 is
+none was set.
+.PP
+\&\fIBIO_get_conn_port()\fR returns a string representing the connected
+port or \s-1NULL\s0 if not set.
+.PP
+\&\fIBIO_get_conn_ip()\fR returns a pointer to the connected \s-1IP\s0 address in
+binary form or all zeros if not set.
+.PP
+\&\fIBIO_get_conn_int_port()\fR returns the connected port or 0 if none was
+set.
+.PP
+\&\fIBIO_set_nbio()\fR always returns 1.
+.PP
+\&\fIBIO_do_connect()\fR returns 1 if the connection was successfully
+established and 0 or \-1 if the connection failed.
+.SH "EXAMPLE"
+.IX Header "EXAMPLE"
+This is example connects to a webserver on the local host and attempts
+to retrieve a page and copy the result to standard output.
+.PP
+.Vb 10
+\& BIO *cbio, *out;
+\& int len;
+\& char tmpbuf[1024];
+\& ERR_load_crypto_strings();
+\& cbio = BIO_new_connect("localhost:http");
+\& out = BIO_new_fp(stdout, BIO_NOCLOSE);
+\& if(BIO_do_connect(cbio) <= 0) {
+\& fprintf(stderr, "Error connecting to server\en");
+\& ERR_print_errors_fp(stderr);
+\& /* whatever ... */
+\& }
+\& BIO_puts(cbio, "GET / HTTP/1.0\en\en");
+\& for(;;) {
+\& len = BIO_read(cbio, tmpbuf, 1024);
+\& if(len <= 0) break;
+\& BIO_write(out, tmpbuf, len);
+\& }
+\& BIO_free(cbio);
+\& BIO_free(out);
+.Ve
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\s-1TBA\s0
diff --git a/secure/lib/libcrypto/man/BIO_s_fd.3 b/secure/lib/libcrypto/man/BIO_s_fd.3
new file mode 100644
index 0000000..e710429
--- /dev/null
+++ b/secure/lib/libcrypto/man/BIO_s_fd.3
@@ -0,0 +1,215 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "BIO_s_fd 3"
+.TH BIO_s_fd 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+BIO_s_fd, BIO_set_fd, BIO_get_fd, BIO_new_fd \- file descriptor BIO
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/bio.h>
+\&
+\& BIO_METHOD * BIO_s_fd(void);
+\&
+\& #define BIO_set_fd(b,fd,c) BIO_int_ctrl(b,BIO_C_SET_FD,c,fd)
+\& #define BIO_get_fd(b,c) BIO_ctrl(b,BIO_C_GET_FD,0,(char *)c)
+\&
+\& BIO *BIO_new_fd(int fd, int close_flag);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\fIBIO_s_fd()\fR returns the file descriptor \s-1BIO\s0 method. This is a wrapper
+round the platforms file descriptor routines such as \fIread()\fR and \fIwrite()\fR.
+.PP
+\&\fIBIO_read()\fR and \fIBIO_write()\fR read or write the underlying descriptor.
+\&\fIBIO_puts()\fR is supported but \fIBIO_gets()\fR is not.
+.PP
+If the close flag is set then then \fIclose()\fR is called on the underlying
+file descriptor when the \s-1BIO\s0 is freed.
+.PP
+\&\fIBIO_reset()\fR attempts to change the file pointer to the start of file
+using lseek(fd, 0, 0).
+.PP
+\&\fIBIO_seek()\fR sets the file pointer to position \fBofs\fR from start of file
+using lseek(fd, ofs, 0).
+.PP
+\&\fIBIO_tell()\fR returns the current file position by calling lseek(fd, 0, 1).
+.PP
+\&\fIBIO_set_fd()\fR sets the file descriptor of \s-1BIO\s0 \fBb\fR to \fBfd\fR and the close
+flag to \fBc\fR.
+.PP
+\&\fIBIO_get_fd()\fR places the file descriptor in \fBc\fR if it is not \s-1NULL\s0, it also
+returns the file descriptor. If \fBc\fR is not \s-1NULL\s0 it should be of type
+(int *).
+.PP
+\&\fIBIO_new_fd()\fR returns a file descriptor \s-1BIO\s0 using \fBfd\fR and \fBclose_flag\fR.
+.SH "NOTES"
+.IX Header "NOTES"
+The behaviour of \fIBIO_read()\fR and \fIBIO_write()\fR depends on the behavior of the
+platforms \fIread()\fR and \fIwrite()\fR calls on the descriptor. If the underlying
+file descriptor is in a non blocking mode then the \s-1BIO\s0 will behave in the
+manner described in the \fIBIO_read\fR\|(3) and \fIBIO_should_retry\fR\|(3)
+manual pages.
+.PP
+File descriptor BIOs should not be used for socket I/O. Use socket BIOs
+instead.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+\&\fIBIO_s_fd()\fR returns the file descriptor \s-1BIO\s0 method.
+.PP
+\&\fIBIO_reset()\fR returns zero for success and \-1 if an error occurred.
+\&\fIBIO_seek()\fR and \fIBIO_tell()\fR return the current file position or \-1
+is an error occurred. These values reflect the underlying \fIlseek()\fR
+behaviour.
+.PP
+\&\fIBIO_set_fd()\fR always returns 1.
+.PP
+\&\fIBIO_get_fd()\fR returns the file descriptor or \-1 if the \s-1BIO\s0 has not
+been initialized.
+.PP
+\&\fIBIO_new_fd()\fR returns the newly allocated \s-1BIO\s0 or \s-1NULL\s0 is an error
+occurred.
+.SH "EXAMPLE"
+.IX Header "EXAMPLE"
+This is a file descriptor \s-1BIO\s0 version of \*(L"Hello World\*(R":
+.PP
+.Vb 4
+\& BIO *out;
+\& out = BIO_new_fd(fileno(stdout), BIO_NOCLOSE);
+\& BIO_printf(out, "Hello World\en");
+\& BIO_free(out);
+.Ve
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIBIO_seek\fR\|(3), \fIBIO_tell\fR\|(3),
+\&\fIBIO_reset\fR\|(3), \fIBIO_read\fR\|(3),
+\&\fIBIO_write\fR\|(3), \fIBIO_puts\fR\|(3),
+\&\fIBIO_gets\fR\|(3), \fIBIO_printf\fR\|(3),
+\&\fIBIO_set_close\fR\|(3), \fIBIO_get_close\fR\|(3)
diff --git a/secure/lib/libcrypto/man/BIO_s_file.3 b/secure/lib/libcrypto/man/BIO_s_file.3
new file mode 100644
index 0000000..fc036dd
--- /dev/null
+++ b/secure/lib/libcrypto/man/BIO_s_file.3
@@ -0,0 +1,275 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "BIO_s_file 3"
+.TH BIO_s_file 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+BIO_s_file, BIO_new_file, BIO_new_fp, BIO_set_fp, BIO_get_fp,
+BIO_read_filename, BIO_write_filename, BIO_append_filename,
+BIO_rw_filename \- FILE bio
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/bio.h>
+\&
+\& BIO_METHOD * BIO_s_file(void);
+\& BIO *BIO_new_file(const char *filename, const char *mode);
+\& BIO *BIO_new_fp(FILE *stream, int flags);
+\&
+\& BIO_set_fp(BIO *b,FILE *fp, int flags);
+\& BIO_get_fp(BIO *b,FILE **fpp);
+\&
+\& int BIO_read_filename(BIO *b, char *name)
+\& int BIO_write_filename(BIO *b, char *name)
+\& int BIO_append_filename(BIO *b, char *name)
+\& int BIO_rw_filename(BIO *b, char *name)
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\fIBIO_s_file()\fR returns the \s-1BIO\s0 file method. As its name implies it
+is a wrapper round the stdio \s-1FILE\s0 structure and it is a
+source/sink \s-1BIO\s0.
+.PP
+Calls to \fIBIO_read()\fR and \fIBIO_write()\fR read and write data to the
+underlying stream. \fIBIO_gets()\fR and \fIBIO_puts()\fR are supported on file BIOs.
+.PP
+\&\fIBIO_flush()\fR on a file \s-1BIO\s0 calls the \fIfflush()\fR function on the wrapped
+stream.
+.PP
+\&\fIBIO_reset()\fR attempts to change the file pointer to the start of file
+using fseek(stream, 0, 0).
+.PP
+\&\fIBIO_seek()\fR sets the file pointer to position \fBofs\fR from start of file
+using fseek(stream, ofs, 0).
+.PP
+\&\fIBIO_eof()\fR calls \fIfeof()\fR.
+.PP
+Setting the \s-1BIO_CLOSE\s0 flag calls \fIfclose()\fR on the stream when the \s-1BIO\s0
+is freed.
+.PP
+\&\fIBIO_new_file()\fR creates a new file \s-1BIO\s0 with mode \fBmode\fR the meaning
+of \fBmode\fR is the same as the stdio function \fIfopen()\fR. The \s-1BIO_CLOSE\s0
+flag is set on the returned \s-1BIO\s0.
+.PP
+\&\fIBIO_new_fp()\fR creates a file \s-1BIO\s0 wrapping \fBstream\fR. Flags can be:
+\&\s-1BIO_CLOSE\s0, \s-1BIO_NOCLOSE\s0 (the close flag) \s-1BIO_FP_TEXT\s0 (sets the underlying
+stream to text mode, default is binary: this only has any effect under
+Win32).
+.PP
+\&\fIBIO_set_fp()\fR set the fp of a file \s-1BIO\s0 to \fBfp\fR. \fBflags\fR has the same
+meaning as in \fIBIO_new_fp()\fR, it is a macro.
+.PP
+\&\fIBIO_get_fp()\fR retrieves the fp of a file \s-1BIO\s0, it is a macro.
+.PP
+\&\fIBIO_seek()\fR is a macro that sets the position pointer to \fBoffset\fR bytes
+from the start of file.
+.PP
+\&\fIBIO_tell()\fR returns the value of the position pointer.
+.PP
+\&\fIBIO_read_filename()\fR, \fIBIO_write_filename()\fR, \fIBIO_append_filename()\fR and
+\&\fIBIO_rw_filename()\fR set the file \s-1BIO\s0 \fBb\fR to use file \fBname\fR for
+reading, writing, append or read write respectively.
+.SH "NOTES"
+.IX Header "NOTES"
+When wrapping stdout, stdin or stderr the underlying stream should not
+normally be closed so the \s-1BIO_NOCLOSE\s0 flag should be set.
+.PP
+Because the file \s-1BIO\s0 calls the underlying stdio functions any quirks
+in stdio behaviour will be mirrored by the corresponding \s-1BIO\s0.
+.SH "EXAMPLES"
+.IX Header "EXAMPLES"
+File \s-1BIO\s0 \*(L"hello world\*(R":
+.PP
+.Vb 3
+\& BIO *bio_out;
+\& bio_out = BIO_new_fp(stdout, BIO_NOCLOSE);
+\& BIO_printf(bio_out, "Hello World\en");
+.Ve
+.PP
+Alternative technique:
+.PP
+.Vb 5
+\& BIO *bio_out;
+\& bio_out = BIO_new(BIO_s_file());
+\& if(bio_out == NULL) /* Error ... */
+\& if(!BIO_set_fp(bio_out, stdout, BIO_NOCLOSE)) /* Error ... */
+\& BIO_printf(bio_out, "Hello World\en");
+.Ve
+.PP
+Write to a file:
+.PP
+.Vb 5
+\& BIO *out;
+\& out = BIO_new_file("filename.txt", "w");
+\& if(!out) /* Error occurred */
+\& BIO_printf(out, "Hello World\en");
+\& BIO_free(out);
+.Ve
+.PP
+Alternative technique:
+.PP
+.Vb 6
+\& BIO *out;
+\& out = BIO_new(BIO_s_file());
+\& if(out == NULL) /* Error ... */
+\& if(!BIO_write_filename(out, "filename.txt")) /* Error ... */
+\& BIO_printf(out, "Hello World\en");
+\& BIO_free(out);
+.Ve
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+\&\fIBIO_s_file()\fR returns the file \s-1BIO\s0 method.
+.PP
+\&\fIBIO_new_file()\fR and \fIBIO_new_fp()\fR return a file \s-1BIO\s0 or \s-1NULL\s0 if an error
+occurred.
+.PP
+\&\fIBIO_set_fp()\fR and \fIBIO_get_fp()\fR return 1 for success or 0 for failure
+(although the current implementation never return 0).
+.PP
+\&\fIBIO_seek()\fR returns the same value as the underlying \fIfseek()\fR function:
+0 for success or \-1 for failure.
+.PP
+\&\fIBIO_tell()\fR returns the current file position.
+.PP
+\&\fIBIO_read_filename()\fR, \fIBIO_write_filename()\fR, \fIBIO_append_filename()\fR and
+\&\fIBIO_rw_filename()\fR return 1 for success or 0 for failure.
+.SH "BUGS"
+.IX Header "BUGS"
+\&\fIBIO_reset()\fR and \fIBIO_seek()\fR are implemented using \fIfseek()\fR on the underlying
+stream. The return value for \fIfseek()\fR is 0 for success or \-1 if an error
+occurred this differs from other types of \s-1BIO\s0 which will typically return
+1 for success and a non positive value if an error occurred.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIBIO_seek\fR\|(3), \fIBIO_tell\fR\|(3),
+\&\fIBIO_reset\fR\|(3), \fIBIO_flush\fR\|(3),
+\&\fIBIO_read\fR\|(3),
+\&\fIBIO_write\fR\|(3), \fIBIO_puts\fR\|(3),
+\&\fIBIO_gets\fR\|(3), \fIBIO_printf\fR\|(3),
+\&\fIBIO_set_close\fR\|(3), \fIBIO_get_close\fR\|(3)
diff --git a/secure/lib/libcrypto/man/BIO_s_mem.3 b/secure/lib/libcrypto/man/BIO_s_mem.3
new file mode 100644
index 0000000..c9ec1e3
--- /dev/null
+++ b/secure/lib/libcrypto/man/BIO_s_mem.3
@@ -0,0 +1,244 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "BIO_s_mem 3"
+.TH BIO_s_mem 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+BIO_s_mem, BIO_set_mem_eof_return, BIO_get_mem_data, BIO_set_mem_buf,
+BIO_get_mem_ptr, BIO_new_mem_buf \- memory BIO
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/bio.h>
+\&
+\& BIO_METHOD * BIO_s_mem(void);
+\&
+\& BIO_set_mem_eof_return(BIO *b,int v)
+\& long BIO_get_mem_data(BIO *b, char **pp)
+\& BIO_set_mem_buf(BIO *b,BUF_MEM *bm,int c)
+\& BIO_get_mem_ptr(BIO *b,BUF_MEM **pp)
+\&
+\& BIO *BIO_new_mem_buf(void *buf, int len);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\fIBIO_s_mem()\fR return the memory \s-1BIO\s0 method function.
+.PP
+A memory \s-1BIO\s0 is a source/sink \s-1BIO\s0 which uses memory for its I/O. Data
+written to a memory \s-1BIO\s0 is stored in a \s-1BUF_MEM\s0 structure which is extended
+as appropriate to accommodate the stored data.
+.PP
+Any data written to a memory \s-1BIO\s0 can be recalled by reading from it.
+Unless the memory \s-1BIO\s0 is read only any data read from it is deleted from
+the \s-1BIO\s0.
+.PP
+Memory BIOs support \fIBIO_gets()\fR and \fIBIO_puts()\fR.
+.PP
+If the \s-1BIO_CLOSE\s0 flag is set when a memory \s-1BIO\s0 is freed then the underlying
+\&\s-1BUF_MEM\s0 structure is also freed.
+.PP
+Calling \fIBIO_reset()\fR on a read write memory \s-1BIO\s0 clears any data in it. On a
+read only \s-1BIO\s0 it restores the \s-1BIO\s0 to its original state and the read only
+data can be read again.
+.PP
+\&\fIBIO_eof()\fR is true if no data is in the \s-1BIO\s0.
+.PP
+\&\fIBIO_ctrl_pending()\fR returns the number of bytes currently stored.
+.PP
+\&\fIBIO_set_mem_eof_return()\fR sets the behaviour of memory \s-1BIO\s0 \fBb\fR when it is
+empty. If the \fBv\fR is zero then an empty memory \s-1BIO\s0 will return \s-1EOF\s0 (that is
+it will return zero and BIO_should_retry(b) will be false. If \fBv\fR is non
+zero then it will return \fBv\fR when it is empty and it will set the read retry
+flag (that is BIO_read_retry(b) is true). To avoid ambiguity with a normal
+positive return value \fBv\fR should be set to a negative value, typically \-1.
+.PP
+\&\fIBIO_get_mem_data()\fR sets \fBpp\fR to a pointer to the start of the memory BIOs data
+and returns the total amount of data available. It is implemented as a macro.
+.PP
+\&\fIBIO_set_mem_buf()\fR sets the internal \s-1BUF_MEM\s0 structure to \fBbm\fR and sets the
+close flag to \fBc\fR, that is \fBc\fR should be either \s-1BIO_CLOSE\s0 or \s-1BIO_NOCLOSE\s0.
+It is a macro.
+.PP
+\&\fIBIO_get_mem_ptr()\fR places the underlying \s-1BUF_MEM\s0 structure in \fBpp\fR. It is
+a macro.
+.PP
+\&\fIBIO_new_mem_buf()\fR creates a memory \s-1BIO\s0 using \fBlen\fR bytes of data at \fBbuf\fR,
+if \fBlen\fR is \-1 then the \fBbuf\fR is assumed to be null terminated and its
+length is determined by \fBstrlen\fR. The \s-1BIO\s0 is set to a read only state and
+as a result cannot be written to. This is useful when some data needs to be
+made available from a static area of memory in the form of a \s-1BIO\s0. The
+supplied data is read directly from the supplied buffer: it is \fBnot\fR copied
+first, so the supplied area of memory must be unchanged until the \s-1BIO\s0 is freed.
+.SH "NOTES"
+.IX Header "NOTES"
+Writes to memory BIOs will always succeed if memory is available: that is
+their size can grow indefinitely.
+.PP
+Every read from a read write memory \s-1BIO\s0 will remove the data just read with
+an internal copy operation, if a \s-1BIO\s0 contains a lots of data and it is
+read in small chunks the operation can be very slow. The use of a read only
+memory \s-1BIO\s0 avoids this problem. If the \s-1BIO\s0 must be read write then adding
+a buffering \s-1BIO\s0 to the chain will speed up the process.
+.SH "BUGS"
+.IX Header "BUGS"
+There should be an option to set the maximum size of a memory \s-1BIO\s0.
+.PP
+There should be a way to \*(L"rewind\*(R" a read write \s-1BIO\s0 without destroying
+its contents.
+.PP
+The copying operation should not occur after every small read of a large \s-1BIO\s0
+to improve efficiency.
+.SH "EXAMPLE"
+.IX Header "EXAMPLE"
+Create a memory \s-1BIO\s0 and write some data to it:
+.PP
+.Vb 2
+\& BIO *mem = BIO_new(BIO_s_mem());
+\& BIO_puts(mem, "Hello World\en");
+.Ve
+.PP
+Create a read only memory \s-1BIO:\s0
+.PP
+.Vb 3
+\& char data[] = "Hello World";
+\& BIO *mem;
+\& mem = BIO_new_mem_buf(data, \-1);
+.Ve
+.PP
+Extract the \s-1BUF_MEM\s0 structure from a memory \s-1BIO\s0 and then free up the \s-1BIO:\s0
+.PP
+.Vb 4
+\& BUF_MEM *bptr;
+\& BIO_get_mem_ptr(mem, &bptr);
+\& BIO_set_close(mem, BIO_NOCLOSE); /* So BIO_free() leaves BUF_MEM alone */
+\& BIO_free(mem);
+.Ve
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\s-1TBA\s0
diff --git a/secure/lib/libcrypto/man/BIO_s_null.3 b/secure/lib/libcrypto/man/BIO_s_null.3
new file mode 100644
index 0000000..3f60757
--- /dev/null
+++ b/secure/lib/libcrypto/man/BIO_s_null.3
@@ -0,0 +1,162 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "BIO_s_null 3"
+.TH BIO_s_null 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+BIO_s_null \- null data sink
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/bio.h>
+\&
+\& BIO_METHOD * BIO_s_null(void);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\fIBIO_s_null()\fR returns the null sink \s-1BIO\s0 method. Data written to
+the null sink is discarded, reads return \s-1EOF\s0.
+.SH "NOTES"
+.IX Header "NOTES"
+A null sink \s-1BIO\s0 behaves in a similar manner to the Unix /dev/null
+device.
+.PP
+A null bio can be placed on the end of a chain to discard any data
+passed through it.
+.PP
+A null sink is useful if, for example, an application wishes to digest some
+data by writing through a digest bio but not send the digested data anywhere.
+Since a \s-1BIO\s0 chain must normally include a source/sink \s-1BIO\s0 this can be achieved
+by adding a null sink \s-1BIO\s0 to the end of the chain
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+\&\fIBIO_s_null()\fR returns the null sink \s-1BIO\s0 method.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\s-1TBA\s0
diff --git a/secure/lib/libcrypto/man/BIO_s_socket.3 b/secure/lib/libcrypto/man/BIO_s_socket.3
new file mode 100644
index 0000000..1261339
--- /dev/null
+++ b/secure/lib/libcrypto/man/BIO_s_socket.3
@@ -0,0 +1,188 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "BIO_s_socket 3"
+.TH BIO_s_socket 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+BIO_s_socket, BIO_new_socket \- socket BIO
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/bio.h>
+\&
+\& BIO_METHOD *BIO_s_socket(void);
+\&
+\& long BIO_set_fd(BIO *b, int fd, long close_flag);
+\& long BIO_get_fd(BIO *b, int *c);
+\&
+\& BIO *BIO_new_socket(int sock, int close_flag);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\fIBIO_s_socket()\fR returns the socket \s-1BIO\s0 method. This is a wrapper
+round the platform's socket routines.
+.PP
+\&\fIBIO_read()\fR and \fIBIO_write()\fR read or write the underlying socket.
+\&\fIBIO_puts()\fR is supported but \fIBIO_gets()\fR is not.
+.PP
+If the close flag is set then the socket is shut down and closed
+when the \s-1BIO\s0 is freed.
+.PP
+\&\fIBIO_set_fd()\fR sets the socket of \s-1BIO\s0 \fBb\fR to \fBfd\fR and the close
+flag to \fBclose_flag\fR.
+.PP
+\&\fIBIO_get_fd()\fR places the socket in \fBc\fR if it is not \s-1NULL\s0, it also
+returns the socket. If \fBc\fR is not \s-1NULL\s0 it should be of type (int *).
+.PP
+\&\fIBIO_new_socket()\fR returns a socket \s-1BIO\s0 using \fBsock\fR and \fBclose_flag\fR.
+.SH "NOTES"
+.IX Header "NOTES"
+Socket BIOs also support any relevant functionality of file descriptor
+BIOs.
+.PP
+The reason for having separate file descriptor and socket BIOs is that on some
+platforms sockets are not file descriptors and use distinct I/O routines,
+Windows is one such platform. Any code mixing the two will not work on
+all platforms.
+.PP
+\&\fIBIO_set_fd()\fR and \fIBIO_get_fd()\fR are macros.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+\&\fIBIO_s_socket()\fR returns the socket \s-1BIO\s0 method.
+.PP
+\&\fIBIO_set_fd()\fR always returns 1.
+.PP
+\&\fIBIO_get_fd()\fR returns the socket or \-1 if the \s-1BIO\s0 has not been
+initialized.
+.PP
+\&\fIBIO_new_socket()\fR returns the newly allocated \s-1BIO\s0 or \s-1NULL\s0 is an error
+occurred.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\s-1TBA\s0
diff --git a/secure/lib/libcrypto/man/BIO_set_callback.3 b/secure/lib/libcrypto/man/BIO_set_callback.3
new file mode 100644
index 0000000..fb85633
--- /dev/null
+++ b/secure/lib/libcrypto/man/BIO_set_callback.3
@@ -0,0 +1,224 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "BIO_set_callback 3"
+.TH BIO_set_callback 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+BIO_set_callback, BIO_get_callback, BIO_set_callback_arg, BIO_get_callback_arg,
+BIO_debug_callback \- BIO callback functions
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/bio.h>
+\&
+\& #define BIO_set_callback(b,cb) ((b)\->callback=(cb))
+\& #define BIO_get_callback(b) ((b)\->callback)
+\& #define BIO_set_callback_arg(b,arg) ((b)\->cb_arg=(char *)(arg))
+\& #define BIO_get_callback_arg(b) ((b)\->cb_arg)
+\&
+\& long BIO_debug_callback(BIO *bio,int cmd,const char *argp,int argi,
+\& long argl,long ret);
+\&
+\& typedef long (*callback)(BIO *b, int oper, const char *argp,
+\& int argi, long argl, long retvalue);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\fIBIO_set_callback()\fR and \fIBIO_get_callback()\fR set and retrieve the \s-1BIO\s0 callback,
+they are both macros. The callback is called during most high level \s-1BIO\s0
+operations. It can be used for debugging purposes to trace operations on
+a \s-1BIO\s0 or to modify its operation.
+.PP
+\&\fIBIO_set_callback_arg()\fR and \fIBIO_get_callback_arg()\fR are macros which can be
+used to set and retrieve an argument for use in the callback.
+.PP
+\&\fIBIO_debug_callback()\fR is a standard debugging callback which prints
+out information relating to each \s-1BIO\s0 operation. If the callback
+argument is set if is interpreted as a \s-1BIO\s0 to send the information
+to, otherwise stderr is used.
+.PP
+\&\fIcallback()\fR is the callback function itself. The meaning of each
+argument is described below.
+.PP
+The \s-1BIO\s0 the callback is attached to is passed in \fBb\fR.
+.PP
+\&\fBoper\fR is set to the operation being performed. For some operations
+the callback is called twice, once before and once after the actual
+operation, the latter case has \fBoper\fR or'ed with \s-1BIO_CB_RETURN\s0.
+.PP
+The meaning of the arguments \fBargp\fR, \fBargi\fR and \fBargl\fR depends on
+the value of \fBoper\fR, that is the operation being performed.
+.PP
+\&\fBretvalue\fR is the return value that would be returned to the
+application if no callback were present. The actual value returned
+is the return value of the callback itself. In the case of callbacks
+called before the actual \s-1BIO\s0 operation 1 is placed in retvalue, if
+the return value is not positive it will be immediately returned to
+the application and the \s-1BIO\s0 operation will not be performed.
+.PP
+The callback should normally simply return \fBretvalue\fR when it has
+finished processing, unless if specifically wishes to modify the
+value returned to the application.
+.SH "CALLBACK OPERATIONS"
+.IX Header "CALLBACK OPERATIONS"
+.IP "\fBBIO_free(b)\fR" 4
+.IX Item "BIO_free(b)"
+callback(b, \s-1BIO_CB_FREE\s0, \s-1NULL\s0, 0L, 0L, 1L) is called before the
+free operation.
+.IP "\fBBIO_read(b, out, outl)\fR" 4
+.IX Item "BIO_read(b, out, outl)"
+callback(b, \s-1BIO_CB_READ\s0, out, outl, 0L, 1L) is called before
+the read and callback(b, BIO_CB_READ|BIO_CB_RETURN, out, outl, 0L, retvalue)
+after.
+.IP "\fBBIO_write(b, in, inl)\fR" 4
+.IX Item "BIO_write(b, in, inl)"
+callback(b, \s-1BIO_CB_WRITE\s0, in, inl, 0L, 1L) is called before
+the write and callback(b, BIO_CB_WRITE|BIO_CB_RETURN, in, inl, 0L, retvalue)
+after.
+.IP "\fBBIO_gets(b, out, outl)\fR" 4
+.IX Item "BIO_gets(b, out, outl)"
+callback(b, \s-1BIO_CB_GETS\s0, out, outl, 0L, 1L) is called before
+the operation and callback(b, BIO_CB_GETS|BIO_CB_RETURN, out, outl, 0L, retvalue)
+after.
+.IP "\fBBIO_puts(b, in)\fR" 4
+.IX Item "BIO_puts(b, in)"
+callback(b, \s-1BIO_CB_WRITE\s0, in, 0, 0L, 1L) is called before
+the operation and callback(b, BIO_CB_WRITE|BIO_CB_RETURN, in, 0, 0L, retvalue)
+after.
+.IP "\fBBIO_ctrl(\s-1BIO\s0 *b, int cmd, long larg, void *parg)\fR" 4
+.IX Item "BIO_ctrl(BIO *b, int cmd, long larg, void *parg)"
+callback(b,BIO_CB_CTRL,parg,cmd,larg,1L) is called before the call and
+callback(b,BIO_CB_CTRL|BIO_CB_RETURN,parg,cmd, larg,ret) after.
+.SH "EXAMPLE"
+.IX Header "EXAMPLE"
+The \fIBIO_debug_callback()\fR function is a good example, its source is
+in crypto/bio/bio_cb.c
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\s-1TBA\s0
diff --git a/secure/lib/libcrypto/man/BIO_should_retry.3 b/secure/lib/libcrypto/man/BIO_should_retry.3
new file mode 100644
index 0000000..22f6049
--- /dev/null
+++ b/secure/lib/libcrypto/man/BIO_should_retry.3
@@ -0,0 +1,239 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "BIO_should_retry 3"
+.TH BIO_should_retry 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+BIO_should_retry, BIO_should_read, BIO_should_write,
+BIO_should_io_special, BIO_retry_type, BIO_should_retry,
+BIO_get_retry_BIO, BIO_get_retry_reason \- BIO retry functions
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/bio.h>
+\&
+\& #define BIO_should_read(a) ((a)\->flags & BIO_FLAGS_READ)
+\& #define BIO_should_write(a) ((a)\->flags & BIO_FLAGS_WRITE)
+\& #define BIO_should_io_special(a) ((a)\->flags & BIO_FLAGS_IO_SPECIAL)
+\& #define BIO_retry_type(a) ((a)\->flags & BIO_FLAGS_RWS)
+\& #define BIO_should_retry(a) ((a)\->flags & BIO_FLAGS_SHOULD_RETRY)
+\&
+\& #define BIO_FLAGS_READ 0x01
+\& #define BIO_FLAGS_WRITE 0x02
+\& #define BIO_FLAGS_IO_SPECIAL 0x04
+\& #define BIO_FLAGS_RWS (BIO_FLAGS_READ|BIO_FLAGS_WRITE|BIO_FLAGS_IO_SPECIAL)
+\& #define BIO_FLAGS_SHOULD_RETRY 0x08
+\&
+\& BIO * BIO_get_retry_BIO(BIO *bio, int *reason);
+\& int BIO_get_retry_reason(BIO *bio);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+These functions determine why a \s-1BIO\s0 is not able to read or write data.
+They will typically be called after a failed \fIBIO_read()\fR or \fIBIO_write()\fR
+call.
+.PP
+\&\fIBIO_should_retry()\fR is true if the call that produced this condition
+should then be retried at a later time.
+.PP
+If \fIBIO_should_retry()\fR is false then the cause is an error condition.
+.PP
+\&\fIBIO_should_read()\fR is true if the cause of the condition is that a \s-1BIO\s0
+needs to read data.
+.PP
+\&\fIBIO_should_write()\fR is true if the cause of the condition is that a \s-1BIO\s0
+needs to read data.
+.PP
+\&\fIBIO_should_io_special()\fR is true if some \*(L"special\*(R" condition, that is a
+reason other than reading or writing is the cause of the condition.
+.PP
+\&\fIBIO_retry_type()\fR returns a mask of the cause of a retry condition
+consisting of the values \fB\s-1BIO_FLAGS_READ\s0\fR, \fB\s-1BIO_FLAGS_WRITE\s0\fR,
+\&\fB\s-1BIO_FLAGS_IO_SPECIAL\s0\fR though current \s-1BIO\s0 types will only set one of
+these.
+.PP
+\&\fIBIO_get_retry_BIO()\fR determines the precise reason for the special
+condition, it returns the \s-1BIO\s0 that caused this condition and if
+\&\fBreason\fR is not \s-1NULL\s0 it contains the reason code. The meaning of
+the reason code and the action that should be taken depends on
+the type of \s-1BIO\s0 that resulted in this condition.
+.PP
+\&\fIBIO_get_retry_reason()\fR returns the reason for a special condition if
+passed the relevant \s-1BIO\s0, for example as returned by \fIBIO_get_retry_BIO()\fR.
+.SH "NOTES"
+.IX Header "NOTES"
+If \fIBIO_should_retry()\fR returns false then the precise \*(L"error condition\*(R"
+depends on the \s-1BIO\s0 type that caused it and the return code of the \s-1BIO\s0
+operation. For example if a call to \fIBIO_read()\fR on a socket \s-1BIO\s0 returns
+0 and \fIBIO_should_retry()\fR is false then the cause will be that the
+connection closed. A similar condition on a file \s-1BIO\s0 will mean that it
+has reached \s-1EOF\s0. Some \s-1BIO\s0 types may place additional information on
+the error queue. For more details see the individual \s-1BIO\s0 type manual
+pages.
+.PP
+If the underlying I/O structure is in a blocking mode almost all current
+\&\s-1BIO\s0 types will not request a retry, because the underlying I/O
+calls will not. If the application knows that the \s-1BIO\s0 type will never
+signal a retry then it need not call \fIBIO_should_retry()\fR after a failed
+\&\s-1BIO\s0 I/O call. This is typically done with file BIOs.
+.PP
+\&\s-1SSL\s0 BIOs are the only current exception to this rule: they can request a
+retry even if the underlying I/O structure is blocking, if a handshake
+occurs during a call to \fIBIO_read()\fR. An application can retry the failed
+call immediately or avoid this situation by setting \s-1SSL_MODE_AUTO_RETRY\s0
+on the underlying \s-1SSL\s0 structure.
+.PP
+While an application may retry a failed non blocking call immediately
+this is likely to be very inefficient because the call will fail
+repeatedly until data can be processed or is available. An application
+will normally wait until the necessary condition is satisfied. How
+this is done depends on the underlying I/O structure.
+.PP
+For example if the cause is ultimately a socket and \fIBIO_should_read()\fR
+is true then a call to \fIselect()\fR may be made to wait until data is
+available and then retry the \s-1BIO\s0 operation. By combining the retry
+conditions of several non blocking BIOs in a single \fIselect()\fR call
+it is possible to service several BIOs in a single thread, though
+the performance may be poor if \s-1SSL\s0 BIOs are present because long delays
+can occur during the initial handshake process.
+.PP
+It is possible for a \s-1BIO\s0 to block indefinitely if the underlying I/O
+structure cannot process or return any data. This depends on the behaviour of
+the platforms I/O functions. This is often not desirable: one solution
+is to use non blocking I/O and use a timeout on the \fIselect()\fR (or
+equivalent) call.
+.SH "BUGS"
+.IX Header "BUGS"
+The OpenSSL \s-1ASN1\s0 functions cannot gracefully deal with non blocking I/O:
+that is they cannot retry after a partial read or write. This is usually
+worked around by only passing the relevant data to \s-1ASN1\s0 functions when
+the entire structure can be read or written.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\s-1TBA\s0
diff --git a/secure/lib/libcrypto/man/BN_BLINDING_new.3 b/secure/lib/libcrypto/man/BN_BLINDING_new.3
new file mode 100644
index 0000000..a5a4591
--- /dev/null
+++ b/secure/lib/libcrypto/man/BN_BLINDING_new.3
@@ -0,0 +1,231 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "BN_BLINDING_new 3"
+.TH BN_BLINDING_new 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+BN_BLINDING_new, BN_BLINDING_free, BN_BLINDING_update, BN_BLINDING_convert,
+BN_BLINDING_invert, BN_BLINDING_convert_ex, BN_BLINDING_invert_ex,
+BN_BLINDING_get_thread_id, BN_BLINDING_set_thread_id, BN_BLINDING_get_flags,
+BN_BLINDING_set_flags, BN_BLINDING_create_param \- blinding related BIGNUM
+functions.
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/bn.h>
+\&
+\& BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai,
+\& BIGNUM *mod);
+\& void BN_BLINDING_free(BN_BLINDING *b);
+\& int BN_BLINDING_update(BN_BLINDING *b,BN_CTX *ctx);
+\& int BN_BLINDING_convert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx);
+\& int BN_BLINDING_invert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx);
+\& int BN_BLINDING_convert_ex(BIGNUM *n, BIGNUM *r, BN_BLINDING *b,
+\& BN_CTX *ctx);
+\& int BN_BLINDING_invert_ex(BIGNUM *n, const BIGNUM *r, BN_BLINDING *b,
+\& BN_CTX *ctx);
+\& unsigned long BN_BLINDING_get_thread_id(const BN_BLINDING *);
+\& void BN_BLINDING_set_thread_id(BN_BLINDING *, unsigned long);
+\& unsigned long BN_BLINDING_get_flags(const BN_BLINDING *);
+\& void BN_BLINDING_set_flags(BN_BLINDING *, unsigned long);
+\& BN_BLINDING *BN_BLINDING_create_param(BN_BLINDING *b,
+\& const BIGNUM *e, BIGNUM *m, BN_CTX *ctx,
+\& int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+\& const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx),
+\& BN_MONT_CTX *m_ctx);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\fIBN_BLINDING_new()\fR allocates a new \fB\s-1BN_BLINDING\s0\fR structure and copies
+the \fBA\fR and \fBAi\fR values into the newly created \fB\s-1BN_BLINDING\s0\fR object.
+.PP
+\&\fIBN_BLINDING_free()\fR frees the \fB\s-1BN_BLINDING\s0\fR structure.
+.PP
+\&\fIBN_BLINDING_update()\fR updates the \fB\s-1BN_BLINDING\s0\fR parameters by squaring
+the \fBA\fR and \fBAi\fR or, after specific number of uses and if the
+necessary parameters are set, by re-creating the blinding parameters.
+.PP
+\&\fIBN_BLINDING_convert_ex()\fR multiplies \fBn\fR with the blinding factor \fBA\fR.
+If \fBr\fR is not \s-1NULL\s0 a copy the inverse blinding factor \fBAi\fR will be
+returned in \fBr\fR (this is useful if a \fB\s-1RSA\s0\fR object is shared amoung
+several threads). \fIBN_BLINDING_invert_ex()\fR multiplies \fBn\fR with the
+inverse blinding factor \fBAi\fR. If \fBr\fR is not \s-1NULL\s0 it will be used as
+the inverse blinding.
+.PP
+\&\fIBN_BLINDING_convert()\fR and \fIBN_BLINDING_invert()\fR are wrapper
+functions for \fIBN_BLINDING_convert_ex()\fR and \fIBN_BLINDING_invert_ex()\fR
+with \fBr\fR set to \s-1NULL\s0.
+.PP
+\&\fIBN_BLINDING_set_thread_id()\fR and \fIBN_BLINDING_get_thread_id()\fR
+set and get the \*(L"thread id\*(R" value of the \fB\s-1BN_BLINDING\s0\fR structure,
+a field provided to users of \fB\s-1BN_BLINDING\s0\fR structure to help them
+provide proper locking if needed for multi-threaded use. The
+\&\*(L"thread id\*(R" of a newly allocated \fB\s-1BN_BLINDING\s0\fR structure is zero.
+.PP
+\&\fIBN_BLINDING_get_flags()\fR returns the \s-1BN_BLINDING\s0 flags. Currently
+there are two supported flags: \fB\s-1BN_BLINDING_NO_UPDATE\s0\fR and
+\&\fB\s-1BN_BLINDING_NO_RECREATE\s0\fR. \fB\s-1BN_BLINDING_NO_UPDATE\s0\fR inhibits the
+automatic update of the \fB\s-1BN_BLINDING\s0\fR parameters after each use
+and \fB\s-1BN_BLINDING_NO_RECREATE\s0\fR inhibits the automatic re-creation
+of the \fB\s-1BN_BLINDING\s0\fR parameters after a fixed number of uses (currently
+32). In newly allocated \fB\s-1BN_BLINDING\s0\fR objects no flags are set.
+\&\fIBN_BLINDING_set_flags()\fR sets the \fB\s-1BN_BLINDING\s0\fR parameters flags.
+.PP
+\&\fIBN_BLINDING_create_param()\fR creates new \fB\s-1BN_BLINDING\s0\fR parameters
+using the exponent \fBe\fR and the modulus \fBm\fR. \fBbn_mod_exp\fR and
+\&\fBm_ctx\fR can be used to pass special functions for exponentiation
+(normally \fIBN_mod_exp_mont()\fR and \fB\s-1BN_MONT_CTX\s0\fR).
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+\&\fIBN_BLINDING_new()\fR returns the newly allocated \fB\s-1BN_BLINDING\s0\fR structure
+or \s-1NULL\s0 in case of an error.
+.PP
+\&\fIBN_BLINDING_update()\fR, \fIBN_BLINDING_convert()\fR, \fIBN_BLINDING_invert()\fR,
+\&\fIBN_BLINDING_convert_ex()\fR and \fIBN_BLINDING_invert_ex()\fR return 1 on
+success and 0 if an error occured.
+.PP
+\&\fIBN_BLINDING_get_thread_id()\fR returns the thread id (a \fBunsigned long\fR
+value) or 0 if not set.
+.PP
+\&\fIBN_BLINDING_get_flags()\fR returns the currently set \fB\s-1BN_BLINDING\s0\fR flags
+(a \fBunsigned long\fR value).
+.PP
+\&\fIBN_BLINDING_create_param()\fR returns the newly created \fB\s-1BN_BLINDING\s0\fR
+parameters or \s-1NULL\s0 on error.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIbn\fR\|(3)
+.SH "HISTORY"
+.IX Header "HISTORY"
+BN_BLINDING_convert_ex, BN_BLINDIND_invert_ex, BN_BLINDING_get_thread_id,
+BN_BLINDING_set_thread_id, BN_BLINDING_set_flags, BN_BLINDING_get_flags
+and BN_BLINDING_create_param were first introduced in OpenSSL 0.9.8
+.SH "AUTHOR"
+.IX Header "AUTHOR"
+Nils Larsch for the OpenSSL project (http://www.openssl.org).
diff --git a/secure/lib/libcrypto/man/BN_CTX_new.3 b/secure/lib/libcrypto/man/BN_CTX_new.3
new file mode 100644
index 0000000..bae185d
--- /dev/null
+++ b/secure/lib/libcrypto/man/BN_CTX_new.3
@@ -0,0 +1,175 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "BN_CTX_new 3"
+.TH BN_CTX_new 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+BN_CTX_new, BN_CTX_init, BN_CTX_free \- allocate and free BN_CTX structures
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/bn.h>
+\&
+\& BN_CTX *BN_CTX_new(void);
+\&
+\& void BN_CTX_init(BN_CTX *c);
+\&
+\& void BN_CTX_free(BN_CTX *c);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+A \fB\s-1BN_CTX\s0\fR is a structure that holds \fB\s-1BIGNUM\s0\fR temporary variables used by
+library functions. Since dynamic memory allocation to create \fB\s-1BIGNUM\s0\fRs
+is rather expensive when used in conjunction with repeated subroutine
+calls, the \fB\s-1BN_CTX\s0\fR structure is used.
+.PP
+\&\fIBN_CTX_new()\fR allocates and initializes a \fB\s-1BN_CTX\s0\fR
+structure. \fIBN_CTX_init()\fR initializes an existing uninitialized
+\&\fB\s-1BN_CTX\s0\fR.
+.PP
+\&\fIBN_CTX_free()\fR frees the components of the \fB\s-1BN_CTX\s0\fR, and if it was
+created by \fIBN_CTX_new()\fR, also the structure itself.
+If \fIBN_CTX_start\fR\|(3) has been used on the \fB\s-1BN_CTX\s0\fR,
+\&\fIBN_CTX_end\fR\|(3) must be called before the \fB\s-1BN_CTX\s0\fR
+may be freed by \fIBN_CTX_free()\fR.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+\&\fIBN_CTX_new()\fR returns a pointer to the \fB\s-1BN_CTX\s0\fR. If the allocation fails,
+it returns \fB\s-1NULL\s0\fR and sets an error code that can be obtained by
+\&\fIERR_get_error\fR\|(3).
+.PP
+\&\fIBN_CTX_init()\fR and \fIBN_CTX_free()\fR have no return values.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIbn\fR\|(3), \fIERR_get_error\fR\|(3), \fIBN_add\fR\|(3),
+\&\fIBN_CTX_start\fR\|(3)
+.SH "HISTORY"
+.IX Header "HISTORY"
+\&\fIBN_CTX_new()\fR and \fIBN_CTX_free()\fR are available in all versions on SSLeay
+and OpenSSL. \fIBN_CTX_init()\fR was added in SSLeay 0.9.1b.
diff --git a/secure/lib/libcrypto/man/BN_CTX_start.3 b/secure/lib/libcrypto/man/BN_CTX_start.3
new file mode 100644
index 0000000..4eb96a5
--- /dev/null
+++ b/secure/lib/libcrypto/man/BN_CTX_start.3
@@ -0,0 +1,174 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "BN_CTX_start 3"
+.TH BN_CTX_start 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+BN_CTX_start, BN_CTX_get, BN_CTX_end \- use temporary BIGNUM variables
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/bn.h>
+\&
+\& void BN_CTX_start(BN_CTX *ctx);
+\&
+\& BIGNUM *BN_CTX_get(BN_CTX *ctx);
+\&
+\& void BN_CTX_end(BN_CTX *ctx);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+These functions are used to obtain temporary \fB\s-1BIGNUM\s0\fR variables from
+a \fB\s-1BN_CTX\s0\fR (which can been created by using \fIBN_CTX_new\fR\|(3))
+in order to save the overhead of repeatedly creating and
+freeing \fB\s-1BIGNUM\s0\fRs in functions that are called from inside a loop.
+.PP
+A function must call \fIBN_CTX_start()\fR first. Then, \fIBN_CTX_get()\fR may be
+called repeatedly to obtain temporary \fB\s-1BIGNUM\s0\fRs. All \fIBN_CTX_get()\fR
+calls must be made before calling any other functions that use the
+\&\fBctx\fR as an argument.
+.PP
+Finally, \fIBN_CTX_end()\fR must be called before returning from the function.
+When \fIBN_CTX_end()\fR is called, the \fB\s-1BIGNUM\s0\fR pointers obtained from
+\&\fIBN_CTX_get()\fR become invalid.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+\&\fIBN_CTX_start()\fR and \fIBN_CTX_end()\fR return no values.
+.PP
+\&\fIBN_CTX_get()\fR returns a pointer to the \fB\s-1BIGNUM\s0\fR, or \fB\s-1NULL\s0\fR on error.
+Once \fIBN_CTX_get()\fR has failed, the subsequent calls will return \fB\s-1NULL\s0\fR
+as well, so it is sufficient to check the return value of the last
+\&\fIBN_CTX_get()\fR call. In case of an error, an error code is set, which
+can be obtained by \fIERR_get_error\fR\|(3).
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIBN_CTX_new\fR\|(3)
+.SH "HISTORY"
+.IX Header "HISTORY"
+\&\fIBN_CTX_start()\fR, \fIBN_CTX_get()\fR and \fIBN_CTX_end()\fR were added in OpenSSL 0.9.5.
diff --git a/secure/lib/libcrypto/man/BN_add.3 b/secure/lib/libcrypto/man/BN_add.3
new file mode 100644
index 0000000..7cd7273
--- /dev/null
+++ b/secure/lib/libcrypto/man/BN_add.3
@@ -0,0 +1,249 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "BN_add 3"
+.TH BN_add 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+BN_add, BN_sub, BN_mul, BN_sqr, BN_div, BN_mod, BN_nnmod, BN_mod_add,
+BN_mod_sub, BN_mod_mul, BN_mod_sqr, BN_exp, BN_mod_exp, BN_gcd \-
+arithmetic operations on BIGNUMs
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/bn.h>
+\&
+\& int BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
+\&
+\& int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
+\&
+\& int BN_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b, BN_CTX *ctx);
+\&
+\& int BN_sqr(BIGNUM *r, BIGNUM *a, BN_CTX *ctx);
+\&
+\& int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *a, const BIGNUM *d,
+\& BN_CTX *ctx);
+\&
+\& int BN_mod(BIGNUM *rem, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx);
+\&
+\& int BN_nnmod(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx);
+\&
+\& int BN_mod_add(BIGNUM *r, BIGNUM *a, BIGNUM *b, const BIGNUM *m,
+\& BN_CTX *ctx);
+\&
+\& int BN_mod_sub(BIGNUM *r, BIGNUM *a, BIGNUM *b, const BIGNUM *m,
+\& BN_CTX *ctx);
+\&
+\& int BN_mod_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b, const BIGNUM *m,
+\& BN_CTX *ctx);
+\&
+\& int BN_mod_sqr(BIGNUM *r, BIGNUM *a, const BIGNUM *m, BN_CTX *ctx);
+\&
+\& int BN_exp(BIGNUM *r, BIGNUM *a, BIGNUM *p, BN_CTX *ctx);
+\&
+\& int BN_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
+\& const BIGNUM *m, BN_CTX *ctx);
+\&
+\& int BN_gcd(BIGNUM *r, BIGNUM *a, BIGNUM *b, BN_CTX *ctx);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\fIBN_add()\fR adds \fIa\fR and \fIb\fR and places the result in \fIr\fR (\f(CW\*(C`r=a+b\*(C'\fR).
+\&\fIr\fR may be the same \fB\s-1BIGNUM\s0\fR as \fIa\fR or \fIb\fR.
+.PP
+\&\fIBN_sub()\fR subtracts \fIb\fR from \fIa\fR and places the result in \fIr\fR (\f(CW\*(C`r=a\-b\*(C'\fR).
+.PP
+\&\fIBN_mul()\fR multiplies \fIa\fR and \fIb\fR and places the result in \fIr\fR (\f(CW\*(C`r=a*b\*(C'\fR).
+\&\fIr\fR may be the same \fB\s-1BIGNUM\s0\fR as \fIa\fR or \fIb\fR.
+For multiplication by powers of 2, use \fIBN_lshift\fR\|(3).
+.PP
+\&\fIBN_sqr()\fR takes the square of \fIa\fR and places the result in \fIr\fR
+(\f(CW\*(C`r=a^2\*(C'\fR). \fIr\fR and \fIa\fR may be the same \fB\s-1BIGNUM\s0\fR.
+This function is faster than BN_mul(r,a,a).
+.PP
+\&\fIBN_div()\fR divides \fIa\fR by \fId\fR and places the result in \fIdv\fR and the
+remainder in \fIrem\fR (\f(CW\*(C`dv=a/d, rem=a%d\*(C'\fR). Either of \fIdv\fR and \fIrem\fR may
+be \fB\s-1NULL\s0\fR, in which case the respective value is not returned.
+The result is rounded towards zero; thus if \fIa\fR is negative, the
+remainder will be zero or negative.
+For division by powers of 2, use \fIBN_rshift\fR\|(3).
+.PP
+\&\fIBN_mod()\fR corresponds to \fIBN_div()\fR with \fIdv\fR set to \fB\s-1NULL\s0\fR.
+.PP
+\&\fIBN_nnmod()\fR reduces \fIa\fR modulo \fIm\fR and places the non-negative
+remainder in \fIr\fR.
+.PP
+\&\fIBN_mod_add()\fR adds \fIa\fR to \fIb\fR modulo \fIm\fR and places the non-negative
+result in \fIr\fR.
+.PP
+\&\fIBN_mod_sub()\fR subtracts \fIb\fR from \fIa\fR modulo \fIm\fR and places the
+non-negative result in \fIr\fR.
+.PP
+\&\fIBN_mod_mul()\fR multiplies \fIa\fR by \fIb\fR and finds the non-negative
+remainder respective to modulus \fIm\fR (\f(CW\*(C`r=(a*b) mod m\*(C'\fR). \fIr\fR may be
+the same \fB\s-1BIGNUM\s0\fR as \fIa\fR or \fIb\fR. For more efficient algorithms for
+repeated computations using the same modulus, see
+\&\fIBN_mod_mul_montgomery\fR\|(3) and
+\&\fIBN_mod_mul_reciprocal\fR\|(3).
+.PP
+\&\fIBN_mod_sqr()\fR takes the square of \fIa\fR modulo \fBm\fR and places the
+result in \fIr\fR.
+.PP
+\&\fIBN_exp()\fR raises \fIa\fR to the \fIp\fR\-th power and places the result in \fIr\fR
+(\f(CW\*(C`r=a^p\*(C'\fR). This function is faster than repeated applications of
+\&\fIBN_mul()\fR.
+.PP
+\&\fIBN_mod_exp()\fR computes \fIa\fR to the \fIp\fR\-th power modulo \fIm\fR (\f(CW\*(C`r=a^p %
+m\*(C'\fR). This function uses less time and space than \fIBN_exp()\fR.
+.PP
+\&\fIBN_gcd()\fR computes the greatest common divisor of \fIa\fR and \fIb\fR and
+places the result in \fIr\fR. \fIr\fR may be the same \fB\s-1BIGNUM\s0\fR as \fIa\fR or
+\&\fIb\fR.
+.PP
+For all functions, \fIctx\fR is a previously allocated \fB\s-1BN_CTX\s0\fR used for
+temporary variables; see \fIBN_CTX_new\fR\|(3).
+.PP
+Unless noted otherwise, the result \fB\s-1BIGNUM\s0\fR must be different from
+the arguments.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+For all functions, 1 is returned for success, 0 on error. The return
+value should always be checked (e.g., \f(CW\*(C`if (!BN_add(r,a,b)) goto err;\*(C'\fR).
+The error codes can be obtained by \fIERR_get_error\fR\|(3).
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIbn\fR\|(3), \fIERR_get_error\fR\|(3), \fIBN_CTX_new\fR\|(3),
+\&\fIBN_add_word\fR\|(3), \fIBN_set_bit\fR\|(3)
+.SH "HISTORY"
+.IX Header "HISTORY"
+\&\fIBN_add()\fR, \fIBN_sub()\fR, \fIBN_sqr()\fR, \fIBN_div()\fR, \fIBN_mod()\fR, \fIBN_mod_mul()\fR,
+\&\fIBN_mod_exp()\fR and \fIBN_gcd()\fR are available in all versions of SSLeay and
+OpenSSL. The \fIctx\fR argument to \fIBN_mul()\fR was added in SSLeay
+0.9.1b. \fIBN_exp()\fR appeared in SSLeay 0.9.0.
+\&\fIBN_nnmod()\fR, \fIBN_mod_add()\fR, \fIBN_mod_sub()\fR, and \fIBN_mod_sqr()\fR were added in
+OpenSSL 0.9.7.
diff --git a/secure/lib/libcrypto/man/BN_add_word.3 b/secure/lib/libcrypto/man/BN_add_word.3
new file mode 100644
index 0000000..486f63e
--- /dev/null
+++ b/secure/lib/libcrypto/man/BN_add_word.3
@@ -0,0 +1,184 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "BN_add_word 3"
+.TH BN_add_word 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+BN_add_word, BN_sub_word, BN_mul_word, BN_div_word, BN_mod_word \- arithmetic
+functions on BIGNUMs with integers
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/bn.h>
+\&
+\& int BN_add_word(BIGNUM *a, BN_ULONG w);
+\&
+\& int BN_sub_word(BIGNUM *a, BN_ULONG w);
+\&
+\& int BN_mul_word(BIGNUM *a, BN_ULONG w);
+\&
+\& BN_ULONG BN_div_word(BIGNUM *a, BN_ULONG w);
+\&
+\& BN_ULONG BN_mod_word(const BIGNUM *a, BN_ULONG w);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+These functions perform arithmetic operations on BIGNUMs with unsigned
+integers. They are much more efficient than the normal \s-1BIGNUM\s0
+arithmetic operations.
+.PP
+\&\fIBN_add_word()\fR adds \fBw\fR to \fBa\fR (\f(CW\*(C`a+=w\*(C'\fR).
+.PP
+\&\fIBN_sub_word()\fR subtracts \fBw\fR from \fBa\fR (\f(CW\*(C`a\-=w\*(C'\fR).
+.PP
+\&\fIBN_mul_word()\fR multiplies \fBa\fR and \fBw\fR (\f(CW\*(C`a*=w\*(C'\fR).
+.PP
+\&\fIBN_div_word()\fR divides \fBa\fR by \fBw\fR (\f(CW\*(C`a/=w\*(C'\fR) and returns the remainder.
+.PP
+\&\fIBN_mod_word()\fR returns the remainder of \fBa\fR divided by \fBw\fR (\f(CW\*(C`a%w\*(C'\fR).
+.PP
+For \fIBN_div_word()\fR and \fIBN_mod_word()\fR, \fBw\fR must not be 0.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+\&\fIBN_add_word()\fR, \fIBN_sub_word()\fR and \fIBN_mul_word()\fR return 1 for success, 0
+on error. The error codes can be obtained by \fIERR_get_error\fR\|(3).
+.PP
+\&\fIBN_mod_word()\fR and \fIBN_div_word()\fR return \fBa\fR%\fBw\fR on success and
+\&\fB(\s-1BN_ULONG\s0)\-1\fR if an error occurred.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIbn\fR\|(3), \fIERR_get_error\fR\|(3), \fIBN_add\fR\|(3)
+.SH "HISTORY"
+.IX Header "HISTORY"
+\&\fIBN_add_word()\fR and \fIBN_mod_word()\fR are available in all versions of
+SSLeay and OpenSSL. \fIBN_div_word()\fR was added in SSLeay 0.8, and
+\&\fIBN_sub_word()\fR and \fIBN_mul_word()\fR in SSLeay 0.9.0.
+.PP
+Before 0.9.8a the return value for \fIBN_div_word()\fR and \fIBN_mod_word()\fR
+in case of an error was 0.
diff --git a/secure/lib/libcrypto/man/BN_bn2bin.3 b/secure/lib/libcrypto/man/BN_bn2bin.3
new file mode 100644
index 0000000..fee9e6d
--- /dev/null
+++ b/secure/lib/libcrypto/man/BN_bn2bin.3
@@ -0,0 +1,218 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "BN_bn2bin 3"
+.TH BN_bn2bin 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+BN_bn2bin, BN_bin2bn, BN_bn2hex, BN_bn2dec, BN_hex2bn, BN_dec2bn,
+BN_print, BN_print_fp, BN_bn2mpi, BN_mpi2bn \- format conversions
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/bn.h>
+\&
+\& int BN_bn2bin(const BIGNUM *a, unsigned char *to);
+\& BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret);
+\&
+\& char *BN_bn2hex(const BIGNUM *a);
+\& char *BN_bn2dec(const BIGNUM *a);
+\& int BN_hex2bn(BIGNUM **a, const char *str);
+\& int BN_dec2bn(BIGNUM **a, const char *str);
+\&
+\& int BN_print(BIO *fp, const BIGNUM *a);
+\& int BN_print_fp(FILE *fp, const BIGNUM *a);
+\&
+\& int BN_bn2mpi(const BIGNUM *a, unsigned char *to);
+\& BIGNUM *BN_mpi2bn(unsigned char *s, int len, BIGNUM *ret);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\fIBN_bn2bin()\fR converts the absolute value of \fBa\fR into big-endian form
+and stores it at \fBto\fR. \fBto\fR must point to BN_num_bytes(\fBa\fR) bytes of
+memory.
+.PP
+\&\fIBN_bin2bn()\fR converts the positive integer in big-endian form of length
+\&\fBlen\fR at \fBs\fR into a \fB\s-1BIGNUM\s0\fR and places it in \fBret\fR. If \fBret\fR is
+\&\s-1NULL\s0, a new \fB\s-1BIGNUM\s0\fR is created.
+.PP
+\&\fIBN_bn2hex()\fR and \fIBN_bn2dec()\fR return printable strings containing the
+hexadecimal and decimal encoding of \fBa\fR respectively. For negative
+numbers, the string is prefaced with a leading '\-'. The string must be
+freed later using \fIOPENSSL_free()\fR.
+.PP
+\&\fIBN_hex2bn()\fR converts the string \fBstr\fR containing a hexadecimal number
+to a \fB\s-1BIGNUM\s0\fR and stores it in **\fBbn\fR. If *\fBbn\fR is \s-1NULL\s0, a new
+\&\fB\s-1BIGNUM\s0\fR is created. If \fBbn\fR is \s-1NULL\s0, it only computes the number's
+length in hexadecimal digits. If the string starts with '\-', the
+number is negative. \fIBN_dec2bn()\fR is the same using the decimal system.
+.PP
+\&\fIBN_print()\fR and \fIBN_print_fp()\fR write the hexadecimal encoding of \fBa\fR,
+with a leading '\-' for negative numbers, to the \fB\s-1BIO\s0\fR or \fB\s-1FILE\s0\fR
+\&\fBfp\fR.
+.PP
+\&\fIBN_bn2mpi()\fR and \fIBN_mpi2bn()\fR convert \fB\s-1BIGNUM\s0\fRs from and to a format
+that consists of the number's length in bytes represented as a 4\-byte
+big-endian number, and the number itself in big-endian format, where
+the most significant bit signals a negative number (the representation
+of numbers with the \s-1MSB\s0 set is prefixed with null byte).
+.PP
+\&\fIBN_bn2mpi()\fR stores the representation of \fBa\fR at \fBto\fR, where \fBto\fR
+must be large enough to hold the result. The size can be determined by
+calling BN_bn2mpi(\fBa\fR, \s-1NULL\s0).
+.PP
+\&\fIBN_mpi2bn()\fR converts the \fBlen\fR bytes long representation at \fBs\fR to
+a \fB\s-1BIGNUM\s0\fR and stores it at \fBret\fR, or in a newly allocated \fB\s-1BIGNUM\s0\fR
+if \fBret\fR is \s-1NULL\s0.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+\&\fIBN_bn2bin()\fR returns the length of the big-endian number placed at \fBto\fR.
+\&\fIBN_bin2bn()\fR returns the \fB\s-1BIGNUM\s0\fR, \s-1NULL\s0 on error.
+.PP
+\&\fIBN_bn2hex()\fR and \fIBN_bn2dec()\fR return a null-terminated string, or \s-1NULL\s0
+on error. \fIBN_hex2bn()\fR and \fIBN_dec2bn()\fR return the number's length in
+hexadecimal or decimal digits, and 0 on error.
+.PP
+\&\fIBN_print_fp()\fR and \fIBN_print()\fR return 1 on success, 0 on write errors.
+.PP
+\&\fIBN_bn2mpi()\fR returns the length of the representation. \fIBN_mpi2bn()\fR
+returns the \fB\s-1BIGNUM\s0\fR, and \s-1NULL\s0 on error.
+.PP
+The error codes can be obtained by \fIERR_get_error\fR\|(3).
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIbn\fR\|(3), \fIERR_get_error\fR\|(3), \fIBN_zero\fR\|(3),
+\&\fIASN1_INTEGER_to_BN\fR\|(3),
+\&\fIBN_num_bytes\fR\|(3)
+.SH "HISTORY"
+.IX Header "HISTORY"
+\&\fIBN_bn2bin()\fR, \fIBN_bin2bn()\fR, \fIBN_print_fp()\fR and \fIBN_print()\fR are available
+in all versions of SSLeay and OpenSSL.
+.PP
+\&\fIBN_bn2hex()\fR, \fIBN_bn2dec()\fR, \fIBN_hex2bn()\fR, \fIBN_dec2bn()\fR, \fIBN_bn2mpi()\fR and
+\&\fIBN_mpi2bn()\fR were added in SSLeay 0.9.0.
diff --git a/secure/lib/libcrypto/man/BN_cmp.3 b/secure/lib/libcrypto/man/BN_cmp.3
new file mode 100644
index 0000000..484e696
--- /dev/null
+++ b/secure/lib/libcrypto/man/BN_cmp.3
@@ -0,0 +1,171 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "BN_cmp 3"
+.TH BN_cmp 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+BN_cmp, BN_ucmp, BN_is_zero, BN_is_one, BN_is_word, BN_is_odd \- BIGNUM comparison and test functions
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/bn.h>
+\&
+\& int BN_cmp(BIGNUM *a, BIGNUM *b);
+\& int BN_ucmp(BIGNUM *a, BIGNUM *b);
+\&
+\& int BN_is_zero(BIGNUM *a);
+\& int BN_is_one(BIGNUM *a);
+\& int BN_is_word(BIGNUM *a, BN_ULONG w);
+\& int BN_is_odd(BIGNUM *a);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\fIBN_cmp()\fR compares the numbers \fBa\fR and \fBb\fR. \fIBN_ucmp()\fR compares their
+absolute values.
+.PP
+\&\fIBN_is_zero()\fR, \fIBN_is_one()\fR and \fIBN_is_word()\fR test if \fBa\fR equals 0, 1,
+or \fBw\fR respectively. \fIBN_is_odd()\fR tests if a is odd.
+.PP
+\&\fIBN_is_zero()\fR, \fIBN_is_one()\fR, \fIBN_is_word()\fR and \fIBN_is_odd()\fR are macros.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+\&\fIBN_cmp()\fR returns \-1 if \fBa\fR < \fBb\fR, 0 if \fBa\fR == \fBb\fR and 1 if
+\&\fBa\fR > \fBb\fR. \fIBN_ucmp()\fR is the same using the absolute values
+of \fBa\fR and \fBb\fR.
+.PP
+\&\fIBN_is_zero()\fR, \fIBN_is_one()\fR \fIBN_is_word()\fR and \fIBN_is_odd()\fR return 1 if
+the condition is true, 0 otherwise.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIbn\fR\|(3)
+.SH "HISTORY"
+.IX Header "HISTORY"
+\&\fIBN_cmp()\fR, \fIBN_ucmp()\fR, \fIBN_is_zero()\fR, \fIBN_is_one()\fR and \fIBN_is_word()\fR are
+available in all versions of SSLeay and OpenSSL.
+\&\fIBN_is_odd()\fR was added in SSLeay 0.8.
diff --git a/secure/lib/libcrypto/man/BN_copy.3 b/secure/lib/libcrypto/man/BN_copy.3
new file mode 100644
index 0000000..f9cd1c1
--- /dev/null
+++ b/secure/lib/libcrypto/man/BN_copy.3
@@ -0,0 +1,157 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "BN_copy 3"
+.TH BN_copy 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+BN_copy, BN_dup \- copy BIGNUMs
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/bn.h>
+\&
+\& BIGNUM *BN_copy(BIGNUM *to, const BIGNUM *from);
+\&
+\& BIGNUM *BN_dup(const BIGNUM *from);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\fIBN_copy()\fR copies \fBfrom\fR to \fBto\fR. \fIBN_dup()\fR creates a new \fB\s-1BIGNUM\s0\fR
+containing the value \fBfrom\fR.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+\&\fIBN_copy()\fR returns \fBto\fR on success, \s-1NULL\s0 on error. \fIBN_dup()\fR returns
+the new \fB\s-1BIGNUM\s0\fR, and \s-1NULL\s0 on error. The error codes can be obtained
+by \fIERR_get_error\fR\|(3).
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIbn\fR\|(3), \fIERR_get_error\fR\|(3)
+.SH "HISTORY"
+.IX Header "HISTORY"
+\&\fIBN_copy()\fR and \fIBN_dup()\fR are available in all versions of SSLeay and OpenSSL.
diff --git a/secure/lib/libcrypto/man/BN_generate_prime.3 b/secure/lib/libcrypto/man/BN_generate_prime.3
new file mode 100644
index 0000000..18a6d37
--- /dev/null
+++ b/secure/lib/libcrypto/man/BN_generate_prime.3
@@ -0,0 +1,215 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "BN_generate_prime 3"
+.TH BN_generate_prime 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+BN_generate_prime, BN_is_prime, BN_is_prime_fasttest \- generate primes and test for primality
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/bn.h>
+\&
+\& BIGNUM *BN_generate_prime(BIGNUM *ret, int num, int safe, BIGNUM *add,
+\& BIGNUM *rem, void (*callback)(int, int, void *), void *cb_arg);
+\&
+\& int BN_is_prime(const BIGNUM *a, int checks, void (*callback)(int, int,
+\& void *), BN_CTX *ctx, void *cb_arg);
+\&
+\& int BN_is_prime_fasttest(const BIGNUM *a, int checks,
+\& void (*callback)(int, int, void *), BN_CTX *ctx, void *cb_arg,
+\& int do_trial_division);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\fIBN_generate_prime()\fR generates a pseudo-random prime number of \fBnum\fR
+bits.
+If \fBret\fR is not \fB\s-1NULL\s0\fR, it will be used to store the number.
+.PP
+If \fBcallback\fR is not \fB\s-1NULL\s0\fR, it is called as follows:
+.IP "\(bu" 4
+\&\fBcallback(0, i, cb_arg)\fR is called after generating the i\-th
+potential prime number.
+.IP "\(bu" 4
+While the number is being tested for primality, \fBcallback(1, j,
+cb_arg)\fR is called as described below.
+.IP "\(bu" 4
+When a prime has been found, \fBcallback(2, i, cb_arg)\fR is called.
+.PP
+The prime may have to fulfill additional requirements for use in
+Diffie-Hellman key exchange:
+.PP
+If \fBadd\fR is not \fB\s-1NULL\s0\fR, the prime will fulfill the condition p % \fBadd\fR
+== \fBrem\fR (p % \fBadd\fR == 1 if \fBrem\fR == \fB\s-1NULL\s0\fR) in order to suit a given
+generator.
+.PP
+If \fBsafe\fR is true, it will be a safe prime (i.e. a prime p so
+that (p\-1)/2 is also prime).
+.PP
+The \s-1PRNG\s0 must be seeded prior to calling \fIBN_generate_prime()\fR.
+The prime number generation has a negligible error probability.
+.PP
+\&\fIBN_is_prime()\fR and \fIBN_is_prime_fasttest()\fR test if the number \fBa\fR is
+prime. The following tests are performed until one of them shows that
+\&\fBa\fR is composite; if \fBa\fR passes all these tests, it is considered
+prime.
+.PP
+\&\fIBN_is_prime_fasttest()\fR, when called with \fBdo_trial_division == 1\fR,
+first attempts trial division by a number of small primes;
+if no divisors are found by this test and \fBcallback\fR is not \fB\s-1NULL\s0\fR,
+\&\fBcallback(1, \-1, cb_arg)\fR is called.
+If \fBdo_trial_division == 0\fR, this test is skipped.
+.PP
+Both \fIBN_is_prime()\fR and \fIBN_is_prime_fasttest()\fR perform a Miller-Rabin
+probabilistic primality test with \fBchecks\fR iterations. If
+\&\fBchecks == BN_prime_checks\fR, a number of iterations is used that
+yields a false positive rate of at most 2^\-80 for random input.
+.PP
+If \fBcallback\fR is not \fB\s-1NULL\s0\fR, \fBcallback(1, j, cb_arg)\fR is called
+after the j\-th iteration (j = 0, 1, ...). \fBctx\fR is a
+pre-allocated \fB\s-1BN_CTX\s0\fR (to save the overhead of allocating and
+freeing the structure in a loop), or \fB\s-1NULL\s0\fR.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+\&\fIBN_generate_prime()\fR returns the prime number on success, \fB\s-1NULL\s0\fR otherwise.
+.PP
+\&\fIBN_is_prime()\fR returns 0 if the number is composite, 1 if it is
+prime with an error probability of less than 0.25^\fBchecks\fR, and
+\&\-1 on error.
+.PP
+The error codes can be obtained by \fIERR_get_error\fR\|(3).
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIbn\fR\|(3), \fIERR_get_error\fR\|(3), \fIrand\fR\|(3)
+.SH "HISTORY"
+.IX Header "HISTORY"
+The \fBcb_arg\fR arguments to \fIBN_generate_prime()\fR and to \fIBN_is_prime()\fR
+were added in SSLeay 0.9.0. The \fBret\fR argument to \fIBN_generate_prime()\fR
+was added in SSLeay 0.9.1.
+\&\fIBN_is_prime_fasttest()\fR was added in OpenSSL 0.9.5.
diff --git a/secure/lib/libcrypto/man/BN_mod_inverse.3 b/secure/lib/libcrypto/man/BN_mod_inverse.3
new file mode 100644
index 0000000..4a2e642
--- /dev/null
+++ b/secure/lib/libcrypto/man/BN_mod_inverse.3
@@ -0,0 +1,159 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "BN_mod_inverse 3"
+.TH BN_mod_inverse 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+BN_mod_inverse \- compute inverse modulo n
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/bn.h>
+\&
+\& BIGNUM *BN_mod_inverse(BIGNUM *r, BIGNUM *a, const BIGNUM *n,
+\& BN_CTX *ctx);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\fIBN_mod_inverse()\fR computes the inverse of \fBa\fR modulo \fBn\fR
+places the result in \fBr\fR (\f(CW\*(C`(a*r)%n==1\*(C'\fR). If \fBr\fR is \s-1NULL\s0,
+a new \fB\s-1BIGNUM\s0\fR is created.
+.PP
+\&\fBctx\fR is a previously allocated \fB\s-1BN_CTX\s0\fR used for temporary
+variables. \fBr\fR may be the same \fB\s-1BIGNUM\s0\fR as \fBa\fR or \fBn\fR.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+\&\fIBN_mod_inverse()\fR returns the \fB\s-1BIGNUM\s0\fR containing the inverse, and
+\&\s-1NULL\s0 on error. The error codes can be obtained by \fIERR_get_error\fR\|(3).
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIbn\fR\|(3), \fIERR_get_error\fR\|(3), \fIBN_add\fR\|(3)
+.SH "HISTORY"
+.IX Header "HISTORY"
+\&\fIBN_mod_inverse()\fR is available in all versions of SSLeay and OpenSSL.
diff --git a/secure/lib/libcrypto/man/BN_mod_mul_montgomery.3 b/secure/lib/libcrypto/man/BN_mod_mul_montgomery.3
new file mode 100644
index 0000000..90b7d5a
--- /dev/null
+++ b/secure/lib/libcrypto/man/BN_mod_mul_montgomery.3
@@ -0,0 +1,225 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "BN_mod_mul_montgomery 3"
+.TH BN_mod_mul_montgomery 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+BN_mod_mul_montgomery, BN_MONT_CTX_new, BN_MONT_CTX_init,
+BN_MONT_CTX_free, BN_MONT_CTX_set, BN_MONT_CTX_copy,
+BN_from_montgomery, BN_to_montgomery \- Montgomery multiplication
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/bn.h>
+\&
+\& BN_MONT_CTX *BN_MONT_CTX_new(void);
+\& void BN_MONT_CTX_init(BN_MONT_CTX *ctx);
+\& void BN_MONT_CTX_free(BN_MONT_CTX *mont);
+\&
+\& int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *m, BN_CTX *ctx);
+\& BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to, BN_MONT_CTX *from);
+\&
+\& int BN_mod_mul_montgomery(BIGNUM *r, BIGNUM *a, BIGNUM *b,
+\& BN_MONT_CTX *mont, BN_CTX *ctx);
+\&
+\& int BN_from_montgomery(BIGNUM *r, BIGNUM *a, BN_MONT_CTX *mont,
+\& BN_CTX *ctx);
+\&
+\& int BN_to_montgomery(BIGNUM *r, BIGNUM *a, BN_MONT_CTX *mont,
+\& BN_CTX *ctx);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+These functions implement Montgomery multiplication. They are used
+automatically when \fIBN_mod_exp\fR\|(3) is called with suitable input,
+but they may be useful when several operations are to be performed
+using the same modulus.
+.PP
+\&\fIBN_MONT_CTX_new()\fR allocates and initializes a \fB\s-1BN_MONT_CTX\s0\fR structure.
+\&\fIBN_MONT_CTX_init()\fR initializes an existing uninitialized \fB\s-1BN_MONT_CTX\s0\fR.
+.PP
+\&\fIBN_MONT_CTX_set()\fR sets up the \fImont\fR structure from the modulus \fIm\fR
+by precomputing its inverse and a value R.
+.PP
+\&\fIBN_MONT_CTX_copy()\fR copies the \fB\s-1BN_MONT_CTX\s0\fR \fIfrom\fR to \fIto\fR.
+.PP
+\&\fIBN_MONT_CTX_free()\fR frees the components of the \fB\s-1BN_MONT_CTX\s0\fR, and, if
+it was created by \fIBN_MONT_CTX_new()\fR, also the structure itself.
+.PP
+\&\fIBN_mod_mul_montgomery()\fR computes Mont(\fIa\fR,\fIb\fR):=\fIa\fR*\fIb\fR*R^\-1 and places
+the result in \fIr\fR.
+.PP
+\&\fIBN_from_montgomery()\fR performs the Montgomery reduction \fIr\fR = \fIa\fR*R^\-1.
+.PP
+\&\fIBN_to_montgomery()\fR computes Mont(\fIa\fR,R^2), i.e. \fIa\fR*R.
+Note that \fIa\fR must be non-negative and smaller than the modulus.
+.PP
+For all functions, \fIctx\fR is a previously allocated \fB\s-1BN_CTX\s0\fR used for
+temporary variables.
+.PP
+The \fB\s-1BN_MONT_CTX\s0\fR structure is defined as follows:
+.PP
+.Vb 10
+\& typedef struct bn_mont_ctx_st
+\& {
+\& int ri; /* number of bits in R */
+\& BIGNUM RR; /* R^2 (used to convert to Montgomery form) */
+\& BIGNUM N; /* The modulus */
+\& BIGNUM Ni; /* R*(1/R mod N) \- N*Ni = 1
+\& * (Ni is only stored for bignum algorithm) */
+\& BN_ULONG n0; /* least significant word of Ni */
+\& int flags;
+\& } BN_MONT_CTX;
+.Ve
+.PP
+\&\fIBN_to_montgomery()\fR is a macro.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+\&\fIBN_MONT_CTX_new()\fR returns the newly allocated \fB\s-1BN_MONT_CTX\s0\fR, and \s-1NULL\s0
+on error.
+.PP
+\&\fIBN_MONT_CTX_init()\fR and \fIBN_MONT_CTX_free()\fR have no return values.
+.PP
+For the other functions, 1 is returned for success, 0 on error.
+The error codes can be obtained by \fIERR_get_error\fR\|(3).
+.SH "WARNING"
+.IX Header "WARNING"
+The inputs must be reduced modulo \fBm\fR, otherwise the result will be
+outside the expected range.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIbn\fR\|(3), \fIERR_get_error\fR\|(3), \fIBN_add\fR\|(3),
+\&\fIBN_CTX_new\fR\|(3)
+.SH "HISTORY"
+.IX Header "HISTORY"
+\&\fIBN_MONT_CTX_new()\fR, \fIBN_MONT_CTX_free()\fR, \fIBN_MONT_CTX_set()\fR,
+\&\fIBN_mod_mul_montgomery()\fR, \fIBN_from_montgomery()\fR and \fIBN_to_montgomery()\fR
+are available in all versions of SSLeay and OpenSSL.
+.PP
+\&\fIBN_MONT_CTX_init()\fR and \fIBN_MONT_CTX_copy()\fR were added in SSLeay 0.9.1b.
diff --git a/secure/lib/libcrypto/man/BN_mod_mul_reciprocal.3 b/secure/lib/libcrypto/man/BN_mod_mul_reciprocal.3
new file mode 100644
index 0000000..d846d34
--- /dev/null
+++ b/secure/lib/libcrypto/man/BN_mod_mul_reciprocal.3
@@ -0,0 +1,206 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "BN_mod_mul_reciprocal 3"
+.TH BN_mod_mul_reciprocal 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+BN_mod_mul_reciprocal, BN_div_recp, BN_RECP_CTX_new, BN_RECP_CTX_init,
+BN_RECP_CTX_free, BN_RECP_CTX_set \- modular multiplication using
+reciprocal
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/bn.h>
+\&
+\& BN_RECP_CTX *BN_RECP_CTX_new(void);
+\& void BN_RECP_CTX_init(BN_RECP_CTX *recp);
+\& void BN_RECP_CTX_free(BN_RECP_CTX *recp);
+\&
+\& int BN_RECP_CTX_set(BN_RECP_CTX *recp, const BIGNUM *m, BN_CTX *ctx);
+\&
+\& int BN_div_recp(BIGNUM *dv, BIGNUM *rem, BIGNUM *a, BN_RECP_CTX *recp,
+\& BN_CTX *ctx);
+\&
+\& int BN_mod_mul_reciprocal(BIGNUM *r, BIGNUM *a, BIGNUM *b,
+\& BN_RECP_CTX *recp, BN_CTX *ctx);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\fIBN_mod_mul_reciprocal()\fR can be used to perform an efficient
+\&\fIBN_mod_mul\fR\|(3) operation when the operation will be performed
+repeatedly with the same modulus. It computes \fBr\fR=(\fBa\fR*\fBb\fR)%\fBm\fR
+using \fBrecp\fR=1/\fBm\fR, which is set as described below. \fBctx\fR is a
+previously allocated \fB\s-1BN_CTX\s0\fR used for temporary variables.
+.PP
+\&\fIBN_RECP_CTX_new()\fR allocates and initializes a \fB\s-1BN_RECP\s0\fR structure.
+\&\fIBN_RECP_CTX_init()\fR initializes an existing uninitialized \fB\s-1BN_RECP\s0\fR.
+.PP
+\&\fIBN_RECP_CTX_free()\fR frees the components of the \fB\s-1BN_RECP\s0\fR, and, if it
+was created by \fIBN_RECP_CTX_new()\fR, also the structure itself.
+.PP
+\&\fIBN_RECP_CTX_set()\fR stores \fBm\fR in \fBrecp\fR and sets it up for computing
+1/\fBm\fR and shifting it left by BN_num_bits(\fBm\fR)+1 to make it an
+integer. The result and the number of bits it was shifted left will
+later be stored in \fBrecp\fR.
+.PP
+\&\fIBN_div_recp()\fR divides \fBa\fR by \fBm\fR using \fBrecp\fR. It places the quotient
+in \fBdv\fR and the remainder in \fBrem\fR.
+.PP
+The \fB\s-1BN_RECP_CTX\s0\fR structure is defined as follows:
+.PP
+.Vb 8
+\& typedef struct bn_recp_ctx_st
+\& {
+\& BIGNUM N; /* the divisor */
+\& BIGNUM Nr; /* the reciprocal */
+\& int num_bits;
+\& int shift;
+\& int flags;
+\& } BN_RECP_CTX;
+.Ve
+.PP
+It cannot be shared between threads.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+\&\fIBN_RECP_CTX_new()\fR returns the newly allocated \fB\s-1BN_RECP_CTX\s0\fR, and \s-1NULL\s0
+on error.
+.PP
+\&\fIBN_RECP_CTX_init()\fR and \fIBN_RECP_CTX_free()\fR have no return values.
+.PP
+For the other functions, 1 is returned for success, 0 on error.
+The error codes can be obtained by \fIERR_get_error\fR\|(3).
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIbn\fR\|(3), \fIERR_get_error\fR\|(3), \fIBN_add\fR\|(3),
+\&\fIBN_CTX_new\fR\|(3)
+.SH "HISTORY"
+.IX Header "HISTORY"
+\&\fB\s-1BN_RECP_CTX\s0\fR was added in SSLeay 0.9.0. Before that, the function
+\&\fIBN_reciprocal()\fR was used instead, and the \fIBN_mod_mul_reciprocal()\fR
+arguments were different.
diff --git a/secure/lib/libcrypto/man/BN_new.3 b/secure/lib/libcrypto/man/BN_new.3
new file mode 100644
index 0000000..a6838d7
--- /dev/null
+++ b/secure/lib/libcrypto/man/BN_new.3
@@ -0,0 +1,176 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "BN_new 3"
+.TH BN_new 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+BN_new, BN_init, BN_clear, BN_free, BN_clear_free \- allocate and free BIGNUMs
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/bn.h>
+\&
+\& BIGNUM *BN_new(void);
+\&
+\& void BN_init(BIGNUM *);
+\&
+\& void BN_clear(BIGNUM *a);
+\&
+\& void BN_free(BIGNUM *a);
+\&
+\& void BN_clear_free(BIGNUM *a);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\fIBN_new()\fR allocates and initializes a \fB\s-1BIGNUM\s0\fR structure. \fIBN_init()\fR
+initializes an existing uninitialized \fB\s-1BIGNUM\s0\fR.
+.PP
+\&\fIBN_clear()\fR is used to destroy sensitive data such as keys when they
+are no longer needed. It erases the memory used by \fBa\fR and sets it
+to the value 0.
+.PP
+\&\fIBN_free()\fR frees the components of the \fB\s-1BIGNUM\s0\fR, and if it was created
+by \fIBN_new()\fR, also the structure itself. \fIBN_clear_free()\fR additionally
+overwrites the data before the memory is returned to the system.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+\&\fIBN_new()\fR returns a pointer to the \fB\s-1BIGNUM\s0\fR. If the allocation fails,
+it returns \fB\s-1NULL\s0\fR and sets an error code that can be obtained
+by \fIERR_get_error\fR\|(3).
+.PP
+\&\fIBN_init()\fR, \fIBN_clear()\fR, \fIBN_free()\fR and \fIBN_clear_free()\fR have no return
+values.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIbn\fR\|(3), \fIERR_get_error\fR\|(3)
+.SH "HISTORY"
+.IX Header "HISTORY"
+\&\fIBN_new()\fR, \fIBN_clear()\fR, \fIBN_free()\fR and \fIBN_clear_free()\fR are available in
+all versions on SSLeay and OpenSSL. \fIBN_init()\fR was added in SSLeay
+0.9.1b.
diff --git a/secure/lib/libcrypto/man/BN_num_bytes.3 b/secure/lib/libcrypto/man/BN_num_bytes.3
new file mode 100644
index 0000000..e820563
--- /dev/null
+++ b/secure/lib/libcrypto/man/BN_num_bytes.3
@@ -0,0 +1,179 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "BN_num_bytes 3"
+.TH BN_num_bytes 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+BN_num_bits, BN_num_bytes, BN_num_bits_word \- get BIGNUM size
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/bn.h>
+\&
+\& int BN_num_bytes(const BIGNUM *a);
+\&
+\& int BN_num_bits(const BIGNUM *a);
+\&
+\& int BN_num_bits_word(BN_ULONG w);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\fIBN_num_bytes()\fR returns the size of a \fB\s-1BIGNUM\s0\fR in bytes.
+.PP
+\&\fIBN_num_bits_word()\fR returns the number of significant bits in a word.
+If we take 0x00000432 as an example, it returns 11, not 16, not 32.
+Basically, except for a zero, it returns \fIfloor(log2(w))+1\fR.
+.PP
+\&\fIBN_num_bits()\fR returns the number of significant bits in a \fB\s-1BIGNUM\s0\fR,
+following the same principle as \fIBN_num_bits_word()\fR.
+.PP
+\&\fIBN_num_bytes()\fR is a macro.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+The size.
+.SH "NOTES"
+.IX Header "NOTES"
+Some have tried using \fIBN_num_bits()\fR on individual numbers in \s-1RSA\s0 keys,
+\&\s-1DH\s0 keys and \s-1DSA\s0 keys, and found that they don't always come up with
+the number of bits they expected (something like 512, 1024, 2048,
+\&...). This is because generating a number with some specific number
+of bits doesn't always set the highest bits, thereby making the number
+of \fIsignificant\fR bits a little lower. If you want to know the \*(L"key
+size\*(R" of such a key, either use functions like \fIRSA_size()\fR, \fIDH_size()\fR
+and \fIDSA_size()\fR, or use \fIBN_num_bytes()\fR and multiply with 8 (although
+there's no real guarantee that will match the \*(L"key size\*(R", just a lot
+more probability).
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIbn\fR\|(3), \fIDH_size\fR\|(3), \fIDSA_size\fR\|(3),
+\&\fIRSA_size\fR\|(3)
+.SH "HISTORY"
+.IX Header "HISTORY"
+\&\fIBN_num_bytes()\fR, \fIBN_num_bits()\fR and \fIBN_num_bits_word()\fR are available in
+all versions of SSLeay and OpenSSL.
diff --git a/secure/lib/libcrypto/man/BN_rand.3 b/secure/lib/libcrypto/man/BN_rand.3
new file mode 100644
index 0000000..7203182
--- /dev/null
+++ b/secure/lib/libcrypto/man/BN_rand.3
@@ -0,0 +1,181 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "BN_rand 3"
+.TH BN_rand 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+BN_rand, BN_pseudo_rand \- generate pseudo\-random number
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/bn.h>
+\&
+\& int BN_rand(BIGNUM *rnd, int bits, int top, int bottom);
+\&
+\& int BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom);
+\&
+\& int BN_rand_range(BIGNUM *rnd, BIGNUM *range);
+\&
+\& int BN_pseudo_rand_range(BIGNUM *rnd, BIGNUM *range);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\fIBN_rand()\fR generates a cryptographically strong pseudo-random number of
+\&\fBbits\fR bits in length and stores it in \fBrnd\fR. If \fBtop\fR is \-1, the
+most significant bit of the random number can be zero. If \fBtop\fR is 0,
+it is set to 1, and if \fBtop\fR is 1, the two most significant bits of
+the number will be set to 1, so that the product of two such random
+numbers will always have 2*\fBbits\fR length. If \fBbottom\fR is true, the
+number will be odd.
+.PP
+\&\fIBN_pseudo_rand()\fR does the same, but pseudo-random numbers generated by
+this function are not necessarily unpredictable. They can be used for
+non-cryptographic purposes and for certain purposes in cryptographic
+protocols, but usually not for key generation etc.
+.PP
+\&\fIBN_rand_range()\fR generates a cryptographically strong pseudo-random
+number \fBrnd\fR in the range 0 <lt>= \fBrnd\fR < \fBrange\fR.
+\&\fIBN_pseudo_rand_range()\fR does the same, but is based on \fIBN_pseudo_rand()\fR,
+and hence numbers generated by it are not necessarily unpredictable.
+.PP
+The \s-1PRNG\s0 must be seeded prior to calling \fIBN_rand()\fR or \fIBN_rand_range()\fR.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+The functions return 1 on success, 0 on error.
+The error codes can be obtained by \fIERR_get_error\fR\|(3).
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIbn\fR\|(3), \fIERR_get_error\fR\|(3), \fIrand\fR\|(3),
+\&\fIRAND_add\fR\|(3), \fIRAND_bytes\fR\|(3)
+.SH "HISTORY"
+.IX Header "HISTORY"
+\&\fIBN_rand()\fR is available in all versions of SSLeay and OpenSSL.
+\&\fIBN_pseudo_rand()\fR was added in OpenSSL 0.9.5. The \fBtop\fR == \-1 case
+and the function \fIBN_rand_range()\fR were added in OpenSSL 0.9.6a.
+\&\fIBN_pseudo_rand_range()\fR was added in OpenSSL 0.9.6c.
diff --git a/secure/lib/libcrypto/man/BN_set_bit.3 b/secure/lib/libcrypto/man/BN_set_bit.3
new file mode 100644
index 0000000..a68db1f
--- /dev/null
+++ b/secure/lib/libcrypto/man/BN_set_bit.3
@@ -0,0 +1,189 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "BN_set_bit 3"
+.TH BN_set_bit 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+BN_set_bit, BN_clear_bit, BN_is_bit_set, BN_mask_bits, BN_lshift,
+BN_lshift1, BN_rshift, BN_rshift1 \- bit operations on BIGNUMs
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/bn.h>
+\&
+\& int BN_set_bit(BIGNUM *a, int n);
+\& int BN_clear_bit(BIGNUM *a, int n);
+\&
+\& int BN_is_bit_set(const BIGNUM *a, int n);
+\&
+\& int BN_mask_bits(BIGNUM *a, int n);
+\&
+\& int BN_lshift(BIGNUM *r, const BIGNUM *a, int n);
+\& int BN_lshift1(BIGNUM *r, BIGNUM *a);
+\&
+\& int BN_rshift(BIGNUM *r, BIGNUM *a, int n);
+\& int BN_rshift1(BIGNUM *r, BIGNUM *a);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\fIBN_set_bit()\fR sets bit \fBn\fR in \fBa\fR to 1 (\f(CW\*(C`a|=(1<<n)\*(C'\fR). The
+number is expanded if necessary.
+.PP
+\&\fIBN_clear_bit()\fR sets bit \fBn\fR in \fBa\fR to 0 (\f(CW\*(C`a&=~(1<<n)\*(C'\fR). An
+error occurs if \fBa\fR is shorter than \fBn\fR bits.
+.PP
+\&\fIBN_is_bit_set()\fR tests if bit \fBn\fR in \fBa\fR is set.
+.PP
+\&\fIBN_mask_bits()\fR truncates \fBa\fR to an \fBn\fR bit number
+(\f(CW\*(C`a&=~((~0)>>n)\*(C'\fR). An error occurs if \fBa\fR already is
+shorter than \fBn\fR bits.
+.PP
+\&\fIBN_lshift()\fR shifts \fBa\fR left by \fBn\fR bits and places the result in
+\&\fBr\fR (\f(CW\*(C`r=a*2^n\*(C'\fR). \fIBN_lshift1()\fR shifts \fBa\fR left by one and places
+the result in \fBr\fR (\f(CW\*(C`r=2*a\*(C'\fR).
+.PP
+\&\fIBN_rshift()\fR shifts \fBa\fR right by \fBn\fR bits and places the result in
+\&\fBr\fR (\f(CW\*(C`r=a/2^n\*(C'\fR). \fIBN_rshift1()\fR shifts \fBa\fR right by one and places
+the result in \fBr\fR (\f(CW\*(C`r=a/2\*(C'\fR).
+.PP
+For the shift functions, \fBr\fR and \fBa\fR may be the same variable.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+\&\fIBN_is_bit_set()\fR returns 1 if the bit is set, 0 otherwise.
+.PP
+All other functions return 1 for success, 0 on error. The error codes
+can be obtained by \fIERR_get_error\fR\|(3).
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIbn\fR\|(3), \fIBN_num_bytes\fR\|(3), \fIBN_add\fR\|(3)
+.SH "HISTORY"
+.IX Header "HISTORY"
+\&\fIBN_set_bit()\fR, \fIBN_clear_bit()\fR, \fIBN_is_bit_set()\fR, \fIBN_mask_bits()\fR,
+\&\fIBN_lshift()\fR, \fIBN_lshift1()\fR, \fIBN_rshift()\fR, and \fIBN_rshift1()\fR are available
+in all versions of SSLeay and OpenSSL.
diff --git a/secure/lib/libcrypto/man/BN_swap.3 b/secure/lib/libcrypto/man/BN_swap.3
new file mode 100644
index 0000000..eac8113
--- /dev/null
+++ b/secure/lib/libcrypto/man/BN_swap.3
@@ -0,0 +1,148 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "BN_swap 3"
+.TH BN_swap 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+BN_swap \- exchange BIGNUMs
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/bn.h>
+\&
+\& void BN_swap(BIGNUM *a, BIGNUM *b);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\fIBN_swap()\fR exchanges the values of \fIa\fR and \fIb\fR.
+.PP
+\&\fIbn\fR\|(3)
+.SH "HISTORY"
+.IX Header "HISTORY"
+BN_swap was added in OpenSSL 0.9.7.
diff --git a/secure/lib/libcrypto/man/BN_zero.3 b/secure/lib/libcrypto/man/BN_zero.3
new file mode 100644
index 0000000..d07fc2f
--- /dev/null
+++ b/secure/lib/libcrypto/man/BN_zero.3
@@ -0,0 +1,181 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "BN_zero 3"
+.TH BN_zero 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+BN_zero, BN_one, BN_value_one, BN_set_word, BN_get_word \- BIGNUM assignment
+operations
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/bn.h>
+\&
+\& int BN_zero(BIGNUM *a);
+\& int BN_one(BIGNUM *a);
+\&
+\& const BIGNUM *BN_value_one(void);
+\&
+\& int BN_set_word(BIGNUM *a, unsigned long w);
+\& unsigned long BN_get_word(BIGNUM *a);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\fIBN_zero()\fR, \fIBN_one()\fR and \fIBN_set_word()\fR set \fBa\fR to the values 0, 1 and
+\&\fBw\fR respectively. \fIBN_zero()\fR and \fIBN_one()\fR are macros.
+.PP
+\&\fIBN_value_one()\fR returns a \fB\s-1BIGNUM\s0\fR constant of value 1. This constant
+is useful for use in comparisons and assignment.
+.PP
+\&\fIBN_get_word()\fR returns \fBa\fR, if it can be represented as an unsigned
+long.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+\&\fIBN_get_word()\fR returns the value \fBa\fR, and 0xffffffffL if \fBa\fR cannot
+be represented as an unsigned long.
+.PP
+\&\fIBN_zero()\fR, \fIBN_one()\fR and \fIBN_set_word()\fR return 1 on success, 0 otherwise.
+\&\fIBN_value_one()\fR returns the constant.
+.SH "BUGS"
+.IX Header "BUGS"
+Someone might change the constant.
+.PP
+If a \fB\s-1BIGNUM\s0\fR is equal to 0xffffffffL it can be represented as an
+unsigned long but this value is also returned on error.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIbn\fR\|(3), \fIBN_bn2bin\fR\|(3)
+.SH "HISTORY"
+.IX Header "HISTORY"
+\&\fIBN_zero()\fR, \fIBN_one()\fR and \fIBN_set_word()\fR are available in all versions of
+SSLeay and OpenSSL. \fIBN_value_one()\fR and \fIBN_get_word()\fR were added in
+SSLeay 0.8.
+.PP
+\&\fIBN_value_one()\fR was changed to return a true const \s-1BIGNUM\s0 * in OpenSSL
+0.9.7.
diff --git a/secure/lib/libcrypto/man/CONF_modules_free.3 b/secure/lib/libcrypto/man/CONF_modules_free.3
new file mode 100644
index 0000000..9fd6d03
--- /dev/null
+++ b/secure/lib/libcrypto/man/CONF_modules_free.3
@@ -0,0 +1,171 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "CONF_modules_free 3"
+.TH CONF_modules_free 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+.Vb 2
+\& CONF_modules_free, CONF_modules_finish, CONF_modules_unload \-
+\& OpenSSL configuration cleanup functions
+.Ve
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/conf.h>
+\&
+\& void CONF_modules_free(void);
+\& void CONF_modules_finish(void);
+\& void CONF_modules_unload(int all);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\fICONF_modules_free()\fR closes down and frees up all memory allocated by all
+configuration modules.
+.PP
+\&\fICONF_modules_finish()\fR calls each configuration modules \fBfinish\fR handler
+to free up any configuration that module may have performed.
+.PP
+\&\fICONF_modules_unload()\fR finishes and unloads configuration modules. If
+\&\fBall\fR is set to \fB0\fR only modules loaded from DSOs will be unloads. If
+\&\fBall\fR is \fB1\fR all modules, including builtin modules will be unloaded.
+.SH "NOTES"
+.IX Header "NOTES"
+Normally applications will only call \fICONF_modules_free()\fR at application to
+tidy up any configuration performed.
+.SH "RETURN VALUE"
+.IX Header "RETURN VALUE"
+None of the functions return a value.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIconf\fR\|(5), \fIOPENSSL_config\fR\|(3),
+\&\*(L"\fICONF_modules_load_file\fR\|(3), \fICONF_modules_load_file\fR\|(3)\*(R"
+.SH "HISTORY"
+.IX Header "HISTORY"
+\&\fICONF_modules_free()\fR, \fICONF_modules_unload()\fR, and \fICONF_modules_finish()\fR
+first appeared in OpenSSL 0.9.7.
diff --git a/secure/lib/libcrypto/man/CONF_modules_load_file.3 b/secure/lib/libcrypto/man/CONF_modules_load_file.3
new file mode 100644
index 0000000..b7e6064
--- /dev/null
+++ b/secure/lib/libcrypto/man/CONF_modules_load_file.3
@@ -0,0 +1,184 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "CONF_modules_load_file 3"
+.TH CONF_modules_load_file 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+.Vb 1
+\& CONF_modules_load_file, CONF_modules_load \- OpenSSL configuration functions
+.Ve
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/conf.h>
+\&
+\& int CONF_modules_load_file(const char *filename, const char *appname,
+\& unsigned long flags);
+\& int CONF_modules_load(const CONF *cnf, const char *appname,
+\& unsigned long flags);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+The function \fICONF_modules_load_file()\fR configures OpenSSL using file
+\&\fBfilename\fR and application name \fBappname\fR. If \fBfilename\fR is \s-1NULL\s0
+the standard OpenSSL configuration file is used. If \fBappname\fR is
+\&\s-1NULL\s0 the standard OpenSSL application name \fBopenssl_conf\fR is used.
+The behaviour can be cutomized using \fBflags\fR.
+.PP
+\&\fICONF_modules_load()\fR is idential to \fICONF_modules_load_file()\fR except it
+read configuration information from \fBcnf\fR.
+.SH "NOTES"
+.IX Header "NOTES"
+The following \fBflags\fR are currently recognized:
+.PP
+\&\fB\s-1CONF_MFLAGS_IGNORE_ERRORS\s0\fR if set errors returned by individual
+configuration modules are ignored. If not set the first module error is
+considered fatal and no further modules are loads.
+.PP
+Normally any modules errors will add error information to the error queue. If
+\&\fB\s-1CONF_MFLAGS_SILENT\s0\fR is set no error information is added.
+.PP
+If \fB\s-1CONF_MFLAGS_NO_DSO\s0\fR is set configuration module loading from DSOs is
+disabled.
+.PP
+\&\fB\s-1CONF_MFLAGS_IGNORE_MISSING_FILE\s0\fR if set will make \fICONF_load_modules_file()\fR
+ignore missing configuration files. Normally a missing configuration file
+return an error.
+.SH "RETURN VALUE"
+.IX Header "RETURN VALUE"
+These functions return 1 for success and a zero or negative value for
+failure. If module errors are not ignored the return code will reflect the
+return value of the failing module (this will always be zero or negative).
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIconf\fR\|(5), \fIOPENSSL_config\fR\|(3),
+\&\*(L"\fICONF_free\fR\|(3), \fICONF_free\fR\|(3)\*(R", \fIerr\fR\|(3),\fIerr\fR\|(3)
+.SH "HISTORY"
+.IX Header "HISTORY"
+CONF_modules_load_file and CONF_modules_load first appeared in OpenSSL 0.9.7.
diff --git a/secure/lib/libcrypto/man/CRYPTO_set_ex_data.3 b/secure/lib/libcrypto/man/CRYPTO_set_ex_data.3
new file mode 100644
index 0000000..955b949
--- /dev/null
+++ b/secure/lib/libcrypto/man/CRYPTO_set_ex_data.3
@@ -0,0 +1,176 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "CRYPTO_set_ex_data 3"
+.TH CRYPTO_set_ex_data 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+CRYPTO_set_ex_data, CRYPTO_get_ex_data \- internal application specific data functions
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/crypto.h>
+\&
+\& int CRYPTO_set_ex_data(CRYPTO_EX_DATA *r, int idx, void *arg);
+\&
+\& void *CRYPTO_get_ex_data(CRYPTO_EX_DATA *r, int idx);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+Several OpenSSL structures can have application specific data attached to them.
+These functions are used internally by OpenSSL to manipulate application
+specific data attached to a specific structure.
+.PP
+These functions should only be used by applications to manipulate
+\&\fB\s-1CRYPTO_EX_DATA\s0\fR structures passed to the \fB\f(BInew_func()\fB\fR, \fB\f(BIfree_func()\fB\fR and
+\&\fB\f(BIdup_func()\fB\fR callbacks: as passed to \fB\f(BIRSA_get_ex_new_index()\fB\fR for example.
+.PP
+\&\fB\f(BICRYPTO_set_ex_data()\fB\fR is used to set application specific data, the data is
+supplied in the \fBarg\fR parameter and its precise meaning is up to the
+application.
+.PP
+\&\fB\f(BICRYPTO_get_ex_data()\fB\fR is used to retrieve application specific data. The data
+is returned to the application, this will be the same value as supplied to
+a previous \fB\f(BICRYPTO_set_ex_data()\fB\fR call.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+\&\fB\f(BICRYPTO_set_ex_data()\fB\fR returns 1 on success or 0 on failure.
+.PP
+\&\fB\f(BICRYPTO_get_ex_data()\fB\fR returns the application data or 0 on failure. 0 may also
+be valid application data but currently it can only fail if given an invalid \fBidx\fR
+parameter.
+.PP
+On failure an error code can be obtained from \fIERR_get_error\fR\|(3).
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIRSA_get_ex_new_index\fR\|(3),
+\&\fIDSA_get_ex_new_index\fR\|(3),
+\&\fIDH_get_ex_new_index\fR\|(3)
+.SH "HISTORY"
+.IX Header "HISTORY"
+\&\fICRYPTO_set_ex_data()\fR and \fICRYPTO_get_ex_data()\fR have been available since SSLeay 0.9.0.
diff --git a/secure/lib/libcrypto/man/DH_generate_key.3 b/secure/lib/libcrypto/man/DH_generate_key.3
new file mode 100644
index 0000000..cff5300
--- /dev/null
+++ b/secure/lib/libcrypto/man/DH_generate_key.3
@@ -0,0 +1,173 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "DH_generate_key 3"
+.TH DH_generate_key 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+DH_generate_key, DH_compute_key \- perform Diffie\-Hellman key exchange
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/dh.h>
+\&
+\& int DH_generate_key(DH *dh);
+\&
+\& int DH_compute_key(unsigned char *key, BIGNUM *pub_key, DH *dh);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\fIDH_generate_key()\fR performs the first step of a Diffie-Hellman key
+exchange by generating private and public \s-1DH\s0 values. By calling
+\&\fIDH_compute_key()\fR, these are combined with the other party's public
+value to compute the shared key.
+.PP
+\&\fIDH_generate_key()\fR expects \fBdh\fR to contain the shared parameters
+\&\fBdh\->p\fR and \fBdh\->g\fR. It generates a random private \s-1DH\s0 value
+unless \fBdh\->priv_key\fR is already set, and computes the
+corresponding public value \fBdh\->pub_key\fR, which can then be
+published.
+.PP
+\&\fIDH_compute_key()\fR computes the shared secret from the private \s-1DH\s0 value
+in \fBdh\fR and the other party's public value in \fBpub_key\fR and stores
+it in \fBkey\fR. \fBkey\fR must point to \fBDH_size(dh)\fR bytes of memory.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+\&\fIDH_generate_key()\fR returns 1 on success, 0 otherwise.
+.PP
+\&\fIDH_compute_key()\fR returns the size of the shared secret on success, \-1
+on error.
+.PP
+The error codes can be obtained by \fIERR_get_error\fR\|(3).
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIdh\fR\|(3), \fIERR_get_error\fR\|(3), \fIrand\fR\|(3), \fIDH_size\fR\|(3)
+.SH "HISTORY"
+.IX Header "HISTORY"
+\&\fIDH_generate_key()\fR and \fIDH_compute_key()\fR are available in all versions
+of SSLeay and OpenSSL.
diff --git a/secure/lib/libcrypto/man/DH_generate_parameters.3 b/secure/lib/libcrypto/man/DH_generate_parameters.3
new file mode 100644
index 0000000..374c05f
--- /dev/null
+++ b/secure/lib/libcrypto/man/DH_generate_parameters.3
@@ -0,0 +1,194 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "DH_generate_parameters 3"
+.TH DH_generate_parameters 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+DH_generate_parameters, DH_check \- generate and check Diffie\-Hellman parameters
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/dh.h>
+\&
+\& DH *DH_generate_parameters(int prime_len, int generator,
+\& void (*callback)(int, int, void *), void *cb_arg);
+\&
+\& int DH_check(DH *dh, int *codes);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\fIDH_generate_parameters()\fR generates Diffie-Hellman parameters that can
+be shared among a group of users, and returns them in a newly
+allocated \fB\s-1DH\s0\fR structure. The pseudo-random number generator must be
+seeded prior to calling \fIDH_generate_parameters()\fR.
+.PP
+\&\fBprime_len\fR is the length in bits of the safe prime to be generated.
+\&\fBgenerator\fR is a small number > 1, typically 2 or 5.
+.PP
+A callback function may be used to provide feedback about the progress
+of the key generation. If \fBcallback\fR is not \fB\s-1NULL\s0\fR, it will be
+called as described in \fIBN_generate_prime\fR\|(3) while a random prime
+number is generated, and when a prime has been found, \fBcallback(3,
+0, cb_arg)\fR is called.
+.PP
+\&\fIDH_check()\fR validates Diffie-Hellman parameters. It checks that \fBp\fR is
+a safe prime, and that \fBg\fR is a suitable generator. In the case of an
+error, the bit flags \s-1DH_CHECK_P_NOT_SAFE_PRIME\s0 or
+\&\s-1DH_NOT_SUITABLE_GENERATOR\s0 are set in \fB*codes\fR.
+\&\s-1DH_UNABLE_TO_CHECK_GENERATOR\s0 is set if the generator cannot be
+checked, i.e. it does not equal 2 or 5.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+\&\fIDH_generate_parameters()\fR returns a pointer to the \s-1DH\s0 structure, or
+\&\s-1NULL\s0 if the parameter generation fails. The error codes can be
+obtained by \fIERR_get_error\fR\|(3).
+.PP
+\&\fIDH_check()\fR returns 1 if the check could be performed, 0 otherwise.
+.SH "NOTES"
+.IX Header "NOTES"
+\&\fIDH_generate_parameters()\fR may run for several hours before finding a
+suitable prime.
+.PP
+The parameters generated by \fIDH_generate_parameters()\fR are not to be
+used in signature schemes.
+.SH "BUGS"
+.IX Header "BUGS"
+If \fBgenerator\fR is not 2 or 5, \fBdh\->g\fR=\fBgenerator\fR is not
+a usable generator.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIdh\fR\|(3), \fIERR_get_error\fR\|(3), \fIrand\fR\|(3),
+\&\fIDH_free\fR\|(3)
+.SH "HISTORY"
+.IX Header "HISTORY"
+\&\fIDH_check()\fR is available in all versions of SSLeay and OpenSSL.
+The \fBcb_arg\fR argument to \fIDH_generate_parameters()\fR was added in SSLeay 0.9.0.
+.PP
+In versions before OpenSSL 0.9.5, \s-1DH_CHECK_P_NOT_STRONG_PRIME\s0 is used
+instead of \s-1DH_CHECK_P_NOT_SAFE_PRIME\s0.
diff --git a/secure/lib/libcrypto/man/DH_get_ex_new_index.3 b/secure/lib/libcrypto/man/DH_get_ex_new_index.3
new file mode 100644
index 0000000..e74c6ce
--- /dev/null
+++ b/secure/lib/libcrypto/man/DH_get_ex_new_index.3
@@ -0,0 +1,160 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "DH_get_ex_new_index 3"
+.TH DH_get_ex_new_index 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+DH_get_ex_new_index, DH_set_ex_data, DH_get_ex_data \- add application specific data to DH structures
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/dh.h>
+\&
+\& int DH_get_ex_new_index(long argl, void *argp,
+\& CRYPTO_EX_new *new_func,
+\& CRYPTO_EX_dup *dup_func,
+\& CRYPTO_EX_free *free_func);
+\&
+\& int DH_set_ex_data(DH *d, int idx, void *arg);
+\&
+\& char *DH_get_ex_data(DH *d, int idx);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+These functions handle application specific data in \s-1DH\s0
+structures. Their usage is identical to that of
+\&\fIRSA_get_ex_new_index()\fR, \fIRSA_set_ex_data()\fR and \fIRSA_get_ex_data()\fR
+as described in \fIRSA_get_ex_new_index\fR\|(3).
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIRSA_get_ex_new_index\fR\|(3), \fIdh\fR\|(3)
+.SH "HISTORY"
+.IX Header "HISTORY"
+\&\fIDH_get_ex_new_index()\fR, \fIDH_set_ex_data()\fR and \fIDH_get_ex_data()\fR are
+available since OpenSSL 0.9.5.
diff --git a/secure/lib/libcrypto/man/DH_new.3 b/secure/lib/libcrypto/man/DH_new.3
new file mode 100644
index 0000000..e169713
--- /dev/null
+++ b/secure/lib/libcrypto/man/DH_new.3
@@ -0,0 +1,163 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "DH_new 3"
+.TH DH_new 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+DH_new, DH_free \- allocate and free DH objects
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/dh.h>
+\&
+\& DH* DH_new(void);
+\&
+\& void DH_free(DH *dh);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\fIDH_new()\fR allocates and initializes a \fB\s-1DH\s0\fR structure.
+.PP
+\&\fIDH_free()\fR frees the \fB\s-1DH\s0\fR structure and its components. The values are
+erased before the memory is returned to the system.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+If the allocation fails, \fIDH_new()\fR returns \fB\s-1NULL\s0\fR and sets an error
+code that can be obtained by \fIERR_get_error\fR\|(3). Otherwise it returns
+a pointer to the newly allocated structure.
+.PP
+\&\fIDH_free()\fR returns no value.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIdh\fR\|(3), \fIERR_get_error\fR\|(3),
+\&\fIDH_generate_parameters\fR\|(3),
+\&\fIDH_generate_key\fR\|(3)
+.SH "HISTORY"
+.IX Header "HISTORY"
+\&\fIDH_new()\fR and \fIDH_free()\fR are available in all versions of SSLeay and OpenSSL.
diff --git a/secure/lib/libcrypto/man/DH_set_method.3 b/secure/lib/libcrypto/man/DH_set_method.3
new file mode 100644
index 0000000..c5bf32c
--- /dev/null
+++ b/secure/lib/libcrypto/man/DH_set_method.3
@@ -0,0 +1,252 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "DH_set_method 3"
+.TH DH_set_method 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+DH_set_default_method, DH_get_default_method,
+DH_set_method, DH_new_method, DH_OpenSSL \- select DH method
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 2
+\& #include <openssl/dh.h>
+\& #include <openssl/engine.h>
+\&
+\& void DH_set_default_method(const DH_METHOD *meth);
+\&
+\& const DH_METHOD *DH_get_default_method(void);
+\&
+\& int DH_set_method(DH *dh, const DH_METHOD *meth);
+\&
+\& DH *DH_new_method(ENGINE *engine);
+\&
+\& const DH_METHOD *DH_OpenSSL(void);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+A \fB\s-1DH_METHOD\s0\fR specifies the functions that OpenSSL uses for Diffie-Hellman
+operations. By modifying the method, alternative implementations
+such as hardware accelerators may be used. \s-1IMPORTANT:\s0 See the \s-1NOTES\s0 section for
+important information about how these \s-1DH\s0 \s-1API\s0 functions are affected by the use
+of \fB\s-1ENGINE\s0\fR \s-1API\s0 calls.
+.PP
+Initially, the default \s-1DH_METHOD\s0 is the OpenSSL internal implementation, as
+returned by \fIDH_OpenSSL()\fR.
+.PP
+\&\fIDH_set_default_method()\fR makes \fBmeth\fR the default method for all \s-1DH\s0
+structures created later. \fB\s-1NB\s0\fR: This is true only whilst no \s-1ENGINE\s0 has been set
+as a default for \s-1DH\s0, so this function is no longer recommended.
+.PP
+\&\fIDH_get_default_method()\fR returns a pointer to the current default \s-1DH_METHOD\s0.
+However, the meaningfulness of this result is dependent on whether the \s-1ENGINE\s0
+\&\s-1API\s0 is being used, so this function is no longer recommended.
+.PP
+\&\fIDH_set_method()\fR selects \fBmeth\fR to perform all operations using the key \fBdh\fR.
+This will replace the \s-1DH_METHOD\s0 used by the \s-1DH\s0 key and if the previous method
+was supplied by an \s-1ENGINE\s0, the handle to that \s-1ENGINE\s0 will be released during the
+change. It is possible to have \s-1DH\s0 keys that only work with certain \s-1DH_METHOD\s0
+implementations (eg. from an \s-1ENGINE\s0 module that supports embedded
+hardware-protected keys), and in such cases attempting to change the \s-1DH_METHOD\s0
+for the key can have unexpected results.
+.PP
+\&\fIDH_new_method()\fR allocates and initializes a \s-1DH\s0 structure so that \fBengine\fR will
+be used for the \s-1DH\s0 operations. If \fBengine\fR is \s-1NULL\s0, the default \s-1ENGINE\s0 for \s-1DH\s0
+operations is used, and if no default \s-1ENGINE\s0 is set, the \s-1DH_METHOD\s0 controlled by
+\&\fIDH_set_default_method()\fR is used.
+.SH "THE DH_METHOD STRUCTURE"
+.IX Header "THE DH_METHOD STRUCTURE"
+.Vb 4
+\& typedef struct dh_meth_st
+\& {
+\& /* name of the implementation */
+\& const char *name;
+\&
+\& /* generate private and public DH values for key agreement */
+\& int (*generate_key)(DH *dh);
+\&
+\& /* compute shared secret */
+\& int (*compute_key)(unsigned char *key, BIGNUM *pub_key, DH *dh);
+\&
+\& /* compute r = a ^ p mod m (May be NULL for some implementations) */
+\& int (*bn_mod_exp)(DH *dh, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
+\& const BIGNUM *m, BN_CTX *ctx,
+\& BN_MONT_CTX *m_ctx);
+\&
+\& /* called at DH_new */
+\& int (*init)(DH *dh);
+\&
+\& /* called at DH_free */
+\& int (*finish)(DH *dh);
+\&
+\& int flags;
+\&
+\& char *app_data; /* ?? */
+\&
+\& } DH_METHOD;
+.Ve
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+\&\fIDH_OpenSSL()\fR and \fIDH_get_default_method()\fR return pointers to the respective
+\&\fB\s-1DH_METHOD\s0\fRs.
+.PP
+\&\fIDH_set_default_method()\fR returns no value.
+.PP
+\&\fIDH_set_method()\fR returns non-zero if the provided \fBmeth\fR was successfully set as
+the method for \fBdh\fR (including unloading the \s-1ENGINE\s0 handle if the previous
+method was supplied by an \s-1ENGINE\s0).
+.PP
+\&\fIDH_new_method()\fR returns \s-1NULL\s0 and sets an error code that can be obtained by
+\&\fIERR_get_error\fR\|(3) if the allocation fails. Otherwise it
+returns a pointer to the newly allocated structure.
+.SH "NOTES"
+.IX Header "NOTES"
+As of version 0.9.7, \s-1DH_METHOD\s0 implementations are grouped together with other
+algorithmic APIs (eg. \s-1RSA_METHOD\s0, \s-1EVP_CIPHER\s0, etc) in \fB\s-1ENGINE\s0\fR modules. If a
+default \s-1ENGINE\s0 is specified for \s-1DH\s0 functionality using an \s-1ENGINE\s0 \s-1API\s0 function,
+that will override any \s-1DH\s0 defaults set using the \s-1DH\s0 \s-1API\s0 (ie.
+\&\fIDH_set_default_method()\fR). For this reason, the \s-1ENGINE\s0 \s-1API\s0 is the recommended way
+to control default implementations for use in \s-1DH\s0 and other cryptographic
+algorithms.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIdh\fR\|(3), \fIDH_new\fR\|(3)
+.SH "HISTORY"
+.IX Header "HISTORY"
+\&\fIDH_set_default_method()\fR, \fIDH_get_default_method()\fR, \fIDH_set_method()\fR,
+\&\fIDH_new_method()\fR and \fIDH_OpenSSL()\fR were added in OpenSSL 0.9.4.
+.PP
+\&\fIDH_set_default_openssl_method()\fR and \fIDH_get_default_openssl_method()\fR replaced
+\&\fIDH_set_default_method()\fR and \fIDH_get_default_method()\fR respectively, and
+\&\fIDH_set_method()\fR and \fIDH_new_method()\fR were altered to use \fB\s-1ENGINE\s0\fRs rather than
+\&\fB\s-1DH_METHOD\s0\fRs during development of the engine version of OpenSSL 0.9.6. For
+0.9.7, the handling of defaults in the \s-1ENGINE\s0 \s-1API\s0 was restructured so that this
+change was reversed, and behaviour of the other functions resembled more closely
+the previous behaviour. The behaviour of defaults in the \s-1ENGINE\s0 \s-1API\s0 now
+transparently overrides the behaviour of defaults in the \s-1DH\s0 \s-1API\s0 without
+requiring changing these function prototypes.
diff --git a/secure/lib/libcrypto/man/DH_size.3 b/secure/lib/libcrypto/man/DH_size.3
new file mode 100644
index 0000000..5f8c60e
--- /dev/null
+++ b/secure/lib/libcrypto/man/DH_size.3
@@ -0,0 +1,156 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "DH_size 3"
+.TH DH_size 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+DH_size \- get Diffie\-Hellman prime size
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/dh.h>
+\&
+\& int DH_size(DH *dh);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+This function returns the Diffie-Hellman size in bytes. It can be used
+to determine how much memory must be allocated for the shared secret
+computed by \fIDH_compute_key()\fR.
+.PP
+\&\fBdh\->p\fR must not be \fB\s-1NULL\s0\fR.
+.SH "RETURN VALUE"
+.IX Header "RETURN VALUE"
+The size in bytes.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIdh\fR\|(3), \fIDH_generate_key\fR\|(3)
+.SH "HISTORY"
+.IX Header "HISTORY"
+\&\fIDH_size()\fR is available in all versions of SSLeay and OpenSSL.
diff --git a/secure/lib/libcrypto/man/DSA_SIG_new.3 b/secure/lib/libcrypto/man/DSA_SIG_new.3
new file mode 100644
index 0000000..4f48912
--- /dev/null
+++ b/secure/lib/libcrypto/man/DSA_SIG_new.3
@@ -0,0 +1,163 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "DSA_SIG_new 3"
+.TH DSA_SIG_new 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+DSA_SIG_new, DSA_SIG_free \- allocate and free DSA signature objects
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/dsa.h>
+\&
+\& DSA_SIG *DSA_SIG_new(void);
+\&
+\& void DSA_SIG_free(DSA_SIG *a);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\fIDSA_SIG_new()\fR allocates and initializes a \fB\s-1DSA_SIG\s0\fR structure.
+.PP
+\&\fIDSA_SIG_free()\fR frees the \fB\s-1DSA_SIG\s0\fR structure and its components. The
+values are erased before the memory is returned to the system.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+If the allocation fails, \fIDSA_SIG_new()\fR returns \fB\s-1NULL\s0\fR and sets an
+error code that can be obtained by
+\&\fIERR_get_error\fR\|(3). Otherwise it returns a pointer
+to the newly allocated structure.
+.PP
+\&\fIDSA_SIG_free()\fR returns no value.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIdsa\fR\|(3), \fIERR_get_error\fR\|(3),
+\&\fIDSA_do_sign\fR\|(3)
+.SH "HISTORY"
+.IX Header "HISTORY"
+\&\fIDSA_SIG_new()\fR and \fIDSA_SIG_free()\fR were added in OpenSSL 0.9.3.
diff --git a/secure/lib/libcrypto/man/DSA_do_sign.3 b/secure/lib/libcrypto/man/DSA_do_sign.3
new file mode 100644
index 0000000..f6da96b
--- /dev/null
+++ b/secure/lib/libcrypto/man/DSA_do_sign.3
@@ -0,0 +1,170 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "DSA_do_sign 3"
+.TH DSA_do_sign 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+DSA_do_sign, DSA_do_verify \- raw DSA signature operations
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/dsa.h>
+\&
+\& DSA_SIG *DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa);
+\&
+\& int DSA_do_verify(const unsigned char *dgst, int dgst_len,
+\& DSA_SIG *sig, DSA *dsa);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\fIDSA_do_sign()\fR computes a digital signature on the \fBlen\fR byte message
+digest \fBdgst\fR using the private key \fBdsa\fR and returns it in a
+newly allocated \fB\s-1DSA_SIG\s0\fR structure.
+.PP
+\&\fIDSA_sign_setup\fR\|(3) may be used to precompute part
+of the signing operation in case signature generation is
+time-critical.
+.PP
+\&\fIDSA_do_verify()\fR verifies that the signature \fBsig\fR matches a given
+message digest \fBdgst\fR of size \fBlen\fR. \fBdsa\fR is the signer's public
+key.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+\&\fIDSA_do_sign()\fR returns the signature, \s-1NULL\s0 on error. \fIDSA_do_verify()\fR
+returns 1 for a valid signature, 0 for an incorrect signature and \-1
+on error. The error codes can be obtained by
+\&\fIERR_get_error\fR\|(3).
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIdsa\fR\|(3), \fIERR_get_error\fR\|(3), \fIrand\fR\|(3),
+\&\fIDSA_SIG_new\fR\|(3),
+\&\fIDSA_sign\fR\|(3)
+.SH "HISTORY"
+.IX Header "HISTORY"
+\&\fIDSA_do_sign()\fR and \fIDSA_do_verify()\fR were added in OpenSSL 0.9.3.
diff --git a/secure/lib/libcrypto/man/DSA_dup_DH.3 b/secure/lib/libcrypto/man/DSA_dup_DH.3
new file mode 100644
index 0000000..b13e50ee
--- /dev/null
+++ b/secure/lib/libcrypto/man/DSA_dup_DH.3
@@ -0,0 +1,158 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "DSA_dup_DH 3"
+.TH DSA_dup_DH 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+DSA_dup_DH \- create a DH structure out of DSA structure
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/dsa.h>
+\&
+\& DH * DSA_dup_DH(const DSA *r);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\fIDSA_dup_DH()\fR duplicates \s-1DSA\s0 parameters/keys as \s-1DH\s0 parameters/keys. q
+is lost during that conversion, but the resulting \s-1DH\s0 parameters
+contain its length.
+.SH "RETURN VALUE"
+.IX Header "RETURN VALUE"
+\&\fIDSA_dup_DH()\fR returns the new \fB\s-1DH\s0\fR structure, and \s-1NULL\s0 on error. The
+error codes can be obtained by \fIERR_get_error\fR\|(3).
+.SH "NOTE"
+.IX Header "NOTE"
+Be careful to avoid small subgroup attacks when using this.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIdh\fR\|(3), \fIdsa\fR\|(3), \fIERR_get_error\fR\|(3)
+.SH "HISTORY"
+.IX Header "HISTORY"
+\&\fIDSA_dup_DH()\fR was added in OpenSSL 0.9.4.
diff --git a/secure/lib/libcrypto/man/DSA_generate_key.3 b/secure/lib/libcrypto/man/DSA_generate_key.3
new file mode 100644
index 0000000..2777dc8
--- /dev/null
+++ b/secure/lib/libcrypto/man/DSA_generate_key.3
@@ -0,0 +1,157 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "DSA_generate_key 3"
+.TH DSA_generate_key 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+DSA_generate_key \- generate DSA key pair
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/dsa.h>
+\&
+\& int DSA_generate_key(DSA *a);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\fIDSA_generate_key()\fR expects \fBa\fR to contain \s-1DSA\s0 parameters. It generates
+a new key pair and stores it in \fBa\->pub_key\fR and \fBa\->priv_key\fR.
+.PP
+The \s-1PRNG\s0 must be seeded prior to calling \fIDSA_generate_key()\fR.
+.SH "RETURN VALUE"
+.IX Header "RETURN VALUE"
+\&\fIDSA_generate_key()\fR returns 1 on success, 0 otherwise.
+The error codes can be obtained by \fIERR_get_error\fR\|(3).
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIdsa\fR\|(3), \fIERR_get_error\fR\|(3), \fIrand\fR\|(3),
+\&\fIDSA_generate_parameters\fR\|(3)
+.SH "HISTORY"
+.IX Header "HISTORY"
+\&\fIDSA_generate_key()\fR is available since SSLeay 0.8.
diff --git a/secure/lib/libcrypto/man/DSA_generate_parameters.3 b/secure/lib/libcrypto/man/DSA_generate_parameters.3
new file mode 100644
index 0000000..e5fcb26
--- /dev/null
+++ b/secure/lib/libcrypto/man/DSA_generate_parameters.3
@@ -0,0 +1,210 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "DSA_generate_parameters 3"
+.TH DSA_generate_parameters 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+DSA_generate_parameters \- generate DSA parameters
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/dsa.h>
+\&
+\& DSA *DSA_generate_parameters(int bits, unsigned char *seed,
+\& int seed_len, int *counter_ret, unsigned long *h_ret,
+\& void (*callback)(int, int, void *), void *cb_arg);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\fIDSA_generate_parameters()\fR generates primes p and q and a generator g
+for use in the \s-1DSA\s0.
+.PP
+\&\fBbits\fR is the length of the prime to be generated; the \s-1DSS\s0 allows a
+maximum of 1024 bits.
+.PP
+If \fBseed\fR is \fB\s-1NULL\s0\fR or \fBseed_len\fR < 20, the primes will be
+generated at random. Otherwise, the seed is used to generate
+them. If the given seed does not yield a prime q, a new random
+seed is chosen and placed at \fBseed\fR.
+.PP
+\&\fIDSA_generate_parameters()\fR places the iteration count in
+*\fBcounter_ret\fR and a counter used for finding a generator in
+*\fBh_ret\fR, unless these are \fB\s-1NULL\s0\fR.
+.PP
+A callback function may be used to provide feedback about the progress
+of the key generation. If \fBcallback\fR is not \fB\s-1NULL\s0\fR, it will be
+called as follows:
+.IP "\(bu" 4
+When a candidate for q is generated, \fBcallback(0, m++, cb_arg)\fR is called
+(m is 0 for the first candidate).
+.IP "\(bu" 4
+When a candidate for q has passed a test by trial division,
+\&\fBcallback(1, \-1, cb_arg)\fR is called.
+While a candidate for q is tested by Miller-Rabin primality tests,
+\&\fBcallback(1, i, cb_arg)\fR is called in the outer loop
+(once for each witness that confirms that the candidate may be prime);
+i is the loop counter (starting at 0).
+.IP "\(bu" 4
+When a prime q has been found, \fBcallback(2, 0, cb_arg)\fR and
+\&\fBcallback(3, 0, cb_arg)\fR are called.
+.IP "\(bu" 4
+Before a candidate for p (other than the first) is generated and tested,
+\&\fBcallback(0, counter, cb_arg)\fR is called.
+.IP "\(bu" 4
+When a candidate for p has passed the test by trial division,
+\&\fBcallback(1, \-1, cb_arg)\fR is called.
+While it is tested by the Miller-Rabin primality test,
+\&\fBcallback(1, i, cb_arg)\fR is called in the outer loop
+(once for each witness that confirms that the candidate may be prime).
+i is the loop counter (starting at 0).
+.IP "\(bu" 4
+When p has been found, \fBcallback(2, 1, cb_arg)\fR is called.
+.IP "\(bu" 4
+When the generator has been found, \fBcallback(3, 1, cb_arg)\fR is called.
+.SH "RETURN VALUE"
+.IX Header "RETURN VALUE"
+\&\fIDSA_generate_parameters()\fR returns a pointer to the \s-1DSA\s0 structure, or
+\&\fB\s-1NULL\s0\fR if the parameter generation fails. The error codes can be
+obtained by \fIERR_get_error\fR\|(3).
+.SH "BUGS"
+.IX Header "BUGS"
+Seed lengths > 20 are not supported.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIdsa\fR\|(3), \fIERR_get_error\fR\|(3), \fIrand\fR\|(3),
+\&\fIDSA_free\fR\|(3)
+.SH "HISTORY"
+.IX Header "HISTORY"
+\&\fIDSA_generate_parameters()\fR appeared in SSLeay 0.8. The \fBcb_arg\fR
+argument was added in SSLeay 0.9.0.
+In versions up to OpenSSL 0.9.4, \fBcallback(1, ...)\fR was called
+in the inner loop of the Miller-Rabin test whenever it reached the
+squaring step (the parameters to \fBcallback\fR did not reveal how many
+witnesses had been tested); since OpenSSL 0.9.5, \fBcallback(1, ...)\fR
+is called as in \fIBN_is_prime\fR\|(3), i.e. once for each witness.
diff --git a/secure/lib/libcrypto/man/DSA_get_ex_new_index.3 b/secure/lib/libcrypto/man/DSA_get_ex_new_index.3
new file mode 100644
index 0000000..fd418dd
--- /dev/null
+++ b/secure/lib/libcrypto/man/DSA_get_ex_new_index.3
@@ -0,0 +1,160 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "DSA_get_ex_new_index 3"
+.TH DSA_get_ex_new_index 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+DSA_get_ex_new_index, DSA_set_ex_data, DSA_get_ex_data \- add application specific data to DSA structures
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/DSA.h>
+\&
+\& int DSA_get_ex_new_index(long argl, void *argp,
+\& CRYPTO_EX_new *new_func,
+\& CRYPTO_EX_dup *dup_func,
+\& CRYPTO_EX_free *free_func);
+\&
+\& int DSA_set_ex_data(DSA *d, int idx, void *arg);
+\&
+\& char *DSA_get_ex_data(DSA *d, int idx);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+These functions handle application specific data in \s-1DSA\s0
+structures. Their usage is identical to that of
+\&\fIRSA_get_ex_new_index()\fR, \fIRSA_set_ex_data()\fR and \fIRSA_get_ex_data()\fR
+as described in \fIRSA_get_ex_new_index\fR\|(3).
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIRSA_get_ex_new_index\fR\|(3), \fIdsa\fR\|(3)
+.SH "HISTORY"
+.IX Header "HISTORY"
+\&\fIDSA_get_ex_new_index()\fR, \fIDSA_set_ex_data()\fR and \fIDSA_get_ex_data()\fR are
+available since OpenSSL 0.9.5.
diff --git a/secure/lib/libcrypto/man/DSA_new.3 b/secure/lib/libcrypto/man/DSA_new.3
new file mode 100644
index 0000000..b53c2a4
--- /dev/null
+++ b/secure/lib/libcrypto/man/DSA_new.3
@@ -0,0 +1,165 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "DSA_new 3"
+.TH DSA_new 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+DSA_new, DSA_free \- allocate and free DSA objects
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/dsa.h>
+\&
+\& DSA* DSA_new(void);
+\&
+\& void DSA_free(DSA *dsa);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\fIDSA_new()\fR allocates and initializes a \fB\s-1DSA\s0\fR structure. It is equivalent to
+calling DSA_new_method(\s-1NULL\s0).
+.PP
+\&\fIDSA_free()\fR frees the \fB\s-1DSA\s0\fR structure and its components. The values are
+erased before the memory is returned to the system.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+If the allocation fails, \fIDSA_new()\fR returns \fB\s-1NULL\s0\fR and sets an error
+code that can be obtained by
+\&\fIERR_get_error\fR\|(3). Otherwise it returns a pointer
+to the newly allocated structure.
+.PP
+\&\fIDSA_free()\fR returns no value.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIdsa\fR\|(3), \fIERR_get_error\fR\|(3),
+\&\fIDSA_generate_parameters\fR\|(3),
+\&\fIDSA_generate_key\fR\|(3)
+.SH "HISTORY"
+.IX Header "HISTORY"
+\&\fIDSA_new()\fR and \fIDSA_free()\fR are available in all versions of SSLeay and OpenSSL.
diff --git a/secure/lib/libcrypto/man/DSA_set_method.3 b/secure/lib/libcrypto/man/DSA_set_method.3
new file mode 100644
index 0000000..9094acd
--- /dev/null
+++ b/secure/lib/libcrypto/man/DSA_set_method.3
@@ -0,0 +1,266 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "DSA_set_method 3"
+.TH DSA_set_method 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+DSA_set_default_method, DSA_get_default_method,
+DSA_set_method, DSA_new_method, DSA_OpenSSL \- select DSA method
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 2
+\& #include <openssl/dsa.h>
+\& #include <openssl/engine.h>
+\&
+\& void DSA_set_default_method(const DSA_METHOD *meth);
+\&
+\& const DSA_METHOD *DSA_get_default_method(void);
+\&
+\& int DSA_set_method(DSA *dsa, const DSA_METHOD *meth);
+\&
+\& DSA *DSA_new_method(ENGINE *engine);
+\&
+\& DSA_METHOD *DSA_OpenSSL(void);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+A \fB\s-1DSA_METHOD\s0\fR specifies the functions that OpenSSL uses for \s-1DSA\s0
+operations. By modifying the method, alternative implementations
+such as hardware accelerators may be used. \s-1IMPORTANT:\s0 See the \s-1NOTES\s0 section for
+important information about how these \s-1DSA\s0 \s-1API\s0 functions are affected by the use
+of \fB\s-1ENGINE\s0\fR \s-1API\s0 calls.
+.PP
+Initially, the default \s-1DSA_METHOD\s0 is the OpenSSL internal implementation,
+as returned by \fIDSA_OpenSSL()\fR.
+.PP
+\&\fIDSA_set_default_method()\fR makes \fBmeth\fR the default method for all \s-1DSA\s0
+structures created later. \fB\s-1NB\s0\fR: This is true only whilst no \s-1ENGINE\s0 has
+been set as a default for \s-1DSA\s0, so this function is no longer recommended.
+.PP
+\&\fIDSA_get_default_method()\fR returns a pointer to the current default
+\&\s-1DSA_METHOD\s0. However, the meaningfulness of this result is dependent on
+whether the \s-1ENGINE\s0 \s-1API\s0 is being used, so this function is no longer
+recommended.
+.PP
+\&\fIDSA_set_method()\fR selects \fBmeth\fR to perform all operations using the key
+\&\fBrsa\fR. This will replace the \s-1DSA_METHOD\s0 used by the \s-1DSA\s0 key and if the
+previous method was supplied by an \s-1ENGINE\s0, the handle to that \s-1ENGINE\s0 will
+be released during the change. It is possible to have \s-1DSA\s0 keys that only
+work with certain \s-1DSA_METHOD\s0 implementations (eg. from an \s-1ENGINE\s0 module
+that supports embedded hardware-protected keys), and in such cases
+attempting to change the \s-1DSA_METHOD\s0 for the key can have unexpected
+results.
+.PP
+\&\fIDSA_new_method()\fR allocates and initializes a \s-1DSA\s0 structure so that \fBengine\fR
+will be used for the \s-1DSA\s0 operations. If \fBengine\fR is \s-1NULL\s0, the default engine
+for \s-1DSA\s0 operations is used, and if no default \s-1ENGINE\s0 is set, the \s-1DSA_METHOD\s0
+controlled by \fIDSA_set_default_method()\fR is used.
+.SH "THE DSA_METHOD STRUCTURE"
+.IX Header "THE DSA_METHOD STRUCTURE"
+struct
+ {
+ /* name of the implementation */
+ const char *name;
+.PP
+.Vb 3
+\& /* sign */
+\& DSA_SIG *(*dsa_do_sign)(const unsigned char *dgst, int dlen,
+\& DSA *dsa);
+\&
+\& /* pre\-compute k^\-1 and r */
+\& int (*dsa_sign_setup)(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp,
+\& BIGNUM **rp);
+\&
+\& /* verify */
+\& int (*dsa_do_verify)(const unsigned char *dgst, int dgst_len,
+\& DSA_SIG *sig, DSA *dsa);
+\&
+\& /* compute rr = a1^p1 * a2^p2 mod m (May be NULL for some
+\& implementations) */
+\& int (*dsa_mod_exp)(DSA *dsa, BIGNUM *rr, BIGNUM *a1, BIGNUM *p1,
+\& BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
+\& BN_CTX *ctx, BN_MONT_CTX *in_mont);
+\&
+\& /* compute r = a ^ p mod m (May be NULL for some implementations) */
+\& int (*bn_mod_exp)(DSA *dsa, BIGNUM *r, BIGNUM *a,
+\& const BIGNUM *p, const BIGNUM *m,
+\& BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+\&
+\& /* called at DSA_new */
+\& int (*init)(DSA *DSA);
+\&
+\& /* called at DSA_free */
+\& int (*finish)(DSA *DSA);
+\&
+\& int flags;
+\&
+\& char *app_data; /* ?? */
+\&
+\& } DSA_METHOD;
+.Ve
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+\&\fIDSA_OpenSSL()\fR and \fIDSA_get_default_method()\fR return pointers to the respective
+\&\fB\s-1DSA_METHOD\s0\fRs.
+.PP
+\&\fIDSA_set_default_method()\fR returns no value.
+.PP
+\&\fIDSA_set_method()\fR returns non-zero if the provided \fBmeth\fR was successfully set as
+the method for \fBdsa\fR (including unloading the \s-1ENGINE\s0 handle if the previous
+method was supplied by an \s-1ENGINE\s0).
+.PP
+\&\fIDSA_new_method()\fR returns \s-1NULL\s0 and sets an error code that can be
+obtained by \fIERR_get_error\fR\|(3) if the allocation
+fails. Otherwise it returns a pointer to the newly allocated structure.
+.SH "NOTES"
+.IX Header "NOTES"
+As of version 0.9.7, \s-1DSA_METHOD\s0 implementations are grouped together with other
+algorithmic APIs (eg. \s-1RSA_METHOD\s0, \s-1EVP_CIPHER\s0, etc) in \fB\s-1ENGINE\s0\fR modules. If a
+default \s-1ENGINE\s0 is specified for \s-1DSA\s0 functionality using an \s-1ENGINE\s0 \s-1API\s0 function,
+that will override any \s-1DSA\s0 defaults set using the \s-1DSA\s0 \s-1API\s0 (ie.
+\&\fIDSA_set_default_method()\fR). For this reason, the \s-1ENGINE\s0 \s-1API\s0 is the recommended way
+to control default implementations for use in \s-1DSA\s0 and other cryptographic
+algorithms.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIdsa\fR\|(3), \fIDSA_new\fR\|(3)
+.SH "HISTORY"
+.IX Header "HISTORY"
+\&\fIDSA_set_default_method()\fR, \fIDSA_get_default_method()\fR, \fIDSA_set_method()\fR,
+\&\fIDSA_new_method()\fR and \fIDSA_OpenSSL()\fR were added in OpenSSL 0.9.4.
+.PP
+\&\fIDSA_set_default_openssl_method()\fR and \fIDSA_get_default_openssl_method()\fR replaced
+\&\fIDSA_set_default_method()\fR and \fIDSA_get_default_method()\fR respectively, and
+\&\fIDSA_set_method()\fR and \fIDSA_new_method()\fR were altered to use \fB\s-1ENGINE\s0\fRs rather than
+\&\fB\s-1DSA_METHOD\s0\fRs during development of the engine version of OpenSSL 0.9.6. For
+0.9.7, the handling of defaults in the \s-1ENGINE\s0 \s-1API\s0 was restructured so that this
+change was reversed, and behaviour of the other functions resembled more closely
+the previous behaviour. The behaviour of defaults in the \s-1ENGINE\s0 \s-1API\s0 now
+transparently overrides the behaviour of defaults in the \s-1DSA\s0 \s-1API\s0 without
+requiring changing these function prototypes.
diff --git a/secure/lib/libcrypto/man/DSA_sign.3 b/secure/lib/libcrypto/man/DSA_sign.3
new file mode 100644
index 0000000..5931f9c
--- /dev/null
+++ b/secure/lib/libcrypto/man/DSA_sign.3
@@ -0,0 +1,188 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "DSA_sign 3"
+.TH DSA_sign 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+DSA_sign, DSA_sign_setup, DSA_verify \- DSA signatures
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/dsa.h>
+\&
+\& int DSA_sign(int type, const unsigned char *dgst, int len,
+\& unsigned char *sigret, unsigned int *siglen, DSA *dsa);
+\&
+\& int DSA_sign_setup(DSA *dsa, BN_CTX *ctx, BIGNUM **kinvp,
+\& BIGNUM **rp);
+\&
+\& int DSA_verify(int type, const unsigned char *dgst, int len,
+\& unsigned char *sigbuf, int siglen, DSA *dsa);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\fIDSA_sign()\fR computes a digital signature on the \fBlen\fR byte message
+digest \fBdgst\fR using the private key \fBdsa\fR and places its \s-1ASN\s0.1 \s-1DER\s0
+encoding at \fBsigret\fR. The length of the signature is places in
+*\fBsiglen\fR. \fBsigret\fR must point to DSA_size(\fBdsa\fR) bytes of memory.
+.PP
+\&\fIDSA_sign_setup()\fR may be used to precompute part of the signing
+operation in case signature generation is time-critical. It expects
+\&\fBdsa\fR to contain \s-1DSA\s0 parameters. It places the precomputed values
+in newly allocated \fB\s-1BIGNUM\s0\fRs at *\fBkinvp\fR and *\fBrp\fR, after freeing
+the old ones unless *\fBkinvp\fR and *\fBrp\fR are \s-1NULL\s0. These values may
+be passed to \fIDSA_sign()\fR in \fBdsa\->kinv\fR and \fBdsa\->r\fR.
+\&\fBctx\fR is a pre-allocated \fB\s-1BN_CTX\s0\fR or \s-1NULL\s0.
+.PP
+\&\fIDSA_verify()\fR verifies that the signature \fBsigbuf\fR of size \fBsiglen\fR
+matches a given message digest \fBdgst\fR of size \fBlen\fR.
+\&\fBdsa\fR is the signer's public key.
+.PP
+The \fBtype\fR parameter is ignored.
+.PP
+The \s-1PRNG\s0 must be seeded before \fIDSA_sign()\fR (or \fIDSA_sign_setup()\fR)
+is called.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+\&\fIDSA_sign()\fR and \fIDSA_sign_setup()\fR return 1 on success, 0 on error.
+\&\fIDSA_verify()\fR returns 1 for a valid signature, 0 for an incorrect
+signature and \-1 on error. The error codes can be obtained by
+\&\fIERR_get_error\fR\|(3).
+.SH "CONFORMING TO"
+.IX Header "CONFORMING TO"
+\&\s-1US\s0 Federal Information Processing Standard \s-1FIPS\s0 186 (Digital Signature
+Standard, \s-1DSS\s0), \s-1ANSI\s0 X9.30
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIdsa\fR\|(3), \fIERR_get_error\fR\|(3), \fIrand\fR\|(3),
+\&\fIDSA_do_sign\fR\|(3)
+.SH "HISTORY"
+.IX Header "HISTORY"
+\&\fIDSA_sign()\fR and \fIDSA_verify()\fR are available in all versions of SSLeay.
+\&\fIDSA_sign_setup()\fR was added in SSLeay 0.8.
diff --git a/secure/lib/libcrypto/man/DSA_size.3 b/secure/lib/libcrypto/man/DSA_size.3
new file mode 100644
index 0000000..1aa3962
--- /dev/null
+++ b/secure/lib/libcrypto/man/DSA_size.3
@@ -0,0 +1,156 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "DSA_size 3"
+.TH DSA_size 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+DSA_size \- get DSA signature size
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/dsa.h>
+\&
+\& int DSA_size(const DSA *dsa);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+This function returns the size of an \s-1ASN\s0.1 encoded \s-1DSA\s0 signature in
+bytes. It can be used to determine how much memory must be allocated
+for a \s-1DSA\s0 signature.
+.PP
+\&\fBdsa\->q\fR must not be \fB\s-1NULL\s0\fR.
+.SH "RETURN VALUE"
+.IX Header "RETURN VALUE"
+The size in bytes.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIdsa\fR\|(3), \fIDSA_sign\fR\|(3)
+.SH "HISTORY"
+.IX Header "HISTORY"
+\&\fIDSA_size()\fR is available in all versions of SSLeay and OpenSSL.
diff --git a/secure/lib/libcrypto/man/ERR_GET_LIB.3 b/secure/lib/libcrypto/man/ERR_GET_LIB.3
new file mode 100644
index 0000000..694b0e1
--- /dev/null
+++ b/secure/lib/libcrypto/man/ERR_GET_LIB.3
@@ -0,0 +1,174 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "ERR_GET_LIB 3"
+.TH ERR_GET_LIB 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+ERR_GET_LIB, ERR_GET_FUNC, ERR_GET_REASON \- get library, function and
+reason code
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/err.h>
+\&
+\& int ERR_GET_LIB(unsigned long e);
+\&
+\& int ERR_GET_FUNC(unsigned long e);
+\&
+\& int ERR_GET_REASON(unsigned long e);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+The error code returned by \fIERR_get_error()\fR consists of a library
+number, function code and reason code. \s-1\fIERR_GET_LIB\s0()\fR, \s-1\fIERR_GET_FUNC\s0()\fR
+and \s-1\fIERR_GET_REASON\s0()\fR can be used to extract these.
+.PP
+The library number and function code describe where the error
+occurred, the reason code is the information about what went wrong.
+.PP
+Each sub-library of OpenSSL has a unique library number; function and
+reason codes are unique within each sub-library. Note that different
+libraries may use the same value to signal different functions and
+reasons.
+.PP
+\&\fB\s-1ERR_R_\s0...\fR reason codes such as \fB\s-1ERR_R_MALLOC_FAILURE\s0\fR are globally
+unique. However, when checking for sub-library specific reason codes,
+be sure to also compare the library number.
+.PP
+\&\s-1\fIERR_GET_LIB\s0()\fR, \s-1\fIERR_GET_FUNC\s0()\fR and \s-1\fIERR_GET_REASON\s0()\fR are macros.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+The library number, function code and reason code respectively.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIerr\fR\|(3), \fIERR_get_error\fR\|(3)
+.SH "HISTORY"
+.IX Header "HISTORY"
+\&\s-1\fIERR_GET_LIB\s0()\fR, \s-1\fIERR_GET_FUNC\s0()\fR and \s-1\fIERR_GET_REASON\s0()\fR are available in
+all versions of SSLeay and OpenSSL.
diff --git a/secure/lib/libcrypto/man/ERR_clear_error.3 b/secure/lib/libcrypto/man/ERR_clear_error.3
new file mode 100644
index 0000000..4b93a2d
--- /dev/null
+++ b/secure/lib/libcrypto/man/ERR_clear_error.3
@@ -0,0 +1,152 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "ERR_clear_error 3"
+.TH ERR_clear_error 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+ERR_clear_error \- clear the error queue
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/err.h>
+\&
+\& void ERR_clear_error(void);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\fIERR_clear_error()\fR empties the current thread's error queue.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+\&\fIERR_clear_error()\fR has no return value.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIerr\fR\|(3), \fIERR_get_error\fR\|(3)
+.SH "HISTORY"
+.IX Header "HISTORY"
+\&\fIERR_clear_error()\fR is available in all versions of SSLeay and OpenSSL.
diff --git a/secure/lib/libcrypto/man/ERR_error_string.3 b/secure/lib/libcrypto/man/ERR_error_string.3
new file mode 100644
index 0000000..bf66a06
--- /dev/null
+++ b/secure/lib/libcrypto/man/ERR_error_string.3
@@ -0,0 +1,198 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "ERR_error_string 3"
+.TH ERR_error_string 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+ERR_error_string, ERR_error_string_n, ERR_lib_error_string,
+ERR_func_error_string, ERR_reason_error_string \- obtain human\-readable
+error message
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/err.h>
+\&
+\& char *ERR_error_string(unsigned long e, char *buf);
+\& void ERR_error_string_n(unsigned long e, char *buf, size_t len);
+\&
+\& const char *ERR_lib_error_string(unsigned long e);
+\& const char *ERR_func_error_string(unsigned long e);
+\& const char *ERR_reason_error_string(unsigned long e);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\fIERR_error_string()\fR generates a human-readable string representing the
+error code \fIe\fR, and places it at \fIbuf\fR. \fIbuf\fR must be at least 120
+bytes long. If \fIbuf\fR is \fB\s-1NULL\s0\fR, the error string is placed in a
+static buffer.
+\&\fIERR_error_string_n()\fR is a variant of \fIERR_error_string()\fR that writes
+at most \fIlen\fR characters (including the terminating 0)
+and truncates the string if necessary.
+For \fIERR_error_string_n()\fR, \fIbuf\fR may not be \fB\s-1NULL\s0\fR.
+.PP
+The string will have the following format:
+.PP
+.Vb 1
+\& error:[error code]:[library name]:[function name]:[reason string]
+.Ve
+.PP
+\&\fIerror code\fR is an 8 digit hexadecimal number, \fIlibrary name\fR,
+\&\fIfunction name\fR and \fIreason string\fR are \s-1ASCII\s0 text.
+.PP
+\&\fIERR_lib_error_string()\fR, \fIERR_func_error_string()\fR and
+\&\fIERR_reason_error_string()\fR return the library name, function
+name and reason string respectively.
+.PP
+The OpenSSL error strings should be loaded by calling
+\&\fIERR_load_crypto_strings\fR\|(3) or, for \s-1SSL\s0
+applications, \fISSL_load_error_strings\fR\|(3)
+first.
+If there is no text string registered for the given error code,
+the error string will contain the numeric code.
+.PP
+\&\fIERR_print_errors\fR\|(3) can be used to print
+all error codes currently in the queue.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+\&\fIERR_error_string()\fR returns a pointer to a static buffer containing the
+string if \fIbuf\fR \fB== \s-1NULL\s0\fR, \fIbuf\fR otherwise.
+.PP
+\&\fIERR_lib_error_string()\fR, \fIERR_func_error_string()\fR and
+\&\fIERR_reason_error_string()\fR return the strings, and \fB\s-1NULL\s0\fR if
+none is registered for the error code.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIerr\fR\|(3), \fIERR_get_error\fR\|(3),
+\&\fIERR_load_crypto_strings\fR\|(3),
+\&\fISSL_load_error_strings\fR\|(3)
+\&\fIERR_print_errors\fR\|(3)
+.SH "HISTORY"
+.IX Header "HISTORY"
+\&\fIERR_error_string()\fR is available in all versions of SSLeay and OpenSSL.
+\&\fIERR_error_string_n()\fR was added in OpenSSL 0.9.6.
diff --git a/secure/lib/libcrypto/man/ERR_get_error.3 b/secure/lib/libcrypto/man/ERR_get_error.3
new file mode 100644
index 0000000..b59ee3f
--- /dev/null
+++ b/secure/lib/libcrypto/man/ERR_get_error.3
@@ -0,0 +1,199 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "ERR_get_error 3"
+.TH ERR_get_error 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+ERR_get_error, ERR_peek_error, ERR_peek_last_error,
+ERR_get_error_line, ERR_peek_error_line, ERR_peek_last_error_line,
+ERR_get_error_line_data, ERR_peek_error_line_data,
+ERR_peek_last_error_line_data \- obtain error code and data
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/err.h>
+\&
+\& unsigned long ERR_get_error(void);
+\& unsigned long ERR_peek_error(void);
+\& unsigned long ERR_peek_last_error(void);
+\&
+\& unsigned long ERR_get_error_line(const char **file, int *line);
+\& unsigned long ERR_peek_error_line(const char **file, int *line);
+\& unsigned long ERR_peek_last_error_line(const char **file, int *line);
+\&
+\& unsigned long ERR_get_error_line_data(const char **file, int *line,
+\& const char **data, int *flags);
+\& unsigned long ERR_peek_error_line_data(const char **file, int *line,
+\& const char **data, int *flags);
+\& unsigned long ERR_peek_last_error_line_data(const char **file, int *line,
+\& const char **data, int *flags);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\fIERR_get_error()\fR returns the earliest error code from the thread's error
+queue and removes the entry. This function can be called repeatedly
+until there are no more error codes to return.
+.PP
+\&\fIERR_peek_error()\fR returns the earliest error code from the thread's
+error queue without modifying it.
+.PP
+\&\fIERR_peek_last_error()\fR returns the latest error code from the thread's
+error queue without modifying it.
+.PP
+See \s-1\fIERR_GET_LIB\s0\fR\|(3) for obtaining information about
+location and reason of the error, and
+\&\fIERR_error_string\fR\|(3) for human-readable error
+messages.
+.PP
+\&\fIERR_get_error_line()\fR, \fIERR_peek_error_line()\fR and
+\&\fIERR_peek_last_error_line()\fR are the same as the above, but they
+additionally store the file name and line number where
+the error occurred in *\fBfile\fR and *\fBline\fR, unless these are \fB\s-1NULL\s0\fR.
+.PP
+\&\fIERR_get_error_line_data()\fR, \fIERR_peek_error_line_data()\fR and
+\&\fIERR_get_last_error_line_data()\fR store additional data and flags
+associated with the error code in *\fBdata\fR
+and *\fBflags\fR, unless these are \fB\s-1NULL\s0\fR. *\fBdata\fR contains a string
+if *\fBflags\fR&\fB\s-1ERR_TXT_STRING\s0\fR. If it has been allocated by \fIOPENSSL_malloc()\fR,
+*\fBflags\fR&\fB\s-1ERR_TXT_MALLOCED\s0\fR is true.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+The error code, or 0 if there is no error in the queue.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIerr\fR\|(3), \fIERR_error_string\fR\|(3),
+\&\s-1\fIERR_GET_LIB\s0\fR\|(3)
+.SH "HISTORY"
+.IX Header "HISTORY"
+\&\fIERR_get_error()\fR, \fIERR_peek_error()\fR, \fIERR_get_error_line()\fR and
+\&\fIERR_peek_error_line()\fR are available in all versions of SSLeay and
+OpenSSL. \fIERR_get_error_line_data()\fR and \fIERR_peek_error_line_data()\fR
+were added in SSLeay 0.9.0.
+\&\fIERR_peek_last_error()\fR, \fIERR_peek_last_error_line()\fR and
+\&\fIERR_peek_last_error_line_data()\fR were added in OpenSSL 0.9.7.
diff --git a/secure/lib/libcrypto/man/ERR_load_crypto_strings.3 b/secure/lib/libcrypto/man/ERR_load_crypto_strings.3
new file mode 100644
index 0000000..089c5ae
--- /dev/null
+++ b/secure/lib/libcrypto/man/ERR_load_crypto_strings.3
@@ -0,0 +1,169 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "ERR_load_crypto_strings 3"
+.TH ERR_load_crypto_strings 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+ERR_load_crypto_strings, SSL_load_error_strings, ERR_free_strings \-
+load and free error strings
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/err.h>
+\&
+\& void ERR_load_crypto_strings(void);
+\& void ERR_free_strings(void);
+\&
+\& #include <openssl/ssl.h>
+\&
+\& void SSL_load_error_strings(void);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\fIERR_load_crypto_strings()\fR registers the error strings for all
+\&\fBlibcrypto\fR functions. \fISSL_load_error_strings()\fR does the same,
+but also registers the \fBlibssl\fR error strings.
+.PP
+One of these functions should be called before generating
+textual error messages. However, this is not required when memory
+usage is an issue.
+.PP
+\&\fIERR_free_strings()\fR frees all previously loaded error strings.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+\&\fIERR_load_crypto_strings()\fR, \fISSL_load_error_strings()\fR and
+\&\fIERR_free_strings()\fR return no values.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIerr\fR\|(3), \fIERR_error_string\fR\|(3)
+.SH "HISTORY"
+.IX Header "HISTORY"
+\&\fIERR_load_error_strings()\fR, \fISSL_load_error_strings()\fR and
+\&\fIERR_free_strings()\fR are available in all versions of SSLeay and
+OpenSSL.
diff --git a/secure/lib/libcrypto/man/ERR_load_strings.3 b/secure/lib/libcrypto/man/ERR_load_strings.3
new file mode 100644
index 0000000..47f534b
--- /dev/null
+++ b/secure/lib/libcrypto/man/ERR_load_strings.3
@@ -0,0 +1,179 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "ERR_load_strings 3"
+.TH ERR_load_strings 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+ERR_load_strings, ERR_PACK, ERR_get_next_error_library \- load
+arbitrary error strings
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/err.h>
+\&
+\& void ERR_load_strings(int lib, ERR_STRING_DATA str[]);
+\&
+\& int ERR_get_next_error_library(void);
+\&
+\& unsigned long ERR_PACK(int lib, int func, int reason);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\fIERR_load_strings()\fR registers error strings for library number \fBlib\fR.
+.PP
+\&\fBstr\fR is an array of error string data:
+.PP
+.Vb 5
+\& typedef struct ERR_string_data_st
+\& {
+\& unsigned long error;
+\& char *string;
+\& } ERR_STRING_DATA;
+.Ve
+.PP
+The error code is generated from the library number and a function and
+reason code: \fBerror\fR = \s-1ERR_PACK\s0(\fBlib\fR, \fBfunc\fR, \fBreason\fR).
+\&\s-1\fIERR_PACK\s0()\fR is a macro.
+.PP
+The last entry in the array is {0,0}.
+.PP
+\&\fIERR_get_next_error_library()\fR can be used to assign library numbers
+to user libraries at runtime.
+.SH "RETURN VALUE"
+.IX Header "RETURN VALUE"
+\&\fIERR_load_strings()\fR returns no value. \s-1\fIERR_PACK\s0()\fR return the error code.
+\&\fIERR_get_next_error_library()\fR returns a new library number.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIerr\fR\|(3), \fIERR_load_strings\fR\|(3)
+.SH "HISTORY"
+.IX Header "HISTORY"
+\&\fIERR_load_error_strings()\fR and \s-1\fIERR_PACK\s0()\fR are available in all versions
+of SSLeay and OpenSSL. \fIERR_get_next_error_library()\fR was added in
+SSLeay 0.9.0.
diff --git a/secure/lib/libcrypto/man/ERR_print_errors.3 b/secure/lib/libcrypto/man/ERR_print_errors.3
new file mode 100644
index 0000000..fa7516a
--- /dev/null
+++ b/secure/lib/libcrypto/man/ERR_print_errors.3
@@ -0,0 +1,175 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "ERR_print_errors 3"
+.TH ERR_print_errors 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+ERR_print_errors, ERR_print_errors_fp \- print error messages
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/err.h>
+\&
+\& void ERR_print_errors(BIO *bp);
+\& void ERR_print_errors_fp(FILE *fp);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\fIERR_print_errors()\fR is a convenience function that prints the error
+strings for all errors that OpenSSL has recorded to \fBbp\fR, thus
+emptying the error queue.
+.PP
+\&\fIERR_print_errors_fp()\fR is the same, except that the output goes to a
+\&\fB\s-1FILE\s0\fR.
+.PP
+The error strings will have the following format:
+.PP
+.Vb 1
+\& [pid]:error:[error code]:[library name]:[function name]:[reason string]:[file name]:[line]:[optional text message]
+.Ve
+.PP
+\&\fIerror code\fR is an 8 digit hexadecimal number. \fIlibrary name\fR,
+\&\fIfunction name\fR and \fIreason string\fR are \s-1ASCII\s0 text, as is \fIoptional
+text message\fR if one was set for the respective error code.
+.PP
+If there is no text string registered for the given error code,
+the error string will contain the numeric code.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+\&\fIERR_print_errors()\fR and \fIERR_print_errors_fp()\fR return no values.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIerr\fR\|(3), \fIERR_error_string\fR\|(3),
+\&\fIERR_get_error\fR\|(3),
+\&\fIERR_load_crypto_strings\fR\|(3),
+\&\fISSL_load_error_strings\fR\|(3)
+.SH "HISTORY"
+.IX Header "HISTORY"
+\&\fIERR_print_errors()\fR and \fIERR_print_errors_fp()\fR
+are available in all versions of SSLeay and OpenSSL.
diff --git a/secure/lib/libcrypto/man/ERR_put_error.3 b/secure/lib/libcrypto/man/ERR_put_error.3
new file mode 100644
index 0000000..9c403c9
--- /dev/null
+++ b/secure/lib/libcrypto/man/ERR_put_error.3
@@ -0,0 +1,167 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "ERR_put_error 3"
+.TH ERR_put_error 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+ERR_put_error, ERR_add_error_data \- record an error
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/err.h>
+\&
+\& void ERR_put_error(int lib, int func, int reason, const char *file,
+\& int line);
+\&
+\& void ERR_add_error_data(int num, ...);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\fIERR_put_error()\fR adds an error code to the thread's error queue. It
+signals that the error of reason code \fBreason\fR occurred in function
+\&\fBfunc\fR of library \fBlib\fR, in line number \fBline\fR of \fBfile\fR.
+This function is usually called by a macro.
+.PP
+\&\fIERR_add_error_data()\fR associates the concatenation of its \fBnum\fR string
+arguments with the error code added last.
+.PP
+\&\fIERR_load_strings\fR\|(3) can be used to register
+error strings so that the application can a generate human-readable
+error messages for the error code.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+\&\fIERR_put_error()\fR and \fIERR_add_error_data()\fR return
+no values.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIerr\fR\|(3), \fIERR_load_strings\fR\|(3)
+.SH "HISTORY"
+.IX Header "HISTORY"
+\&\fIERR_put_error()\fR is available in all versions of SSLeay and OpenSSL.
+\&\fIERR_add_error_data()\fR was added in SSLeay 0.9.0.
diff --git a/secure/lib/libcrypto/man/ERR_remove_state.3 b/secure/lib/libcrypto/man/ERR_remove_state.3
new file mode 100644
index 0000000..55e717d
--- /dev/null
+++ b/secure/lib/libcrypto/man/ERR_remove_state.3
@@ -0,0 +1,157 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "ERR_remove_state 3"
+.TH ERR_remove_state 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+ERR_remove_state \- free a thread's error queue
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/err.h>
+\&
+\& void ERR_remove_state(unsigned long pid);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\fIERR_remove_state()\fR frees the error queue associated with thread \fBpid\fR.
+If \fBpid\fR == 0, the current thread will have its error queue removed.
+.PP
+Since error queue data structures are allocated automatically for new
+threads, they must be freed when threads are terminated in order to
+avoid memory leaks.
+.SH "RETURN VALUE"
+.IX Header "RETURN VALUE"
+\&\fIERR_remove_state()\fR returns no value.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIerr\fR\|(3)
+.SH "HISTORY"
+.IX Header "HISTORY"
+\&\fIERR_remove_state()\fR is available in all versions of SSLeay and OpenSSL.
diff --git a/secure/lib/libcrypto/man/ERR_set_mark.3 b/secure/lib/libcrypto/man/ERR_set_mark.3
new file mode 100644
index 0000000..72934b8
--- /dev/null
+++ b/secure/lib/libcrypto/man/ERR_set_mark.3
@@ -0,0 +1,161 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "ERR_set_mark 3"
+.TH ERR_set_mark 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+ERR_set_mark, ERR_pop_to_mark \- set marks and pop errors until mark
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/err.h>
+\&
+\& int ERR_set_mark(void);
+\&
+\& int ERR_pop_to_mark(void);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\fIERR_set_mark()\fR sets a mark on the current topmost error record if there
+is one.
+.PP
+\&\fIERR_pop_to_mark()\fR will pop the top of the error stack until a mark is found.
+The mark is then removed. If there is no mark, the whole stack is removed.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+\&\fIERR_set_mark()\fR returns 0 if the error stack is empty, otherwise 1.
+.PP
+\&\fIERR_pop_to_mark()\fR returns 0 if there was no mark in the error stack, which
+implies that the stack became empty, otherwise 1.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIerr\fR\|(3)
+.SH "HISTORY"
+.IX Header "HISTORY"
+\&\fIERR_set_mark()\fR and \fIERR_pop_to_mark()\fR were added in OpenSSL 0.9.8.
diff --git a/secure/lib/libcrypto/man/EVP_BytesToKey.3 b/secure/lib/libcrypto/man/EVP_BytesToKey.3
new file mode 100644
index 0000000..9473bc3
--- /dev/null
+++ b/secure/lib/libcrypto/man/EVP_BytesToKey.3
@@ -0,0 +1,191 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "EVP_BytesToKey 3"
+.TH EVP_BytesToKey 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+EVP_BytesToKey \- password based encryption routine
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/evp.h>
+\&
+\& int EVP_BytesToKey(const EVP_CIPHER *type,const EVP_MD *md,
+\& const unsigned char *salt,
+\& const unsigned char *data, int datal, int count,
+\& unsigned char *key,unsigned char *iv);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\fIEVP_BytesToKey()\fR derives a key and \s-1IV\s0 from various parameters. \fBtype\fR is
+the cipher to derive the key and \s-1IV\s0 for. \fBmd\fR is the message digest to use.
+The \fBsalt\fR paramter is used as a salt in the derivation: it should point to
+an 8 byte buffer or \s-1NULL\s0 if no salt is used. \fBdata\fR is a buffer containing
+\&\fBdatal\fR bytes which is used to derive the keying data. \fBcount\fR is the
+iteration count to use. The derived key and \s-1IV\s0 will be written to \fBkey\fR
+and \fBiv\fR respectively.
+.SH "NOTES"
+.IX Header "NOTES"
+A typical application of this function is to derive keying material for an
+encryption algorithm from a password in the \fBdata\fR parameter.
+.PP
+Increasing the \fBcount\fR parameter slows down the algorithm which makes it
+harder for an attacker to peform a brute force attack using a large number
+of candidate passwords.
+.PP
+If the total key and \s-1IV\s0 length is less than the digest length and
+\&\fB\s-1MD5\s0\fR is used then the derivation algorithm is compatible with PKCS#5 v1.5
+otherwise a non standard extension is used to derive the extra data.
+.PP
+Newer applications should use more standard algorithms such as PKCS#5
+v2.0 for key derivation.
+.SH "KEY DERIVATION ALGORITHM"
+.IX Header "KEY DERIVATION ALGORITHM"
+The key and \s-1IV\s0 is derived by concatenating D_1, D_2, etc until
+enough data is available for the key and \s-1IV\s0. D_i is defined as:
+.PP
+.Vb 1
+\& D_i = HASH^count(D_(i\-1) || data || salt)
+.Ve
+.PP
+where || denotes concatentaion, D_0 is empty, \s-1HASH\s0 is the digest
+algorithm in use, HASH^1(data) is simply \s-1HASH\s0(data), HASH^2(data)
+is \s-1HASH\s0(\s-1HASH\s0(data)) and so on.
+.PP
+The initial bytes are used for the key and the subsequent bytes for
+the \s-1IV\s0.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+\&\fIEVP_BytesToKey()\fR returns the size of the derived key in bytes.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIevp\fR\|(3), \fIrand\fR\|(3),
+\&\fIEVP_EncryptInit\fR\|(3)
+.SH "HISTORY"
+.IX Header "HISTORY"
diff --git a/secure/lib/libcrypto/man/EVP_DigestInit.3 b/secure/lib/libcrypto/man/EVP_DigestInit.3
new file mode 100644
index 0000000..e7c79a4
--- /dev/null
+++ b/secure/lib/libcrypto/man/EVP_DigestInit.3
@@ -0,0 +1,378 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "EVP_DigestInit 3"
+.TH EVP_DigestInit 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+EVP_MD_CTX_init, EVP_MD_CTX_create, EVP_DigestInit_ex, EVP_DigestUpdate,
+EVP_DigestFinal_ex, EVP_MD_CTX_cleanup, EVP_MD_CTX_destroy, EVP_MAX_MD_SIZE,
+EVP_MD_CTX_copy_ex, EVP_MD_CTX_copy, EVP_MD_type, EVP_MD_pkey_type, EVP_MD_size,
+EVP_MD_block_size, EVP_MD_CTX_md, EVP_MD_CTX_size, EVP_MD_CTX_block_size, EVP_MD_CTX_type,
+EVP_md_null, EVP_md2, EVP_md5, EVP_sha, EVP_sha1, EVP_dss, EVP_dss1, EVP_mdc2,
+EVP_ripemd160, EVP_get_digestbyname, EVP_get_digestbynid, EVP_get_digestbyobj \-
+EVP digest routines
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/evp.h>
+\&
+\& void EVP_MD_CTX_init(EVP_MD_CTX *ctx);
+\& EVP_MD_CTX *EVP_MD_CTX_create(void);
+\&
+\& int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl);
+\& int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *d, size_t cnt);
+\& int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md,
+\& unsigned int *s);
+\&
+\& int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx);
+\& void EVP_MD_CTX_destroy(EVP_MD_CTX *ctx);
+\&
+\& int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out,const EVP_MD_CTX *in);
+\&
+\& int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type);
+\& int EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md,
+\& unsigned int *s);
+\&
+\& int EVP_MD_CTX_copy(EVP_MD_CTX *out,EVP_MD_CTX *in);
+\&
+\& #define EVP_MAX_MD_SIZE (16+20) /* The SSLv3 md5+sha1 type */
+\&
+\&
+\& #define EVP_MD_type(e) ((e)\->type)
+\& #define EVP_MD_pkey_type(e) ((e)\->pkey_type)
+\& #define EVP_MD_size(e) ((e)\->md_size)
+\& #define EVP_MD_block_size(e) ((e)\->block_size)
+\&
+\& #define EVP_MD_CTX_md(e) (e)\->digest)
+\& #define EVP_MD_CTX_size(e) EVP_MD_size((e)\->digest)
+\& #define EVP_MD_CTX_block_size(e) EVP_MD_block_size((e)\->digest)
+\& #define EVP_MD_CTX_type(e) EVP_MD_type((e)\->digest)
+\&
+\& const EVP_MD *EVP_md_null(void);
+\& const EVP_MD *EVP_md2(void);
+\& const EVP_MD *EVP_md5(void);
+\& const EVP_MD *EVP_sha(void);
+\& const EVP_MD *EVP_sha1(void);
+\& const EVP_MD *EVP_dss(void);
+\& const EVP_MD *EVP_dss1(void);
+\& const EVP_MD *EVP_mdc2(void);
+\& const EVP_MD *EVP_ripemd160(void);
+\&
+\& const EVP_MD *EVP_get_digestbyname(const char *name);
+\& #define EVP_get_digestbynid(a) EVP_get_digestbyname(OBJ_nid2sn(a))
+\& #define EVP_get_digestbyobj(a) EVP_get_digestbynid(OBJ_obj2nid(a))
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+The \s-1EVP\s0 digest routines are a high level interface to message digests.
+.PP
+\&\fIEVP_MD_CTX_init()\fR initializes digest context \fBctx\fR.
+.PP
+\&\fIEVP_MD_CTX_create()\fR allocates, initializes and returns a digest context.
+.PP
+\&\fIEVP_DigestInit_ex()\fR sets up digest context \fBctx\fR to use a digest
+\&\fBtype\fR from \s-1ENGINE\s0 \fBimpl\fR. \fBctx\fR must be initialized before calling this
+function. \fBtype\fR will typically be supplied by a functionsuch as \fIEVP_sha1()\fR.
+If \fBimpl\fR is \s-1NULL\s0 then the default implementation of digest \fBtype\fR is used.
+.PP
+\&\fIEVP_DigestUpdate()\fR hashes \fBcnt\fR bytes of data at \fBd\fR into the
+digest context \fBctx\fR. This function can be called several times on the
+same \fBctx\fR to hash additional data.
+.PP
+\&\fIEVP_DigestFinal_ex()\fR retrieves the digest value from \fBctx\fR and places
+it in \fBmd\fR. If the \fBs\fR parameter is not \s-1NULL\s0 then the number of
+bytes of data written (i.e. the length of the digest) will be written
+to the integer at \fBs\fR, at most \fB\s-1EVP_MAX_MD_SIZE\s0\fR bytes will be written.
+After calling \fIEVP_DigestFinal_ex()\fR no additional calls to \fIEVP_DigestUpdate()\fR
+can be made, but \fIEVP_DigestInit_ex()\fR can be called to initialize a new
+digest operation.
+.PP
+\&\fIEVP_MD_CTX_cleanup()\fR cleans up digest context \fBctx\fR, it should be called
+after a digest context is no longer needed.
+.PP
+\&\fIEVP_MD_CTX_destroy()\fR cleans up digest context \fBctx\fR and frees up the
+space allocated to it, it should be called only on a context created
+using \fIEVP_MD_CTX_create()\fR.
+.PP
+\&\fIEVP_MD_CTX_copy_ex()\fR can be used to copy the message digest state from
+\&\fBin\fR to \fBout\fR. This is useful if large amounts of data are to be
+hashed which only differ in the last few bytes. \fBout\fR must be initialized
+before calling this function.
+.PP
+\&\fIEVP_DigestInit()\fR behaves in the same way as \fIEVP_DigestInit_ex()\fR except
+the passed context \fBctx\fR does not have to be initialized, and it always
+uses the default digest implementation.
+.PP
+\&\fIEVP_DigestFinal()\fR is similar to \fIEVP_DigestFinal_ex()\fR except the digest
+context \fBctx\fR is automatically cleaned up.
+.PP
+\&\fIEVP_MD_CTX_copy()\fR is similar to \fIEVP_MD_CTX_copy_ex()\fR except the destination
+\&\fBout\fR does not have to be initialized.
+.PP
+\&\fIEVP_MD_size()\fR and \fIEVP_MD_CTX_size()\fR return the size of the message digest
+when passed an \fB\s-1EVP_MD\s0\fR or an \fB\s-1EVP_MD_CTX\s0\fR structure, i.e. the size of the
+hash.
+.PP
+\&\fIEVP_MD_block_size()\fR and \fIEVP_MD_CTX_block_size()\fR return the block size of the
+message digest when passed an \fB\s-1EVP_MD\s0\fR or an \fB\s-1EVP_MD_CTX\s0\fR structure.
+.PP
+\&\fIEVP_MD_type()\fR and \fIEVP_MD_CTX_type()\fR return the \s-1NID\s0 of the \s-1OBJECT\s0 \s-1IDENTIFIER\s0
+representing the given message digest when passed an \fB\s-1EVP_MD\s0\fR structure.
+For example EVP_MD_type(\fIEVP_sha1()\fR) returns \fBNID_sha1\fR. This function is
+normally used when setting \s-1ASN1\s0 OIDs.
+.PP
+\&\fIEVP_MD_CTX_md()\fR returns the \fB\s-1EVP_MD\s0\fR structure corresponding to the passed
+\&\fB\s-1EVP_MD_CTX\s0\fR.
+.PP
+\&\fIEVP_MD_pkey_type()\fR returns the \s-1NID\s0 of the public key signing algorithm associated
+with this digest. For example \fIEVP_sha1()\fR is associated with \s-1RSA\s0 so this will
+return \fBNID_sha1WithRSAEncryption\fR. This \*(L"link\*(R" between digests and signature
+algorithms may not be retained in future versions of OpenSSL.
+.PP
+\&\fIEVP_md2()\fR, \fIEVP_md5()\fR, \fIEVP_sha()\fR, \fIEVP_sha1()\fR, \fIEVP_mdc2()\fR and \fIEVP_ripemd160()\fR
+return \fB\s-1EVP_MD\s0\fR structures for the \s-1MD2\s0, \s-1MD5\s0, \s-1SHA\s0, \s-1SHA1\s0, \s-1MDC2\s0 and \s-1RIPEMD160\s0 digest
+algorithms respectively. The associated signature algorithm is \s-1RSA\s0 in each case.
+.PP
+\&\fIEVP_dss()\fR and \fIEVP_dss1()\fR return \fB\s-1EVP_MD\s0\fR structures for \s-1SHA\s0 and \s-1SHA1\s0 digest
+algorithms but using \s-1DSS\s0 (\s-1DSA\s0) for the signature algorithm.
+.PP
+\&\fIEVP_md_null()\fR is a \*(L"null\*(R" message digest that does nothing: i.e. the hash it
+returns is of zero length.
+.PP
+\&\fIEVP_get_digestbyname()\fR, \fIEVP_get_digestbynid()\fR and \fIEVP_get_digestbyobj()\fR
+return an \fB\s-1EVP_MD\s0\fR structure when passed a digest name, a digest \s-1NID\s0 or
+an \s-1ASN1_OBJECT\s0 structure respectively. The digest table must be initialized
+using, for example, \fIOpenSSL_add_all_digests()\fR for these functions to work.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+\&\fIEVP_DigestInit_ex()\fR, \fIEVP_DigestUpdate()\fR and \fIEVP_DigestFinal_ex()\fR return 1 for
+success and 0 for failure.
+.PP
+\&\fIEVP_MD_CTX_copy_ex()\fR returns 1 if successful or 0 for failure.
+.PP
+\&\fIEVP_MD_type()\fR, \fIEVP_MD_pkey_type()\fR and \fIEVP_MD_type()\fR return the \s-1NID\s0 of the
+corresponding \s-1OBJECT\s0 \s-1IDENTIFIER\s0 or NID_undef if none exists.
+.PP
+\&\fIEVP_MD_size()\fR, \fIEVP_MD_block_size()\fR, EVP_MD_CTX_size(e), \fIEVP_MD_size()\fR,
+\&\fIEVP_MD_CTX_block_size()\fR and \fIEVP_MD_block_size()\fR return the digest or block
+size in bytes.
+.PP
+\&\fIEVP_md_null()\fR, \fIEVP_md2()\fR, \fIEVP_md5()\fR, \fIEVP_sha()\fR, \fIEVP_sha1()\fR, \fIEVP_dss()\fR,
+\&\fIEVP_dss1()\fR, \fIEVP_mdc2()\fR and \fIEVP_ripemd160()\fR return pointers to the
+corresponding \s-1EVP_MD\s0 structures.
+.PP
+\&\fIEVP_get_digestbyname()\fR, \fIEVP_get_digestbynid()\fR and \fIEVP_get_digestbyobj()\fR
+return either an \fB\s-1EVP_MD\s0\fR structure or \s-1NULL\s0 if an error occurs.
+.SH "NOTES"
+.IX Header "NOTES"
+The \fB\s-1EVP\s0\fR interface to message digests should almost always be used in
+preference to the low level interfaces. This is because the code then becomes
+transparent to the digest used and much more flexible.
+.PP
+\&\s-1SHA1\s0 is the digest of choice for new applications. The other digest algorithms
+are still in common use.
+.PP
+For most applications the \fBimpl\fR parameter to \fIEVP_DigestInit_ex()\fR will be
+set to \s-1NULL\s0 to use the default digest implementation.
+.PP
+The functions \fIEVP_DigestInit()\fR, \fIEVP_DigestFinal()\fR and \fIEVP_MD_CTX_copy()\fR are
+obsolete but are retained to maintain compatibility with existing code. New
+applications should use \fIEVP_DigestInit_ex()\fR, \fIEVP_DigestFinal_ex()\fR and
+\&\fIEVP_MD_CTX_copy_ex()\fR because they can efficiently reuse a digest context
+instead of initializing and cleaning it up on each call and allow non default
+implementations of digests to be specified.
+.PP
+In OpenSSL 0.9.7 and later if digest contexts are not cleaned up after use
+memory leaks will occur.
+.SH "EXAMPLE"
+.IX Header "EXAMPLE"
+This example digests the data \*(L"Test Message\en\*(R" and \*(L"Hello World\en\*(R", using the
+digest name passed on the command line.
+.PP
+.Vb 2
+\& #include <stdio.h>
+\& #include <openssl/evp.h>
+\&
+\& main(int argc, char *argv[])
+\& {
+\& EVP_MD_CTX mdctx;
+\& const EVP_MD *md;
+\& char mess1[] = "Test Message\en";
+\& char mess2[] = "Hello World\en";
+\& unsigned char md_value[EVP_MAX_MD_SIZE];
+\& int md_len, i;
+\&
+\& OpenSSL_add_all_digests();
+\&
+\& if(!argv[1]) {
+\& printf("Usage: mdtest digestname\en");
+\& exit(1);
+\& }
+\&
+\& md = EVP_get_digestbyname(argv[1]);
+\&
+\& if(!md) {
+\& printf("Unknown message digest %s\en", argv[1]);
+\& exit(1);
+\& }
+\&
+\& EVP_MD_CTX_init(&mdctx);
+\& EVP_DigestInit_ex(&mdctx, md, NULL);
+\& EVP_DigestUpdate(&mdctx, mess1, strlen(mess1));
+\& EVP_DigestUpdate(&mdctx, mess2, strlen(mess2));
+\& EVP_DigestFinal_ex(&mdctx, md_value, &md_len);
+\& EVP_MD_CTX_cleanup(&mdctx);
+\&
+\& printf("Digest is: ");
+\& for(i = 0; i < md_len; i++) printf("%02x", md_value[i]);
+\& printf("\en");
+\& }
+.Ve
+.SH "BUGS"
+.IX Header "BUGS"
+The link between digests and signing algorithms results in a situation where
+\&\fIEVP_sha1()\fR must be used with \s-1RSA\s0 and \fIEVP_dss1()\fR must be used with \s-1DSS\s0
+even though they are identical digests.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIevp\fR\|(3), \fIhmac\fR\|(3), \fImd2\fR\|(3),
+\&\fImd5\fR\|(3), \fImdc2\fR\|(3), \fIripemd\fR\|(3),
+\&\fIsha\fR\|(3), \fIdgst\fR\|(1)
+.SH "HISTORY"
+.IX Header "HISTORY"
+\&\fIEVP_DigestInit()\fR, \fIEVP_DigestUpdate()\fR and \fIEVP_DigestFinal()\fR are
+available in all versions of SSLeay and OpenSSL.
+.PP
+\&\fIEVP_MD_CTX_init()\fR, \fIEVP_MD_CTX_create()\fR, \fIEVP_MD_CTX_copy_ex()\fR,
+\&\fIEVP_MD_CTX_cleanup()\fR, \fIEVP_MD_CTX_destroy()\fR, \fIEVP_DigestInit_ex()\fR
+and \fIEVP_DigestFinal_ex()\fR were added in OpenSSL 0.9.7.
+.PP
+\&\fIEVP_md_null()\fR, \fIEVP_md2()\fR, \fIEVP_md5()\fR, \fIEVP_sha()\fR, \fIEVP_sha1()\fR,
+\&\fIEVP_dss()\fR, \fIEVP_dss1()\fR, \fIEVP_mdc2()\fR and \fIEVP_ripemd160()\fR were
+changed to return truely const \s-1EVP_MD\s0 * in OpenSSL 0.9.7.
diff --git a/secure/lib/libcrypto/man/EVP_EncryptInit.3 b/secure/lib/libcrypto/man/EVP_EncryptInit.3
new file mode 100644
index 0000000..15e656a
--- /dev/null
+++ b/secure/lib/libcrypto/man/EVP_EncryptInit.3
@@ -0,0 +1,626 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "EVP_EncryptInit 3"
+.TH EVP_EncryptInit 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+EVP_CIPHER_CTX_init, EVP_EncryptInit_ex, EVP_EncryptUpdate,
+EVP_EncryptFinal_ex, EVP_DecryptInit_ex, EVP_DecryptUpdate,
+EVP_DecryptFinal_ex, EVP_CipherInit_ex, EVP_CipherUpdate,
+EVP_CipherFinal_ex, EVP_CIPHER_CTX_set_key_length,
+EVP_CIPHER_CTX_ctrl, EVP_CIPHER_CTX_cleanup, EVP_EncryptInit,
+EVP_EncryptFinal, EVP_DecryptInit, EVP_DecryptFinal,
+EVP_CipherInit, EVP_CipherFinal, EVP_get_cipherbyname,
+EVP_get_cipherbynid, EVP_get_cipherbyobj, EVP_CIPHER_nid,
+EVP_CIPHER_block_size, EVP_CIPHER_key_length, EVP_CIPHER_iv_length,
+EVP_CIPHER_flags, EVP_CIPHER_mode, EVP_CIPHER_type, EVP_CIPHER_CTX_cipher,
+EVP_CIPHER_CTX_nid, EVP_CIPHER_CTX_block_size, EVP_CIPHER_CTX_key_length,
+EVP_CIPHER_CTX_iv_length, EVP_CIPHER_CTX_get_app_data,
+EVP_CIPHER_CTX_set_app_data, EVP_CIPHER_CTX_type, EVP_CIPHER_CTX_flags,
+EVP_CIPHER_CTX_mode, EVP_CIPHER_param_to_asn1, EVP_CIPHER_asn1_to_param,
+EVP_CIPHER_CTX_set_padding \- EVP cipher routines
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/evp.h>
+\&
+\& void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *a);
+\&
+\& int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
+\& ENGINE *impl, unsigned char *key, unsigned char *iv);
+\& int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
+\& int *outl, unsigned char *in, int inl);
+\& int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out,
+\& int *outl);
+\&
+\& int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
+\& ENGINE *impl, unsigned char *key, unsigned char *iv);
+\& int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
+\& int *outl, unsigned char *in, int inl);
+\& int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm,
+\& int *outl);
+\&
+\& int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
+\& ENGINE *impl, unsigned char *key, unsigned char *iv, int enc);
+\& int EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
+\& int *outl, unsigned char *in, int inl);
+\& int EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm,
+\& int *outl);
+\&
+\& int EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
+\& unsigned char *key, unsigned char *iv);
+\& int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out,
+\& int *outl);
+\&
+\& int EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
+\& unsigned char *key, unsigned char *iv);
+\& int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm,
+\& int *outl);
+\&
+\& int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
+\& unsigned char *key, unsigned char *iv, int enc);
+\& int EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm,
+\& int *outl);
+\&
+\& int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *x, int padding);
+\& int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *x, int keylen);
+\& int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr);
+\& int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *a);
+\&
+\& const EVP_CIPHER *EVP_get_cipherbyname(const char *name);
+\& #define EVP_get_cipherbynid(a) EVP_get_cipherbyname(OBJ_nid2sn(a))
+\& #define EVP_get_cipherbyobj(a) EVP_get_cipherbynid(OBJ_obj2nid(a))
+\&
+\& #define EVP_CIPHER_nid(e) ((e)\->nid)
+\& #define EVP_CIPHER_block_size(e) ((e)\->block_size)
+\& #define EVP_CIPHER_key_length(e) ((e)\->key_len)
+\& #define EVP_CIPHER_iv_length(e) ((e)\->iv_len)
+\& #define EVP_CIPHER_flags(e) ((e)\->flags)
+\& #define EVP_CIPHER_mode(e) ((e)\->flags) & EVP_CIPH_MODE)
+\& int EVP_CIPHER_type(const EVP_CIPHER *ctx);
+\&
+\& #define EVP_CIPHER_CTX_cipher(e) ((e)\->cipher)
+\& #define EVP_CIPHER_CTX_nid(e) ((e)\->cipher\->nid)
+\& #define EVP_CIPHER_CTX_block_size(e) ((e)\->cipher\->block_size)
+\& #define EVP_CIPHER_CTX_key_length(e) ((e)\->key_len)
+\& #define EVP_CIPHER_CTX_iv_length(e) ((e)\->cipher\->iv_len)
+\& #define EVP_CIPHER_CTX_get_app_data(e) ((e)\->app_data)
+\& #define EVP_CIPHER_CTX_set_app_data(e,d) ((e)\->app_data=(char *)(d))
+\& #define EVP_CIPHER_CTX_type(c) EVP_CIPHER_type(EVP_CIPHER_CTX_cipher(c))
+\& #define EVP_CIPHER_CTX_flags(e) ((e)\->cipher\->flags)
+\& #define EVP_CIPHER_CTX_mode(e) ((e)\->cipher\->flags & EVP_CIPH_MODE)
+\&
+\& int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type);
+\& int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+The \s-1EVP\s0 cipher routines are a high level interface to certain
+symmetric ciphers.
+.PP
+\&\fIEVP_CIPHER_CTX_init()\fR initializes cipher contex \fBctx\fR.
+.PP
+\&\fIEVP_EncryptInit_ex()\fR sets up cipher context \fBctx\fR for encryption
+with cipher \fBtype\fR from \s-1ENGINE\s0 \fBimpl\fR. \fBctx\fR must be initialized
+before calling this function. \fBtype\fR is normally supplied
+by a function such as \fIEVP_des_cbc()\fR. If \fBimpl\fR is \s-1NULL\s0 then the
+default implementation is used. \fBkey\fR is the symmetric key to use
+and \fBiv\fR is the \s-1IV\s0 to use (if necessary), the actual number of bytes
+used for the key and \s-1IV\s0 depends on the cipher. It is possible to set
+all parameters to \s-1NULL\s0 except \fBtype\fR in an initial call and supply
+the remaining parameters in subsequent calls, all of which have \fBtype\fR
+set to \s-1NULL\s0. This is done when the default cipher parameters are not
+appropriate.
+.PP
+\&\fIEVP_EncryptUpdate()\fR encrypts \fBinl\fR bytes from the buffer \fBin\fR and
+writes the encrypted version to \fBout\fR. This function can be called
+multiple times to encrypt successive blocks of data. The amount
+of data written depends on the block alignment of the encrypted data:
+as a result the amount of data written may be anything from zero bytes
+to (inl + cipher_block_size \- 1) so \fBoutl\fR should contain sufficient
+room. The actual number of bytes written is placed in \fBoutl\fR.
+.PP
+If padding is enabled (the default) then \fIEVP_EncryptFinal_ex()\fR encrypts
+the \*(L"final\*(R" data, that is any data that remains in a partial block.
+It uses standard block padding (aka \s-1PKCS\s0 padding). The encrypted
+final data is written to \fBout\fR which should have sufficient space for
+one cipher block. The number of bytes written is placed in \fBoutl\fR. After
+this function is called the encryption operation is finished and no further
+calls to \fIEVP_EncryptUpdate()\fR should be made.
+.PP
+If padding is disabled then \fIEVP_EncryptFinal_ex()\fR will not encrypt any more
+data and it will return an error if any data remains in a partial block:
+that is if the total data length is not a multiple of the block size.
+.PP
+\&\fIEVP_DecryptInit_ex()\fR, \fIEVP_DecryptUpdate()\fR and \fIEVP_DecryptFinal_ex()\fR are the
+corresponding decryption operations. \fIEVP_DecryptFinal()\fR will return an
+error code if padding is enabled and the final block is not correctly
+formatted. The parameters and restrictions are identical to the encryption
+operations except that if padding is enabled the decrypted data buffer \fBout\fR
+passed to \fIEVP_DecryptUpdate()\fR should have sufficient room for
+(\fBinl\fR + cipher_block_size) bytes unless the cipher block size is 1 in
+which case \fBinl\fR bytes is sufficient.
+.PP
+\&\fIEVP_CipherInit_ex()\fR, \fIEVP_CipherUpdate()\fR and \fIEVP_CipherFinal_ex()\fR are
+functions that can be used for decryption or encryption. The operation
+performed depends on the value of the \fBenc\fR parameter. It should be set
+to 1 for encryption, 0 for decryption and \-1 to leave the value unchanged
+(the actual value of 'enc' being supplied in a previous call).
+.PP
+\&\fIEVP_CIPHER_CTX_cleanup()\fR clears all information from a cipher context
+and free up any allocated memory associate with it. It should be called
+after all operations using a cipher are complete so sensitive information
+does not remain in memory.
+.PP
+\&\fIEVP_EncryptInit()\fR, \fIEVP_DecryptInit()\fR and \fIEVP_CipherInit()\fR behave in a
+similar way to \fIEVP_EncryptInit_ex()\fR, EVP_DecryptInit_ex and
+\&\fIEVP_CipherInit_ex()\fR except the \fBctx\fR paramter does not need to be
+initialized and they always use the default cipher implementation.
+.PP
+\&\fIEVP_EncryptFinal()\fR, \fIEVP_DecryptFinal()\fR and \fIEVP_CipherFinal()\fR behave in a
+similar way to \fIEVP_EncryptFinal_ex()\fR, \fIEVP_DecryptFinal_ex()\fR and
+\&\fIEVP_CipherFinal_ex()\fR except \fBctx\fR is automatically cleaned up
+after the call.
+.PP
+\&\fIEVP_get_cipherbyname()\fR, \fIEVP_get_cipherbynid()\fR and \fIEVP_get_cipherbyobj()\fR
+return an \s-1EVP_CIPHER\s0 structure when passed a cipher name, a \s-1NID\s0 or an
+\&\s-1ASN1_OBJECT\s0 structure.
+.PP
+\&\fIEVP_CIPHER_nid()\fR and \fIEVP_CIPHER_CTX_nid()\fR return the \s-1NID\s0 of a cipher when
+passed an \fB\s-1EVP_CIPHER\s0\fR or \fB\s-1EVP_CIPHER_CTX\s0\fR structure. The actual \s-1NID\s0
+value is an internal value which may not have a corresponding \s-1OBJECT\s0
+\&\s-1IDENTIFIER\s0.
+.PP
+\&\fIEVP_CIPHER_CTX_set_padding()\fR enables or disables padding. By default
+encryption operations are padded using standard block padding and the
+padding is checked and removed when decrypting. If the \fBpad\fR parameter
+is zero then no padding is performed, the total amount of data encrypted
+or decrypted must then be a multiple of the block size or an error will
+occur.
+.PP
+\&\fIEVP_CIPHER_key_length()\fR and \fIEVP_CIPHER_CTX_key_length()\fR return the key
+length of a cipher when passed an \fB\s-1EVP_CIPHER\s0\fR or \fB\s-1EVP_CIPHER_CTX\s0\fR
+structure. The constant \fB\s-1EVP_MAX_KEY_LENGTH\s0\fR is the maximum key length
+for all ciphers. Note: although \fIEVP_CIPHER_key_length()\fR is fixed for a
+given cipher, the value of \fIEVP_CIPHER_CTX_key_length()\fR may be different
+for variable key length ciphers.
+.PP
+\&\fIEVP_CIPHER_CTX_set_key_length()\fR sets the key length of the cipher ctx.
+If the cipher is a fixed length cipher then attempting to set the key
+length to any value other than the fixed value is an error.
+.PP
+\&\fIEVP_CIPHER_iv_length()\fR and \fIEVP_CIPHER_CTX_iv_length()\fR return the \s-1IV\s0
+length of a cipher when passed an \fB\s-1EVP_CIPHER\s0\fR or \fB\s-1EVP_CIPHER_CTX\s0\fR.
+It will return zero if the cipher does not use an \s-1IV\s0. The constant
+\&\fB\s-1EVP_MAX_IV_LENGTH\s0\fR is the maximum \s-1IV\s0 length for all ciphers.
+.PP
+\&\fIEVP_CIPHER_block_size()\fR and \fIEVP_CIPHER_CTX_block_size()\fR return the block
+size of a cipher when passed an \fB\s-1EVP_CIPHER\s0\fR or \fB\s-1EVP_CIPHER_CTX\s0\fR
+structure. The constant \fB\s-1EVP_MAX_IV_LENGTH\s0\fR is also the maximum block
+length for all ciphers.
+.PP
+\&\fIEVP_CIPHER_type()\fR and \fIEVP_CIPHER_CTX_type()\fR return the type of the passed
+cipher or context. This \*(L"type\*(R" is the actual \s-1NID\s0 of the cipher \s-1OBJECT\s0
+\&\s-1IDENTIFIER\s0 as such it ignores the cipher parameters and 40 bit \s-1RC2\s0 and
+128 bit \s-1RC2\s0 have the same \s-1NID\s0. If the cipher does not have an object
+identifier or does not have \s-1ASN1\s0 support this function will return
+\&\fBNID_undef\fR.
+.PP
+\&\fIEVP_CIPHER_CTX_cipher()\fR returns the \fB\s-1EVP_CIPHER\s0\fR structure when passed
+an \fB\s-1EVP_CIPHER_CTX\s0\fR structure.
+.PP
+\&\fIEVP_CIPHER_mode()\fR and \fIEVP_CIPHER_CTX_mode()\fR return the block cipher mode:
+\&\s-1EVP_CIPH_ECB_MODE\s0, \s-1EVP_CIPH_CBC_MODE\s0, \s-1EVP_CIPH_CFB_MODE\s0 or
+\&\s-1EVP_CIPH_OFB_MODE\s0. If the cipher is a stream cipher then
+\&\s-1EVP_CIPH_STREAM_CIPHER\s0 is returned.
+.PP
+\&\fIEVP_CIPHER_param_to_asn1()\fR sets the AlgorithmIdentifier \*(L"parameter\*(R" based
+on the passed cipher. This will typically include any parameters and an
+\&\s-1IV\s0. The cipher \s-1IV\s0 (if any) must be set when this call is made. This call
+should be made before the cipher is actually \*(L"used\*(R" (before any
+\&\fIEVP_EncryptUpdate()\fR, \fIEVP_DecryptUpdate()\fR calls for example). This function
+may fail if the cipher does not have any \s-1ASN1\s0 support.
+.PP
+\&\fIEVP_CIPHER_asn1_to_param()\fR sets the cipher parameters based on an \s-1ASN1\s0
+AlgorithmIdentifier \*(L"parameter\*(R". The precise effect depends on the cipher
+In the case of \s-1RC2\s0, for example, it will set the \s-1IV\s0 and effective key length.
+This function should be called after the base cipher type is set but before
+the key is set. For example \fIEVP_CipherInit()\fR will be called with the \s-1IV\s0 and
+key set to \s-1NULL\s0, \fIEVP_CIPHER_asn1_to_param()\fR will be called and finally
+\&\fIEVP_CipherInit()\fR again with all parameters except the key set to \s-1NULL\s0. It is
+possible for this function to fail if the cipher does not have any \s-1ASN1\s0 support
+or the parameters cannot be set (for example the \s-1RC2\s0 effective key length
+is not supported.
+.PP
+\&\fIEVP_CIPHER_CTX_ctrl()\fR allows various cipher specific parameters to be determined
+and set. Currently only the \s-1RC2\s0 effective key length and the number of rounds of
+\&\s-1RC5\s0 can be set.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+\&\fIEVP_EncryptInit_ex()\fR, \fIEVP_EncryptUpdate()\fR and \fIEVP_EncryptFinal_ex()\fR
+return 1 for success and 0 for failure.
+.PP
+\&\fIEVP_DecryptInit_ex()\fR and \fIEVP_DecryptUpdate()\fR return 1 for success and 0 for failure.
+\&\fIEVP_DecryptFinal_ex()\fR returns 0 if the decrypt failed or 1 for success.
+.PP
+\&\fIEVP_CipherInit_ex()\fR and \fIEVP_CipherUpdate()\fR return 1 for success and 0 for failure.
+\&\fIEVP_CipherFinal_ex()\fR returns 0 for a decryption failure or 1 for success.
+.PP
+\&\fIEVP_CIPHER_CTX_cleanup()\fR returns 1 for success and 0 for failure.
+.PP
+\&\fIEVP_get_cipherbyname()\fR, \fIEVP_get_cipherbynid()\fR and \fIEVP_get_cipherbyobj()\fR
+return an \fB\s-1EVP_CIPHER\s0\fR structure or \s-1NULL\s0 on error.
+.PP
+\&\fIEVP_CIPHER_nid()\fR and \fIEVP_CIPHER_CTX_nid()\fR return a \s-1NID\s0.
+.PP
+\&\fIEVP_CIPHER_block_size()\fR and \fIEVP_CIPHER_CTX_block_size()\fR return the block
+size.
+.PP
+\&\fIEVP_CIPHER_key_length()\fR and \fIEVP_CIPHER_CTX_key_length()\fR return the key
+length.
+.PP
+\&\fIEVP_CIPHER_CTX_set_padding()\fR always returns 1.
+.PP
+\&\fIEVP_CIPHER_iv_length()\fR and \fIEVP_CIPHER_CTX_iv_length()\fR return the \s-1IV\s0
+length or zero if the cipher does not use an \s-1IV\s0.
+.PP
+\&\fIEVP_CIPHER_type()\fR and \fIEVP_CIPHER_CTX_type()\fR return the \s-1NID\s0 of the cipher's
+\&\s-1OBJECT\s0 \s-1IDENTIFIER\s0 or NID_undef if it has no defined \s-1OBJECT\s0 \s-1IDENTIFIER\s0.
+.PP
+\&\fIEVP_CIPHER_CTX_cipher()\fR returns an \fB\s-1EVP_CIPHER\s0\fR structure.
+.PP
+\&\fIEVP_CIPHER_param_to_asn1()\fR and \fIEVP_CIPHER_asn1_to_param()\fR return 1 for
+success or zero for failure.
+.SH "CIPHER LISTING"
+.IX Header "CIPHER LISTING"
+All algorithms have a fixed key length unless otherwise stated.
+.IP "\fIEVP_enc_null()\fR" 4
+.IX Item "EVP_enc_null()"
+Null cipher: does nothing.
+.IP "EVP_des_cbc(void), EVP_des_ecb(void), EVP_des_cfb(void), EVP_des_ofb(void)" 4
+.IX Item "EVP_des_cbc(void), EVP_des_ecb(void), EVP_des_cfb(void), EVP_des_ofb(void)"
+\&\s-1DES\s0 in \s-1CBC\s0, \s-1ECB\s0, \s-1CFB\s0 and \s-1OFB\s0 modes respectively.
+.IP "EVP_des_ede_cbc(void), \fIEVP_des_ede()\fR, EVP_des_ede_ofb(void), EVP_des_ede_cfb(void)" 4
+.IX Item "EVP_des_ede_cbc(void), EVP_des_ede(), EVP_des_ede_ofb(void), EVP_des_ede_cfb(void)"
+Two key triple \s-1DES\s0 in \s-1CBC\s0, \s-1ECB\s0, \s-1CFB\s0 and \s-1OFB\s0 modes respectively.
+.IP "EVP_des_ede3_cbc(void), \fIEVP_des_ede3()\fR, EVP_des_ede3_ofb(void), EVP_des_ede3_cfb(void)" 4
+.IX Item "EVP_des_ede3_cbc(void), EVP_des_ede3(), EVP_des_ede3_ofb(void), EVP_des_ede3_cfb(void)"
+Three key triple \s-1DES\s0 in \s-1CBC\s0, \s-1ECB\s0, \s-1CFB\s0 and \s-1OFB\s0 modes respectively.
+.IP "EVP_desx_cbc(void)" 4
+.IX Item "EVP_desx_cbc(void)"
+\&\s-1DESX\s0 algorithm in \s-1CBC\s0 mode.
+.IP "EVP_rc4(void)" 4
+.IX Item "EVP_rc4(void)"
+\&\s-1RC4\s0 stream cipher. This is a variable key length cipher with default key length 128 bits.
+.IP "EVP_rc4_40(void)" 4
+.IX Item "EVP_rc4_40(void)"
+\&\s-1RC4\s0 stream cipher with 40 bit key length. This is obsolete and new code should use \fIEVP_rc4()\fR
+and the \fIEVP_CIPHER_CTX_set_key_length()\fR function.
+.IP "\fIEVP_idea_cbc()\fR EVP_idea_ecb(void), EVP_idea_cfb(void), EVP_idea_ofb(void), EVP_idea_cbc(void)" 4
+.IX Item "EVP_idea_cbc() EVP_idea_ecb(void), EVP_idea_cfb(void), EVP_idea_ofb(void), EVP_idea_cbc(void)"
+\&\s-1IDEA\s0 encryption algorithm in \s-1CBC\s0, \s-1ECB\s0, \s-1CFB\s0 and \s-1OFB\s0 modes respectively.
+.IP "EVP_rc2_cbc(void), EVP_rc2_ecb(void), EVP_rc2_cfb(void), EVP_rc2_ofb(void)" 4
+.IX Item "EVP_rc2_cbc(void), EVP_rc2_ecb(void), EVP_rc2_cfb(void), EVP_rc2_ofb(void)"
+\&\s-1RC2\s0 encryption algorithm in \s-1CBC\s0, \s-1ECB\s0, \s-1CFB\s0 and \s-1OFB\s0 modes respectively. This is a variable key
+length cipher with an additional parameter called \*(L"effective key bits\*(R" or \*(L"effective key length\*(R".
+By default both are set to 128 bits.
+.IP "EVP_rc2_40_cbc(void), EVP_rc2_64_cbc(void)" 4
+.IX Item "EVP_rc2_40_cbc(void), EVP_rc2_64_cbc(void)"
+\&\s-1RC2\s0 algorithm in \s-1CBC\s0 mode with a default key length and effective key length of 40 and 64 bits.
+These are obsolete and new code should use \fIEVP_rc2_cbc()\fR, \fIEVP_CIPHER_CTX_set_key_length()\fR and
+\&\fIEVP_CIPHER_CTX_ctrl()\fR to set the key length and effective key length.
+.IP "EVP_bf_cbc(void), EVP_bf_ecb(void), EVP_bf_cfb(void), EVP_bf_ofb(void);" 4
+.IX Item "EVP_bf_cbc(void), EVP_bf_ecb(void), EVP_bf_cfb(void), EVP_bf_ofb(void);"
+Blowfish encryption algorithm in \s-1CBC\s0, \s-1ECB\s0, \s-1CFB\s0 and \s-1OFB\s0 modes respectively. This is a variable key
+length cipher.
+.IP "EVP_cast5_cbc(void), EVP_cast5_ecb(void), EVP_cast5_cfb(void), EVP_cast5_ofb(void)" 4
+.IX Item "EVP_cast5_cbc(void), EVP_cast5_ecb(void), EVP_cast5_cfb(void), EVP_cast5_ofb(void)"
+\&\s-1CAST\s0 encryption algorithm in \s-1CBC\s0, \s-1ECB\s0, \s-1CFB\s0 and \s-1OFB\s0 modes respectively. This is a variable key
+length cipher.
+.IP "EVP_rc5_32_12_16_cbc(void), EVP_rc5_32_12_16_ecb(void), EVP_rc5_32_12_16_cfb(void), EVP_rc5_32_12_16_ofb(void)" 4
+.IX Item "EVP_rc5_32_12_16_cbc(void), EVP_rc5_32_12_16_ecb(void), EVP_rc5_32_12_16_cfb(void), EVP_rc5_32_12_16_ofb(void)"
+\&\s-1RC5\s0 encryption algorithm in \s-1CBC\s0, \s-1ECB\s0, \s-1CFB\s0 and \s-1OFB\s0 modes respectively. This is a variable key length
+cipher with an additional \*(L"number of rounds\*(R" parameter. By default the key length is set to 128
+bits and 12 rounds.
+.SH "NOTES"
+.IX Header "NOTES"
+Where possible the \fB\s-1EVP\s0\fR interface to symmetric ciphers should be used in
+preference to the low level interfaces. This is because the code then becomes
+transparent to the cipher used and much more flexible.
+.PP
+\&\s-1PKCS\s0 padding works by adding \fBn\fR padding bytes of value \fBn\fR to make the total
+length of the encrypted data a multiple of the block size. Padding is always
+added so if the data is already a multiple of the block size \fBn\fR will equal
+the block size. For example if the block size is 8 and 11 bytes are to be
+encrypted then 5 padding bytes of value 5 will be added.
+.PP
+When decrypting the final block is checked to see if it has the correct form.
+.PP
+Although the decryption operation can produce an error if padding is enabled,
+it is not a strong test that the input data or key is correct. A random block
+has better than 1 in 256 chance of being of the correct format and problems with
+the input data earlier on will not produce a final decrypt error.
+.PP
+If padding is disabled then the decryption operation will always succeed if
+the total amount of data decrypted is a multiple of the block size.
+.PP
+The functions \fIEVP_EncryptInit()\fR, \fIEVP_EncryptFinal()\fR, \fIEVP_DecryptInit()\fR,
+\&\fIEVP_CipherInit()\fR and \fIEVP_CipherFinal()\fR are obsolete but are retained for
+compatibility with existing code. New code should use \fIEVP_EncryptInit_ex()\fR,
+\&\fIEVP_EncryptFinal_ex()\fR, \fIEVP_DecryptInit_ex()\fR, \fIEVP_DecryptFinal_ex()\fR,
+\&\fIEVP_CipherInit_ex()\fR and \fIEVP_CipherFinal_ex()\fR because they can reuse an
+existing context without allocating and freeing it up on each call.
+.SH "BUGS"
+.IX Header "BUGS"
+For \s-1RC5\s0 the number of rounds can currently only be set to 8, 12 or 16. This is
+a limitation of the current \s-1RC5\s0 code rather than the \s-1EVP\s0 interface.
+.PP
+\&\s-1EVP_MAX_KEY_LENGTH\s0 and \s-1EVP_MAX_IV_LENGTH\s0 only refer to the internal ciphers with
+default key lengths. If custom ciphers exceed these values the results are
+unpredictable. This is because it has become standard practice to define a
+generic key as a fixed unsigned char array containing \s-1EVP_MAX_KEY_LENGTH\s0 bytes.
+.PP
+The \s-1ASN1\s0 code is incomplete (and sometimes inaccurate) it has only been tested
+for certain common S/MIME ciphers (\s-1RC2\s0, \s-1DES\s0, triple \s-1DES\s0) in \s-1CBC\s0 mode.
+.SH "EXAMPLES"
+.IX Header "EXAMPLES"
+Get the number of rounds used in \s-1RC5:\s0
+.PP
+.Vb 2
+\& int nrounds;
+\& EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GET_RC5_ROUNDS, 0, &nrounds);
+.Ve
+.PP
+Get the \s-1RC2\s0 effective key length:
+.PP
+.Vb 2
+\& int key_bits;
+\& EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GET_RC2_KEY_BITS, 0, &key_bits);
+.Ve
+.PP
+Set the number of rounds used in \s-1RC5:\s0
+.PP
+.Vb 2
+\& int nrounds;
+\& EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_SET_RC5_ROUNDS, nrounds, NULL);
+.Ve
+.PP
+Set the effective key length used in \s-1RC2:\s0
+.PP
+.Vb 2
+\& int key_bits;
+\& EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_SET_RC2_KEY_BITS, key_bits, NULL);
+.Ve
+.PP
+Encrypt a string using blowfish:
+.PP
+.Vb 10
+\& int do_crypt(char *outfile)
+\& {
+\& unsigned char outbuf[1024];
+\& int outlen, tmplen;
+\& /* Bogus key and IV: we\*(Aqd normally set these from
+\& * another source.
+\& */
+\& unsigned char key[] = {0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15};
+\& unsigned char iv[] = {1,2,3,4,5,6,7,8};
+\& char intext[] = "Some Crypto Text";
+\& EVP_CIPHER_CTX ctx;
+\& FILE *out;
+\& EVP_CIPHER_CTX_init(&ctx);
+\& EVP_EncryptInit_ex(&ctx, EVP_bf_cbc(), NULL, key, iv);
+\&
+\& if(!EVP_EncryptUpdate(&ctx, outbuf, &outlen, intext, strlen(intext)))
+\& {
+\& /* Error */
+\& return 0;
+\& }
+\& /* Buffer passed to EVP_EncryptFinal() must be after data just
+\& * encrypted to avoid overwriting it.
+\& */
+\& if(!EVP_EncryptFinal_ex(&ctx, outbuf + outlen, &tmplen))
+\& {
+\& /* Error */
+\& return 0;
+\& }
+\& outlen += tmplen;
+\& EVP_CIPHER_CTX_cleanup(&ctx);
+\& /* Need binary mode for fopen because encrypted data is
+\& * binary data. Also cannot use strlen() on it because
+\& * it wont be null terminated and may contain embedded
+\& * nulls.
+\& */
+\& out = fopen(outfile, "wb");
+\& fwrite(outbuf, 1, outlen, out);
+\& fclose(out);
+\& return 1;
+\& }
+.Ve
+.PP
+The ciphertext from the above example can be decrypted using the \fBopenssl\fR
+utility with the command line:
+.PP
+.Vb 1
+\& S<openssl bf \-in cipher.bin \-K 000102030405060708090A0B0C0D0E0F \-iv 0102030405060708 \-d>
+.Ve
+.PP
+General encryption, decryption function example using \s-1FILE\s0 I/O and \s-1RC2\s0 with an
+80 bit key:
+.PP
+.Vb 10
+\& int do_crypt(FILE *in, FILE *out, int do_encrypt)
+\& {
+\& /* Allow enough space in output buffer for additional block */
+\& inbuf[1024], outbuf[1024 + EVP_MAX_BLOCK_LENGTH];
+\& int inlen, outlen;
+\& /* Bogus key and IV: we\*(Aqd normally set these from
+\& * another source.
+\& */
+\& unsigned char key[] = "0123456789";
+\& unsigned char iv[] = "12345678";
+\& /* Don\*(Aqt set key or IV because we will modify the parameters */
+\& EVP_CIPHER_CTX_init(&ctx);
+\& EVP_CipherInit_ex(&ctx, EVP_rc2(), NULL, NULL, NULL, do_encrypt);
+\& EVP_CIPHER_CTX_set_key_length(&ctx, 10);
+\& /* We finished modifying parameters so now we can set key and IV */
+\& EVP_CipherInit_ex(&ctx, NULL, NULL, key, iv, do_encrypt);
+\&
+\& for(;;)
+\& {
+\& inlen = fread(inbuf, 1, 1024, in);
+\& if(inlen <= 0) break;
+\& if(!EVP_CipherUpdate(&ctx, outbuf, &outlen, inbuf, inlen))
+\& {
+\& /* Error */
+\& EVP_CIPHER_CTX_cleanup(&ctx);
+\& return 0;
+\& }
+\& fwrite(outbuf, 1, outlen, out);
+\& }
+\& if(!EVP_CipherFinal_ex(&ctx, outbuf, &outlen))
+\& {
+\& /* Error */
+\& EVP_CIPHER_CTX_cleanup(&ctx);
+\& return 0;
+\& }
+\& fwrite(outbuf, 1, outlen, out);
+\&
+\& EVP_CIPHER_CTX_cleanup(&ctx);
+\& return 1;
+\& }
+.Ve
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIevp\fR\|(3)
+.SH "HISTORY"
+.IX Header "HISTORY"
+\&\fIEVP_CIPHER_CTX_init()\fR, \fIEVP_EncryptInit_ex()\fR, \fIEVP_EncryptFinal_ex()\fR,
+\&\fIEVP_DecryptInit_ex()\fR, \fIEVP_DecryptFinal_ex()\fR, \fIEVP_CipherInit_ex()\fR,
+\&\fIEVP_CipherFinal_ex()\fR and \fIEVP_CIPHER_CTX_set_padding()\fR appeared in
+OpenSSL 0.9.7.
diff --git a/secure/lib/libcrypto/man/EVP_OpenInit.3 b/secure/lib/libcrypto/man/EVP_OpenInit.3
new file mode 100644
index 0000000..0ba61ec
--- /dev/null
+++ b/secure/lib/libcrypto/man/EVP_OpenInit.3
@@ -0,0 +1,186 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "EVP_OpenInit 3"
+.TH EVP_OpenInit 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+EVP_OpenInit, EVP_OpenUpdate, EVP_OpenFinal \- EVP envelope decryption
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/evp.h>
+\&
+\& int EVP_OpenInit(EVP_CIPHER_CTX *ctx,EVP_CIPHER *type,unsigned char *ek,
+\& int ekl,unsigned char *iv,EVP_PKEY *priv);
+\& int EVP_OpenUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
+\& int *outl, unsigned char *in, int inl);
+\& int EVP_OpenFinal(EVP_CIPHER_CTX *ctx, unsigned char *out,
+\& int *outl);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+The \s-1EVP\s0 envelope routines are a high level interface to envelope
+decryption. They decrypt a public key encrypted symmetric key and
+then decrypt data using it.
+.PP
+\&\fIEVP_OpenInit()\fR initializes a cipher context \fBctx\fR for decryption
+with cipher \fBtype\fR. It decrypts the encrypted symmetric key of length
+\&\fBekl\fR bytes passed in the \fBek\fR parameter using the private key \fBpriv\fR.
+The \s-1IV\s0 is supplied in the \fBiv\fR parameter.
+.PP
+\&\fIEVP_OpenUpdate()\fR and \fIEVP_OpenFinal()\fR have exactly the same properties
+as the \fIEVP_DecryptUpdate()\fR and \fIEVP_DecryptFinal()\fR routines, as
+documented on the \fIEVP_EncryptInit\fR\|(3) manual
+page.
+.SH "NOTES"
+.IX Header "NOTES"
+It is possible to call \fIEVP_OpenInit()\fR twice in the same way as
+\&\fIEVP_DecryptInit()\fR. The first call should have \fBpriv\fR set to \s-1NULL\s0
+and (after setting any cipher parameters) it should be called again
+with \fBtype\fR set to \s-1NULL\s0.
+.PP
+If the cipher passed in the \fBtype\fR parameter is a variable length
+cipher then the key length will be set to the value of the recovered
+key length. If the cipher is a fixed length cipher then the recovered
+key length must match the fixed cipher length.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+\&\fIEVP_OpenInit()\fR returns 0 on error or a non zero integer (actually the
+recovered secret key size) if successful.
+.PP
+\&\fIEVP_OpenUpdate()\fR returns 1 for success or 0 for failure.
+.PP
+\&\fIEVP_OpenFinal()\fR returns 0 if the decrypt failed or 1 for success.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIevp\fR\|(3), \fIrand\fR\|(3),
+\&\fIEVP_EncryptInit\fR\|(3),
+\&\fIEVP_SealInit\fR\|(3)
+.SH "HISTORY"
+.IX Header "HISTORY"
diff --git a/secure/lib/libcrypto/man/EVP_PKEY_new.3 b/secure/lib/libcrypto/man/EVP_PKEY_new.3
new file mode 100644
index 0000000..e8350f4
--- /dev/null
+++ b/secure/lib/libcrypto/man/EVP_PKEY_new.3
@@ -0,0 +1,168 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "EVP_PKEY_new 3"
+.TH EVP_PKEY_new 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+EVP_PKEY_new, EVP_PKEY_free \- private key allocation functions.
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/evp.h>
+\&
+\& EVP_PKEY *EVP_PKEY_new(void);
+\& void EVP_PKEY_free(EVP_PKEY *key);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+The \fIEVP_PKEY_new()\fR function allocates an empty \fB\s-1EVP_PKEY\s0\fR
+structure which is used by OpenSSL to store private keys.
+.PP
+\&\fIEVP_PKEY_free()\fR frees up the private key \fBkey\fR.
+.SH "NOTES"
+.IX Header "NOTES"
+The \fB\s-1EVP_PKEY\s0\fR structure is used by various OpenSSL functions
+which require a general private key without reference to any
+particular algorithm.
+.PP
+The structure returned by \fIEVP_PKEY_new()\fR is empty. To add a
+private key to this empty structure the functions described in
+\&\fIEVP_PKEY_set1_RSA\fR\|(3) should be used.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+\&\fIEVP_PKEY_new()\fR returns either the newly allocated \fB\s-1EVP_PKEY\s0\fR
+structure of \fB\s-1NULL\s0\fR if an error occurred.
+.PP
+\&\fIEVP_PKEY_free()\fR does not return a value.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIEVP_PKEY_set1_RSA\fR\|(3)
+.SH "HISTORY"
+.IX Header "HISTORY"
+\&\s-1TBA\s0
diff --git a/secure/lib/libcrypto/man/EVP_PKEY_set1_RSA.3 b/secure/lib/libcrypto/man/EVP_PKEY_set1_RSA.3
new file mode 100644
index 0000000..f9d31f2
--- /dev/null
+++ b/secure/lib/libcrypto/man/EVP_PKEY_set1_RSA.3
@@ -0,0 +1,202 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "EVP_PKEY_set1_RSA 3"
+.TH EVP_PKEY_set1_RSA 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+EVP_PKEY_set1_RSA, EVP_PKEY_set1_DSA, EVP_PKEY_set1_DH, EVP_PKEY_set1_EC_KEY,
+EVP_PKEY_get1_RSA, EVP_PKEY_get1_DSA, EVP_PKEY_get1_DH, EVP_PKEY_get1_EC_KEY,
+EVP_PKEY_assign_RSA, EVP_PKEY_assign_DSA, EVP_PKEY_assign_DH, EVP_PKEY_assign_EC_KEY,
+EVP_PKEY_type \- EVP_PKEY assignment functions.
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/evp.h>
+\&
+\& int EVP_PKEY_set1_RSA(EVP_PKEY *pkey,RSA *key);
+\& int EVP_PKEY_set1_DSA(EVP_PKEY *pkey,DSA *key);
+\& int EVP_PKEY_set1_DH(EVP_PKEY *pkey,DH *key);
+\& int EVP_PKEY_set1_EC_KEY(EVP_PKEY *pkey,EC_KEY *key);
+\&
+\& RSA *EVP_PKEY_get1_RSA(EVP_PKEY *pkey);
+\& DSA *EVP_PKEY_get1_DSA(EVP_PKEY *pkey);
+\& DH *EVP_PKEY_get1_DH(EVP_PKEY *pkey);
+\& EC_KEY *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey);
+\&
+\& int EVP_PKEY_assign_RSA(EVP_PKEY *pkey,RSA *key);
+\& int EVP_PKEY_assign_DSA(EVP_PKEY *pkey,DSA *key);
+\& int EVP_PKEY_assign_DH(EVP_PKEY *pkey,DH *key);
+\& int EVP_PKEY_assign_EC_KEY(EVP_PKEY *pkey,EC_KEY *key);
+\&
+\& int EVP_PKEY_type(int type);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\fIEVP_PKEY_set1_RSA()\fR, \fIEVP_PKEY_set1_DSA()\fR, \fIEVP_PKEY_set1_DH()\fR and
+\&\fIEVP_PKEY_set1_EC_KEY()\fR set the key referenced by \fBpkey\fR to \fBkey\fR.
+.PP
+\&\fIEVP_PKEY_get1_RSA()\fR, \fIEVP_PKEY_get1_DSA()\fR, \fIEVP_PKEY_get1_DH()\fR and
+\&\fIEVP_PKEY_get1_EC_KEY()\fR return the referenced key in \fBpkey\fR or
+\&\fB\s-1NULL\s0\fR if the key is not of the correct type.
+.PP
+\&\fIEVP_PKEY_assign_RSA()\fR \fIEVP_PKEY_assign_DSA()\fR, \fIEVP_PKEY_assign_DH()\fR
+and \fIEVP_PKEY_assign_EC_KEY()\fR also set the referenced key to \fBkey\fR
+however these use the supplied \fBkey\fR internally and so \fBkey\fR
+will be freed when the parent \fBpkey\fR is freed.
+.PP
+\&\fIEVP_PKEY_type()\fR returns the type of key corresponding to the value
+\&\fBtype\fR. The type of a key can be obtained with
+EVP_PKEY_type(pkey\->type). The return value will be \s-1EVP_PKEY_RSA\s0,
+\&\s-1EVP_PKEY_DSA\s0, \s-1EVP_PKEY_DH\s0 or \s-1EVP_PKEY_EC\s0 for the corresponding
+key types or NID_undef if the key type is unassigned.
+.SH "NOTES"
+.IX Header "NOTES"
+In accordance with the OpenSSL naming convention the key obtained
+from or assigned to the \fBpkey\fR using the \fB1\fR functions must be
+freed as well as \fBpkey\fR.
+.PP
+\&\fIEVP_PKEY_assign_RSA()\fR \fIEVP_PKEY_assign_DSA()\fR, \fIEVP_PKEY_assign_DH()\fR
+\&\fIEVP_PKEY_assign_EC_KEY()\fR are implemented as macros.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+\&\fIEVP_PKEY_set1_RSA()\fR, \fIEVP_PKEY_set1_DSA()\fR, \fIEVP_PKEY_set1_DH()\fR and
+\&\fIEVP_PKEY_set1_EC_KEY()\fR return 1 for success or 0 for failure.
+.PP
+\&\fIEVP_PKEY_get1_RSA()\fR, \fIEVP_PKEY_get1_DSA()\fR, \fIEVP_PKEY_get1_DH()\fR and
+\&\fIEVP_PKEY_get1_EC_KEY()\fR return the referenced key or \fB\s-1NULL\s0\fR if
+an error occurred.
+.PP
+\&\fIEVP_PKEY_assign_RSA()\fR \fIEVP_PKEY_assign_DSA()\fR, \fIEVP_PKEY_assign_DH()\fR
+and \fIEVP_PKEY_assign_EC_KEY()\fR return 1 for success and 0 for failure.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIEVP_PKEY_new\fR\|(3)
+.SH "HISTORY"
+.IX Header "HISTORY"
+\&\s-1TBA\s0
diff --git a/secure/lib/libcrypto/man/EVP_SealInit.3 b/secure/lib/libcrypto/man/EVP_SealInit.3
new file mode 100644
index 0000000..1bba814
--- /dev/null
+++ b/secure/lib/libcrypto/man/EVP_SealInit.3
@@ -0,0 +1,207 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "EVP_SealInit 3"
+.TH EVP_SealInit 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+EVP_SealInit, EVP_SealUpdate, EVP_SealFinal \- EVP envelope encryption
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/evp.h>
+\&
+\& int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
+\& unsigned char **ek, int *ekl, unsigned char *iv,
+\& EVP_PKEY **pubk, int npubk);
+\& int EVP_SealUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
+\& int *outl, unsigned char *in, int inl);
+\& int EVP_SealFinal(EVP_CIPHER_CTX *ctx, unsigned char *out,
+\& int *outl);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+The \s-1EVP\s0 envelope routines are a high level interface to envelope
+encryption. They generate a random key and \s-1IV\s0 (if required) then
+\&\*(L"envelope\*(R" it by using public key encryption. Data can then be
+encrypted using this key.
+.PP
+\&\fIEVP_SealInit()\fR initializes a cipher context \fBctx\fR for encryption
+with cipher \fBtype\fR using a random secret key and \s-1IV\s0. \fBtype\fR is normally
+supplied by a function such as \fIEVP_des_cbc()\fR. The secret key is encrypted
+using one or more public keys, this allows the same encrypted data to be
+decrypted using any of the corresponding private keys. \fBek\fR is an array of
+buffers where the public key encrypted secret key will be written, each buffer
+must contain enough room for the corresponding encrypted key: that is
+\&\fBek[i]\fR must have room for \fBEVP_PKEY_size(pubk[i])\fR bytes. The actual
+size of each encrypted secret key is written to the array \fBekl\fR. \fBpubk\fR is
+an array of \fBnpubk\fR public keys.
+.PP
+The \fBiv\fR parameter is a buffer where the generated \s-1IV\s0 is written to. It must
+contain enough room for the corresponding cipher's \s-1IV\s0, as determined by (for
+example) EVP_CIPHER_iv_length(type).
+.PP
+If the cipher does not require an \s-1IV\s0 then the \fBiv\fR parameter is ignored
+and can be \fB\s-1NULL\s0\fR.
+.PP
+\&\fIEVP_SealUpdate()\fR and \fIEVP_SealFinal()\fR have exactly the same properties
+as the \fIEVP_EncryptUpdate()\fR and \fIEVP_EncryptFinal()\fR routines, as
+documented on the \fIEVP_EncryptInit\fR\|(3) manual
+page.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+\&\fIEVP_SealInit()\fR returns 0 on error or \fBnpubk\fR if successful.
+.PP
+\&\fIEVP_SealUpdate()\fR and \fIEVP_SealFinal()\fR return 1 for success and 0 for
+failure.
+.SH "NOTES"
+.IX Header "NOTES"
+Because a random secret key is generated the random number generator
+must be seeded before calling \fIEVP_SealInit()\fR.
+.PP
+The public key must be \s-1RSA\s0 because it is the only OpenSSL public key
+algorithm that supports key transport.
+.PP
+Envelope encryption is the usual method of using public key encryption
+on large amounts of data, this is because public key encryption is slow
+but symmetric encryption is fast. So symmetric encryption is used for
+bulk encryption and the small random symmetric key used is transferred
+using public key encryption.
+.PP
+It is possible to call \fIEVP_SealInit()\fR twice in the same way as
+\&\fIEVP_EncryptInit()\fR. The first call should have \fBnpubk\fR set to 0
+and (after setting any cipher parameters) it should be called again
+with \fBtype\fR set to \s-1NULL\s0.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIevp\fR\|(3), \fIrand\fR\|(3),
+\&\fIEVP_EncryptInit\fR\|(3),
+\&\fIEVP_OpenInit\fR\|(3)
+.SH "HISTORY"
+.IX Header "HISTORY"
+\&\fIEVP_SealFinal()\fR did not return a value before OpenSSL 0.9.7.
diff --git a/secure/lib/libcrypto/man/EVP_SignInit.3 b/secure/lib/libcrypto/man/EVP_SignInit.3
new file mode 100644
index 0000000..49ad550
--- /dev/null
+++ b/secure/lib/libcrypto/man/EVP_SignInit.3
@@ -0,0 +1,216 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "EVP_SignInit 3"
+.TH EVP_SignInit 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+EVP_SignInit, EVP_SignUpdate, EVP_SignFinal \- EVP signing functions
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/evp.h>
+\&
+\& int EVP_SignInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl);
+\& int EVP_SignUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt);
+\& int EVP_SignFinal(EVP_MD_CTX *ctx,unsigned char *sig,unsigned int *s, EVP_PKEY *pkey);
+\&
+\& void EVP_SignInit(EVP_MD_CTX *ctx, const EVP_MD *type);
+\&
+\& int EVP_PKEY_size(EVP_PKEY *pkey);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+The \s-1EVP\s0 signature routines are a high level interface to digital
+signatures.
+.PP
+\&\fIEVP_SignInit_ex()\fR sets up signing context \fBctx\fR to use digest
+\&\fBtype\fR from \s-1ENGINE\s0 \fBimpl\fR. \fBctx\fR must be initialized with
+\&\fIEVP_MD_CTX_init()\fR before calling this function.
+.PP
+\&\fIEVP_SignUpdate()\fR hashes \fBcnt\fR bytes of data at \fBd\fR into the
+signature context \fBctx\fR. This function can be called several times on the
+same \fBctx\fR to include additional data.
+.PP
+\&\fIEVP_SignFinal()\fR signs the data in \fBctx\fR using the private key \fBpkey\fR and
+places the signature in \fBsig\fR. The number of bytes of data written (i.e. the
+length of the signature) will be written to the integer at \fBs\fR, at most
+EVP_PKEY_size(pkey) bytes will be written.
+.PP
+\&\fIEVP_SignInit()\fR initializes a signing context \fBctx\fR to use the default
+implementation of digest \fBtype\fR.
+.PP
+\&\fIEVP_PKEY_size()\fR returns the maximum size of a signature in bytes. The actual
+signature returned by \fIEVP_SignFinal()\fR may be smaller.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+\&\fIEVP_SignInit_ex()\fR, \fIEVP_SignUpdate()\fR and \fIEVP_SignFinal()\fR return 1
+for success and 0 for failure.
+.PP
+\&\fIEVP_PKEY_size()\fR returns the maximum size of a signature in bytes.
+.PP
+The error codes can be obtained by \fIERR_get_error\fR\|(3).
+.SH "NOTES"
+.IX Header "NOTES"
+The \fB\s-1EVP\s0\fR interface to digital signatures should almost always be used in
+preference to the low level interfaces. This is because the code then becomes
+transparent to the algorithm used and much more flexible.
+.PP
+Due to the link between message digests and public key algorithms the correct
+digest algorithm must be used with the correct public key type. A list of
+algorithms and associated public key algorithms appears in
+\&\fIEVP_DigestInit\fR\|(3).
+.PP
+When signing with \s-1DSA\s0 private keys the random number generator must be seeded
+or the operation will fail. The random number generator does not need to be
+seeded for \s-1RSA\s0 signatures.
+.PP
+The call to \fIEVP_SignFinal()\fR internally finalizes a copy of the digest context.
+This means that calls to \fIEVP_SignUpdate()\fR and \fIEVP_SignFinal()\fR can be called
+later to digest and sign additional data.
+.PP
+Since only a copy of the digest context is ever finalized the context must
+be cleaned up after use by calling \fIEVP_MD_CTX_cleanup()\fR or a memory leak
+will occur.
+.SH "BUGS"
+.IX Header "BUGS"
+Older versions of this documentation wrongly stated that calls to
+\&\fIEVP_SignUpdate()\fR could not be made after calling \fIEVP_SignFinal()\fR.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIEVP_VerifyInit\fR\|(3),
+\&\fIEVP_DigestInit\fR\|(3), \fIerr\fR\|(3),
+\&\fIevp\fR\|(3), \fIhmac\fR\|(3), \fImd2\fR\|(3),
+\&\fImd5\fR\|(3), \fImdc2\fR\|(3), \fIripemd\fR\|(3),
+\&\fIsha\fR\|(3), \fIdgst\fR\|(1)
+.SH "HISTORY"
+.IX Header "HISTORY"
+\&\fIEVP_SignInit()\fR, \fIEVP_SignUpdate()\fR and \fIEVP_SignFinal()\fR are
+available in all versions of SSLeay and OpenSSL.
+.PP
+\&\fIEVP_SignInit_ex()\fR was added in OpenSSL 0.9.7.
diff --git a/secure/lib/libcrypto/man/EVP_VerifyInit.3 b/secure/lib/libcrypto/man/EVP_VerifyInit.3
new file mode 100644
index 0000000..a622038
--- /dev/null
+++ b/secure/lib/libcrypto/man/EVP_VerifyInit.3
@@ -0,0 +1,207 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "EVP_VerifyInit 3"
+.TH EVP_VerifyInit 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+EVP_VerifyInit, EVP_VerifyUpdate, EVP_VerifyFinal \- EVP signature verification functions
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/evp.h>
+\&
+\& int EVP_VerifyInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl);
+\& int EVP_VerifyUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt);
+\& int EVP_VerifyFinal(EVP_MD_CTX *ctx,unsigned char *sigbuf, unsigned int siglen,EVP_PKEY *pkey);
+\&
+\& int EVP_VerifyInit(EVP_MD_CTX *ctx, const EVP_MD *type);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+The \s-1EVP\s0 signature verification routines are a high level interface to digital
+signatures.
+.PP
+\&\fIEVP_VerifyInit_ex()\fR sets up verification context \fBctx\fR to use digest
+\&\fBtype\fR from \s-1ENGINE\s0 \fBimpl\fR. \fBctx\fR must be initialized by calling
+\&\fIEVP_MD_CTX_init()\fR before calling this function.
+.PP
+\&\fIEVP_VerifyUpdate()\fR hashes \fBcnt\fR bytes of data at \fBd\fR into the
+verification context \fBctx\fR. This function can be called several times on the
+same \fBctx\fR to include additional data.
+.PP
+\&\fIEVP_VerifyFinal()\fR verifies the data in \fBctx\fR using the public key \fBpkey\fR
+and against the \fBsiglen\fR bytes at \fBsigbuf\fR.
+.PP
+\&\fIEVP_VerifyInit()\fR initializes verification context \fBctx\fR to use the default
+implementation of digest \fBtype\fR.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+\&\fIEVP_VerifyInit_ex()\fR and \fIEVP_VerifyUpdate()\fR return 1 for success and 0 for
+failure.
+.PP
+\&\fIEVP_VerifyFinal()\fR returns 1 for a correct signature, 0 for failure and \-1 if some
+other error occurred.
+.PP
+The error codes can be obtained by \fIERR_get_error\fR\|(3).
+.SH "NOTES"
+.IX Header "NOTES"
+The \fB\s-1EVP\s0\fR interface to digital signatures should almost always be used in
+preference to the low level interfaces. This is because the code then becomes
+transparent to the algorithm used and much more flexible.
+.PP
+Due to the link between message digests and public key algorithms the correct
+digest algorithm must be used with the correct public key type. A list of
+algorithms and associated public key algorithms appears in
+\&\fIEVP_DigestInit\fR\|(3).
+.PP
+The call to \fIEVP_VerifyFinal()\fR internally finalizes a copy of the digest context.
+This means that calls to \fIEVP_VerifyUpdate()\fR and \fIEVP_VerifyFinal()\fR can be called
+later to digest and verify additional data.
+.PP
+Since only a copy of the digest context is ever finalized the context must
+be cleaned up after use by calling \fIEVP_MD_CTX_cleanup()\fR or a memory leak
+will occur.
+.SH "BUGS"
+.IX Header "BUGS"
+Older versions of this documentation wrongly stated that calls to
+\&\fIEVP_VerifyUpdate()\fR could not be made after calling \fIEVP_VerifyFinal()\fR.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIevp\fR\|(3),
+\&\fIEVP_SignInit\fR\|(3),
+\&\fIEVP_DigestInit\fR\|(3), \fIerr\fR\|(3),
+\&\fIevp\fR\|(3), \fIhmac\fR\|(3), \fImd2\fR\|(3),
+\&\fImd5\fR\|(3), \fImdc2\fR\|(3), \fIripemd\fR\|(3),
+\&\fIsha\fR\|(3), \fIdgst\fR\|(1)
+.SH "HISTORY"
+.IX Header "HISTORY"
+\&\fIEVP_VerifyInit()\fR, \fIEVP_VerifyUpdate()\fR and \fIEVP_VerifyFinal()\fR are
+available in all versions of SSLeay and OpenSSL.
+.PP
+\&\fIEVP_VerifyInit_ex()\fR was added in OpenSSL 0.9.7
diff --git a/secure/lib/libcrypto/man/OBJ_nid2obj.3 b/secure/lib/libcrypto/man/OBJ_nid2obj.3
new file mode 100644
index 0000000..cfc733b
--- /dev/null
+++ b/secure/lib/libcrypto/man/OBJ_nid2obj.3
@@ -0,0 +1,281 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "OBJ_nid2obj 3"
+.TH OBJ_nid2obj 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+OBJ_nid2obj, OBJ_nid2ln, OBJ_nid2sn, OBJ_obj2nid, OBJ_txt2nid, OBJ_ln2nid, OBJ_sn2nid,
+OBJ_cmp, OBJ_dup, OBJ_txt2obj, OBJ_obj2txt, OBJ_create, OBJ_cleanup \- ASN1 object utility
+functions
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/objects.h>
+\&
+\& ASN1_OBJECT * OBJ_nid2obj(int n);
+\& const char * OBJ_nid2ln(int n);
+\& const char * OBJ_nid2sn(int n);
+\&
+\& int OBJ_obj2nid(const ASN1_OBJECT *o);
+\& int OBJ_ln2nid(const char *ln);
+\& int OBJ_sn2nid(const char *sn);
+\&
+\& int OBJ_txt2nid(const char *s);
+\&
+\& ASN1_OBJECT * OBJ_txt2obj(const char *s, int no_name);
+\& int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name);
+\&
+\& int OBJ_cmp(const ASN1_OBJECT *a,const ASN1_OBJECT *b);
+\& ASN1_OBJECT * OBJ_dup(const ASN1_OBJECT *o);
+\&
+\& int OBJ_create(const char *oid,const char *sn,const char *ln);
+\& void OBJ_cleanup(void);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+The \s-1ASN1\s0 object utility functions process \s-1ASN1_OBJECT\s0 structures which are
+a representation of the \s-1ASN1\s0 \s-1OBJECT\s0 \s-1IDENTIFIER\s0 (\s-1OID\s0) type.
+.PP
+\&\fIOBJ_nid2obj()\fR, \fIOBJ_nid2ln()\fR and \fIOBJ_nid2sn()\fR convert the \s-1NID\s0 \fBn\fR to
+an \s-1ASN1_OBJECT\s0 structure, its long name and its short name respectively,
+or \fB\s-1NULL\s0\fR is an error occurred.
+.PP
+\&\fIOBJ_obj2nid()\fR, \fIOBJ_ln2nid()\fR, \fIOBJ_sn2nid()\fR return the corresponding \s-1NID\s0
+for the object \fBo\fR, the long name <ln> or the short name <sn> respectively
+or NID_undef if an error occurred.
+.PP
+\&\fIOBJ_txt2nid()\fR returns \s-1NID\s0 corresponding to text string <s>. \fBs\fR can be
+a long name, a short name or the numerical respresentation of an object.
+.PP
+\&\fIOBJ_txt2obj()\fR converts the text string \fBs\fR into an \s-1ASN1_OBJECT\s0 structure.
+If \fBno_name\fR is 0 then long names and short names will be interpreted
+as well as numerical forms. If \fBno_name\fR is 1 only the numerical form
+is acceptable.
+.PP
+\&\fIOBJ_obj2txt()\fR converts the \fB\s-1ASN1_OBJECT\s0\fR \fBa\fR into a textual representation.
+The representation is written as a null terminated string to \fBbuf\fR
+at most \fBbuf_len\fR bytes are written, truncating the result if necessary.
+The total amount of space required is returned. If \fBno_name\fR is 0 then
+if the object has a long or short name then that will be used, otherwise
+the numerical form will be used. If \fBno_name\fR is 1 then the numerical
+form will always be used.
+.PP
+\&\fIOBJ_cmp()\fR compares \fBa\fR to \fBb\fR. If the two are identical 0 is returned.
+.PP
+\&\fIOBJ_dup()\fR returns a copy of \fBo\fR.
+.PP
+\&\fIOBJ_create()\fR adds a new object to the internal table. \fBoid\fR is the
+numerical form of the object, \fBsn\fR the short name and \fBln\fR the
+long name. A new \s-1NID\s0 is returned for the created object.
+.PP
+\&\fIOBJ_cleanup()\fR cleans up OpenSSLs internal object table: this should
+be called before an application exits if any new objects were added
+using \fIOBJ_create()\fR.
+.SH "NOTES"
+.IX Header "NOTES"
+Objects in OpenSSL can have a short name, a long name and a numerical
+identifier (\s-1NID\s0) associated with them. A standard set of objects is
+represented in an internal table. The appropriate values are defined
+in the header file \fBobjects.h\fR.
+.PP
+For example the \s-1OID\s0 for commonName has the following definitions:
+.PP
+.Vb 3
+\& #define SN_commonName "CN"
+\& #define LN_commonName "commonName"
+\& #define NID_commonName 13
+.Ve
+.PP
+New objects can be added by calling \fIOBJ_create()\fR.
+.PP
+Table objects have certain advantages over other objects: for example
+their NIDs can be used in a C language switch statement. They are
+also static constant structures which are shared: that is there
+is only a single constant structure for each table object.
+.PP
+Objects which are not in the table have the \s-1NID\s0 value NID_undef.
+.PP
+Objects do not need to be in the internal tables to be processed,
+the functions \fIOBJ_txt2obj()\fR and \fIOBJ_obj2txt()\fR can process the numerical
+form of an \s-1OID\s0.
+.SH "EXAMPLES"
+.IX Header "EXAMPLES"
+Create an object for \fBcommonName\fR:
+.PP
+.Vb 2
+\& ASN1_OBJECT *o;
+\& o = OBJ_nid2obj(NID_commonName);
+.Ve
+.PP
+Check if an object is \fBcommonName\fR
+.PP
+.Vb 2
+\& if (OBJ_obj2nid(obj) == NID_commonName)
+\& /* Do something */
+.Ve
+.PP
+Create a new \s-1NID\s0 and initialize an object from it:
+.PP
+.Vb 3
+\& int new_nid;
+\& ASN1_OBJECT *obj;
+\& new_nid = OBJ_create("1.2.3.4", "NewOID", "New Object Identifier");
+\&
+\& obj = OBJ_nid2obj(new_nid);
+.Ve
+.PP
+Create a new object directly:
+.PP
+.Vb 1
+\& obj = OBJ_txt2obj("1.2.3.4", 1);
+.Ve
+.SH "BUGS"
+.IX Header "BUGS"
+\&\fIOBJ_obj2txt()\fR is awkward and messy to use: it doesn't follow the
+convention of other OpenSSL functions where the buffer can be set
+to \fB\s-1NULL\s0\fR to determine the amount of data that should be written.
+Instead \fBbuf\fR must point to a valid buffer and \fBbuf_len\fR should
+be set to a positive value. A buffer length of 80 should be more
+than enough to handle any \s-1OID\s0 encountered in practice.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+\&\fIOBJ_nid2obj()\fR returns an \fB\s-1ASN1_OBJECT\s0\fR structure or \fB\s-1NULL\s0\fR is an
+error occurred.
+.PP
+\&\fIOBJ_nid2ln()\fR and \fIOBJ_nid2sn()\fR returns a valid string or \fB\s-1NULL\s0\fR
+on error.
+.PP
+\&\fIOBJ_obj2nid()\fR, \fIOBJ_ln2nid()\fR, \fIOBJ_sn2nid()\fR and \fIOBJ_txt2nid()\fR return
+a \s-1NID\s0 or \fBNID_undef\fR on error.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIERR_get_error\fR\|(3)
+.SH "HISTORY"
+.IX Header "HISTORY"
+\&\s-1TBA\s0
diff --git a/secure/lib/libcrypto/man/OPENSSL_Applink.3 b/secure/lib/libcrypto/man/OPENSSL_Applink.3
new file mode 100644
index 0000000..416d4c3
--- /dev/null
+++ b/secure/lib/libcrypto/man/OPENSSL_Applink.3
@@ -0,0 +1,147 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "OPENSSL_Applink 3"
+.TH OPENSSL_Applink 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+OPENSSL_Applink \- glue between OpenSSL BIO and Win32 compiler run\-time
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& _\|_declspec(dllexport) void **OPENSSL_Applink();
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+OPENSSL_Applink is application-side interface which provides a glue
+between OpenSSL \s-1BIO\s0 layer and Win32 compiler run-time environment.
+Even though it appears at application side, it's essentially OpenSSL
+private interface. For this reason application developers are not
+expected to implement it, but to compile provided module with
+compiler of their choice and link it into the target application.
+The referred module is available as <openssl>/ms/applink.c.
diff --git a/secure/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3 b/secure/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3
new file mode 100644
index 0000000..a829260
--- /dev/null
+++ b/secure/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3
@@ -0,0 +1,222 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "OPENSSL_VERSION_NUMBER 3"
+.TH OPENSSL_VERSION_NUMBER 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+OPENSSL_VERSION_NUMBER, SSLeay, SSLeay_version \- get OpenSSL version number
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 2
+\& #include <openssl/opensslv.h>
+\& #define OPENSSL_VERSION_NUMBER 0xnnnnnnnnnL
+\&
+\& #include <openssl/crypto.h>
+\& long SSLeay(void);
+\& const char *SSLeay_version(int t);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\s-1OPENSSL_VERSION_NUMBER\s0 is a numeric release version identifier:
+.PP
+.Vb 1
+\& MMNNFFPPS: major minor fix patch status
+.Ve
+.PP
+The status nibble has one of the values 0 for development, 1 to e for betas
+1 to 14, and f for release.
+.PP
+for example
+.PP
+.Vb 3
+\& 0x000906000 == 0.9.6 dev
+\& 0x000906023 == 0.9.6b beta 3
+\& 0x00090605f == 0.9.6e release
+.Ve
+.PP
+Versions prior to 0.9.3 have identifiers < 0x0930.
+Versions between 0.9.3 and 0.9.5 had a version identifier with this
+interpretation:
+.PP
+.Vb 1
+\& MMNNFFRBB major minor fix final beta/patch
+.Ve
+.PP
+for example
+.PP
+.Vb 2
+\& 0x000904100 == 0.9.4 release
+\& 0x000905000 == 0.9.5 dev
+.Ve
+.PP
+Version 0.9.5a had an interim interpretation that is like the current one,
+except the patch level got the highest bit set, to keep continuity. The
+number was therefore 0x0090581f.
+.PP
+For backward compatibility, \s-1SSLEAY_VERSION_NUMBER\s0 is also defined.
+.PP
+\&\fISSLeay()\fR returns this number. The return value can be compared to the
+macro to make sure that the correct version of the library has been
+loaded, especially when using DLLs on Windows systems.
+.PP
+\&\fISSLeay_version()\fR returns different strings depending on \fBt\fR:
+.IP "\s-1SSLEAY_VERSION\s0" 4
+.IX Item "SSLEAY_VERSION"
+The text variant of the version number and the release date. For example,
+\&\*(L"OpenSSL 0.9.5a 1 Apr 2000\*(R".
+.IP "\s-1SSLEAY_CFLAGS\s0" 4
+.IX Item "SSLEAY_CFLAGS"
+The compiler flags set for the compilation process in the form
+\&\*(L"compiler: ...\*(R" if available or \*(L"compiler: information not available\*(R"
+otherwise.
+.IP "\s-1SSLEAY_BUILT_ON\s0" 4
+.IX Item "SSLEAY_BUILT_ON"
+The date of the build process in the form \*(L"built on: ...\*(R" if available
+or \*(L"built on: date not available\*(R" otherwise.
+.IP "\s-1SSLEAY_PLATFORM\s0" 4
+.IX Item "SSLEAY_PLATFORM"
+The \*(L"Configure\*(R" target of the library build in the form \*(L"platform: ...\*(R"
+if available or \*(L"platform: information not available\*(R" otherwise.
+.IP "\s-1SSLEAY_DIR\s0" 4
+.IX Item "SSLEAY_DIR"
+The \*(L"\s-1OPENSSLDIR\s0\*(R" setting of the library build in the form \*(L"\s-1OPENSSLDIR:\s0 \*(R"..."\*(L"
+if available or \*(R"\s-1OPENSSLDIR:\s0 N/A" otherwise.
+.PP
+For an unknown \fBt\fR, the text \*(L"not available\*(R" is returned.
+.SH "RETURN VALUE"
+.IX Header "RETURN VALUE"
+The version number.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIcrypto\fR\|(3)
+.SH "HISTORY"
+.IX Header "HISTORY"
+\&\fISSLeay()\fR and \s-1SSLEAY_VERSION_NUMBER\s0 are available in all versions of SSLeay and OpenSSL.
+\&\s-1OPENSSL_VERSION_NUMBER\s0 is available in all versions of OpenSSL.
+\&\fB\s-1SSLEAY_DIR\s0\fR was added in OpenSSL 0.9.7.
diff --git a/secure/lib/libcrypto/man/OPENSSL_config.3 b/secure/lib/libcrypto/man/OPENSSL_config.3
new file mode 100644
index 0000000..87ce97b
--- /dev/null
+++ b/secure/lib/libcrypto/man/OPENSSL_config.3
@@ -0,0 +1,203 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "OPENSSL_config 3"
+.TH OPENSSL_config 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+OPENSSL_config, OPENSSL_no_config \- simple OpenSSL configuration functions
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/conf.h>
+\&
+\& void OPENSSL_config(const char *config_name);
+\& void OPENSSL_no_config(void);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\fIOPENSSL_config()\fR configures OpenSSL using the standard \fBopenssl.cnf\fR
+configuration file name using \fBconfig_name\fR. If \fBconfig_name\fR is \s-1NULL\s0 then
+the default name \fBopenssl_conf\fR will be used. Any errors are ignored. Further
+calls to \fIOPENSSL_config()\fR will have no effect. The configuration file format
+is documented in the \fIconf\fR\|(5) manual page.
+.PP
+\&\fIOPENSSL_no_config()\fR disables configuration. If called before \fIOPENSSL_config()\fR
+no configuration takes place.
+.SH "NOTES"
+.IX Header "NOTES"
+It is \fBstrongly\fR recommended that \fBall\fR new applications call \fIOPENSSL_config()\fR
+or the more sophisticated functions such as \fICONF_modules_load()\fR during
+initialization (that is before starting any threads). By doing this
+an application does not need to keep track of all configuration options
+and some new functionality can be supported automatically.
+.PP
+It is also possible to automatically call \fIOPENSSL_config()\fR when an application
+calls \fIOPENSSL_add_all_algorithms()\fR by compiling an application with the
+preprocessor symbol \fB\s-1OPENSSL_LOAD_CONF\s0\fR #define'd. In this way configuration
+can be added without source changes.
+.PP
+The environment variable \fB\s-1OPENSSL_CONF\s0\fR can be set to specify the location
+of the configuration file.
+.PP
+Currently \s-1ASN1\s0 OBJECTs and \s-1ENGINE\s0 configuration can be performed future
+versions of OpenSSL will add new configuration options.
+.PP
+There are several reasons why calling the OpenSSL configuration routines is
+advisable. For example new \s-1ENGINE\s0 functionality was added to OpenSSL 0.9.7.
+In OpenSSL 0.9.7 control functions can be supported by ENGINEs, this can be
+used (among other things) to load dynamic ENGINEs from shared libraries (DSOs).
+However very few applications currently support the control interface and so
+very few can load and use dynamic ENGINEs. Equally in future more sophisticated
+ENGINEs will require certain control operations to customize them. If an
+application calls \fIOPENSSL_config()\fR it doesn't need to know or care about
+\&\s-1ENGINE\s0 control operations because they can be performed by editing a
+configuration file.
+.PP
+Applications should free up configuration at application closedown by calling
+\&\fICONF_modules_free()\fR.
+.SH "RESTRICTIONS"
+.IX Header "RESTRICTIONS"
+The \fIOPENSSL_config()\fR function is designed to be a very simple \*(L"call it and
+forget it\*(R" function. As a result its behaviour is somewhat limited. It ignores
+all errors silently and it can only load from the standard configuration file
+location for example.
+.PP
+It is however \fBmuch\fR better than nothing. Applications which need finer
+control over their configuration functionality should use the configuration
+functions such as \fICONF_load_modules()\fR directly.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+Neither \fIOPENSSL_config()\fR nor \fIOPENSSL_no_config()\fR return a value.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIconf\fR\|(5), \fICONF_load_modules_file\fR\|(3),
+\&\fICONF_modules_free\fR\|(3),\fICONF_modules_free\fR\|(3)
+.SH "HISTORY"
+.IX Header "HISTORY"
+\&\fIOPENSSL_config()\fR and \fIOPENSSL_no_config()\fR first appeared in OpenSSL 0.9.7
diff --git a/secure/lib/libcrypto/man/OPENSSL_ia32cap.3 b/secure/lib/libcrypto/man/OPENSSL_ia32cap.3
new file mode 100644
index 0000000..0114c90
--- /dev/null
+++ b/secure/lib/libcrypto/man/OPENSSL_ia32cap.3
@@ -0,0 +1,169 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "OPENSSL_ia32cap 3"
+.TH OPENSSL_ia32cap 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+OPENSSL_ia32cap \- finding the IA\-32 processor capabilities
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 2
+\& unsigned long *OPENSSL_ia32cap_loc(void);
+\& #define OPENSSL_ia32cap (*(OPENSSL_ia32cap_loc()))
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+Value returned by \fIOPENSSL_ia32cap_loc()\fR is address of a variable
+containing \s-1IA\-32\s0 processor capabilities bit vector as it appears in \s-1EDX\s0
+register after executing \s-1CPUID\s0 instruction with EAX=1 input value (see
+Intel Application Note #241618). Naturally it's meaningful on IA\-32[E]
+platforms only. The variable is normally set up automatically upon
+toolkit initialization, but can be manipulated afterwards to modify
+crypto library behaviour. For the moment of this writing six bits are
+significant, namely:
+.PP
+1. bit #28 denoting Hyperthreading, which is used to distiguish
+ cores with shared cache;
+2. bit #26 denoting \s-1SSE2\s0 support;
+3. bit #25 denoting \s-1SSE\s0 support;
+4. bit #23 denoting \s-1MMX\s0 support;
+5. bit #20, reserved by Intel, is used to choose between \s-1RC4\s0 code
+ pathes;
+6. bit #4 denoting presence of Time-Stamp Counter.
+.PP
+For example, clearing bit #26 at run-time disables high-performance
+\&\s-1SSE2\s0 code present in the crypto library. You might have to do this if
+target OpenSSL application is executed on \s-1SSE2\s0 capable \s-1CPU\s0, but under
+control of \s-1OS\s0 which does not support \s-1SSE2\s0 extentions. Even though you
+can manipulate the value programmatically, you most likely will find it
+more appropriate to set up an environment variable with the same name
+prior starting target application, e.g. on Intel P4 processor 'env
+OPENSSL_ia32cap=0x12900010 apps/openssl', to achieve same effect
+without modifying the application source code. Alternatively you can
+reconfigure the toolkit with no\-sse2 option and recompile.
diff --git a/secure/lib/libcrypto/man/OPENSSL_load_builtin_modules.3 b/secure/lib/libcrypto/man/OPENSSL_load_builtin_modules.3
new file mode 100644
index 0000000..2cacde2
--- /dev/null
+++ b/secure/lib/libcrypto/man/OPENSSL_load_builtin_modules.3
@@ -0,0 +1,173 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "OPENSSL_load_builtin_modules 3"
+.TH OPENSSL_load_builtin_modules 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+OPENSSL_load_builtin_modules \- add standard configuration modules
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/conf.h>
+\&
+\& void OPENSSL_load_builtin_modules(void);
+\& void ASN1_add_oid_module(void);
+\& ENGINE_add_conf_module();
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+The function \fIOPENSSL_load_builtin_modules()\fR adds all the standard OpenSSL
+configuration modules to the internal list. They can then be used by the
+OpenSSL configuration code.
+.PP
+\&\fIASN1_add_oid_module()\fR adds just the \s-1ASN1\s0 \s-1OBJECT\s0 module.
+.PP
+\&\fIENGINE_add_conf_module()\fR adds just the \s-1ENGINE\s0 configuration module.
+.SH "NOTES"
+.IX Header "NOTES"
+If the simple configuration function \fIOPENSSL_config()\fR is called then
+\&\fIOPENSSL_load_builtin_modules()\fR is called automatically.
+.PP
+Applications which use the configuration functions directly will need to
+call \fIOPENSSL_load_builtin_modules()\fR themselves \fIbefore\fR any other
+configuration code.
+.PP
+Applications should call \fIOPENSSL_load_builtin_modules()\fR to load all
+configuration modules instead of adding modules selectively: otherwise
+functionality may be missing from the application if an when new
+modules are added.
+.SH "RETURN VALUE"
+.IX Header "RETURN VALUE"
+None of the functions return a value.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIconf\fR\|(3), \fIOPENSSL_config\fR\|(3)
+.SH "HISTORY"
+.IX Header "HISTORY"
+These functions first appeared in OpenSSL 0.9.7.
diff --git a/secure/lib/libcrypto/man/OpenSSL_add_all_algorithms.3 b/secure/lib/libcrypto/man/OpenSSL_add_all_algorithms.3
new file mode 100644
index 0000000..399d2dd
--- /dev/null
+++ b/secure/lib/libcrypto/man/OpenSSL_add_all_algorithms.3
@@ -0,0 +1,188 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "OpenSSL_add_all_algorithms 3"
+.TH OpenSSL_add_all_algorithms 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+OpenSSL_add_all_algorithms, OpenSSL_add_all_ciphers, OpenSSL_add_all_digests \-
+add algorithms to internal table
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/evp.h>
+\&
+\& void OpenSSL_add_all_algorithms(void);
+\& void OpenSSL_add_all_ciphers(void);
+\& void OpenSSL_add_all_digests(void);
+\&
+\& void EVP_cleanup(void);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+OpenSSL keeps an internal table of digest algorithms and ciphers. It uses
+this table to lookup ciphers via functions such as \fIEVP_get_cipher_byname()\fR.
+.PP
+\&\fIOpenSSL_add_all_digests()\fR adds all digest algorithms to the table.
+.PP
+\&\fIOpenSSL_add_all_algorithms()\fR adds all algorithms to the table (digests and
+ciphers).
+.PP
+\&\fIOpenSSL_add_all_ciphers()\fR adds all encryption algorithms to the table including
+password based encryption algorithms.
+.PP
+\&\fIEVP_cleanup()\fR removes all ciphers and digests from the table.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+None of the functions return a value.
+.SH "NOTES"
+.IX Header "NOTES"
+A typical application will call \fIOpenSSL_add_all_algorithms()\fR initially and
+\&\fIEVP_cleanup()\fR before exiting.
+.PP
+An application does not need to add algorithms to use them explicitly, for example
+by \fIEVP_sha1()\fR. It just needs to add them if it (or any of the functions it calls)
+needs to lookup algorithms.
+.PP
+The cipher and digest lookup functions are used in many parts of the library. If
+the table is not initialized several functions will misbehave and complain they
+cannot find algorithms. This includes the \s-1PEM\s0, PKCS#12, \s-1SSL\s0 and S/MIME libraries.
+This is a common query in the OpenSSL mailing lists.
+.PP
+Calling \fIOpenSSL_add_all_algorithms()\fR links in all algorithms: as a result a
+statically linked executable can be quite large. If this is important it is possible
+to just add the required ciphers and digests.
+.SH "BUGS"
+.IX Header "BUGS"
+Although the functions do not return error codes it is possible for them to fail.
+This will only happen as a result of a memory allocation failure so this is not
+too much of a problem in practice.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIevp\fR\|(3), \fIEVP_DigestInit\fR\|(3),
+\&\fIEVP_EncryptInit\fR\|(3)
diff --git a/secure/lib/libcrypto/man/PKCS12_create.3 b/secure/lib/libcrypto/man/PKCS12_create.3
new file mode 100644
index 0000000..8154477
--- /dev/null
+++ b/secure/lib/libcrypto/man/PKCS12_create.3
@@ -0,0 +1,197 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "PKCS12_create 3"
+.TH PKCS12_create 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+PKCS12_create \- create a PKCS#12 structure
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/pkcs12.h>
+\&
+\& PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert, STACK_OF(X509) *ca,
+\& int nid_key, int nid_cert, int iter, int mac_iter, int keytype);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\fIPKCS12_create()\fR creates a PKCS#12 structure.
+.PP
+\&\fBpass\fR is the passphrase to use. \fBname\fR is the \fBfriendlyName\fR to use for
+the supplied certifictate and key. \fBpkey\fR is the private key to include in
+the structure and \fBcert\fR its corresponding certificates. \fBca\fR, if not \fB\s-1NULL\s0\fR
+is an optional set of certificates to also include in the structure.
+.PP
+\&\fBnid_key\fR and \fBnid_cert\fR are the encryption algorithms that should be used
+for the key and certificate respectively. \fBiter\fR is the encryption algorithm
+iteration count to use and \fBmac_iter\fR is the \s-1MAC\s0 iteration count to use.
+\&\fBkeytype\fR is the type of key.
+.SH "NOTES"
+.IX Header "NOTES"
+The parameters \fBnid_key\fR, \fBnid_cert\fR, \fBiter\fR, \fBmac_iter\fR and \fBkeytype\fR
+can all be set to zero and sensible defaults will be used.
+.PP
+These defaults are: 40 bit \s-1RC2\s0 encryption for certificates, triple \s-1DES\s0
+encryption for private keys, a key iteration count of \s-1PKCS12_DEFAULT_ITER\s0
+(currently 2048) and a \s-1MAC\s0 iteration count of 1.
+.PP
+The default \s-1MAC\s0 iteration count is 1 in order to retain compatibility with
+old software which did not interpret \s-1MAC\s0 iteration counts. If such compatibility
+is not required then \fBmac_iter\fR should be set to \s-1PKCS12_DEFAULT_ITER\s0.
+.PP
+\&\fBkeytype\fR adds a flag to the store private key. This is a non standard extension
+that is only currently interpreted by \s-1MSIE\s0. If set to zero the flag is omitted,
+if set to \fB\s-1KEY_SIG\s0\fR the key can be used for signing only, if set to \fB\s-1KEY_EX\s0\fR
+it can be used for signing and encryption. This option was useful for old
+export grade software which could use signing only keys of arbitrary size but
+had restrictions on the permissible sizes of keys which could be used for
+encryption.
+.SH "NEW FUNCTIONALITY IN OPENSSL 0.9.8"
+.IX Header "NEW FUNCTIONALITY IN OPENSSL 0.9.8"
+Some additional functionality was added to \fIPKCS12_create()\fR in OpenSSL
+0.9.8. These extensions are detailed below.
+.PP
+If a certificate contains an \fBalias\fR or \fBkeyid\fR then this will be
+used for the corresponding \fBfriendlyName\fR or \fBlocalKeyID\fR in the
+\&\s-1PKCS12\s0 structure.
+.PP
+Either \fBpkey\fR, \fBcert\fR or both can be \fB\s-1NULL\s0\fR to indicate that no key or
+certficate is required. In previous versions both had to be present or
+a fatal error is returned.
+.PP
+\&\fBnid_key\fR or \fBnid_cert\fR can be set to \-1 indicating that no encryption
+should be used.
+.PP
+\&\fBmac_iter\fR can be set to \-1 and the \s-1MAC\s0 will then be omitted entirely.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fId2i_PKCS12\fR\|(3)
+.SH "HISTORY"
+.IX Header "HISTORY"
+PKCS12_create was added in OpenSSL 0.9.3
diff --git a/secure/lib/libcrypto/man/PKCS12_parse.3 b/secure/lib/libcrypto/man/PKCS12_parse.3
new file mode 100644
index 0000000..44df001
--- /dev/null
+++ b/secure/lib/libcrypto/man/PKCS12_parse.3
@@ -0,0 +1,178 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "PKCS12_parse 3"
+.TH PKCS12_parse 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+PKCS12_parse \- parse a PKCS#12 structure
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/pkcs12.h>
+.Ve
+.PP
+int PKCS12_parse(\s-1PKCS12\s0 *p12, const char *pass, \s-1EVP_PKEY\s0 **pkey, X509 **cert, \s-1STACK_OF\s0(X509) **ca);
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\fIPKCS12_parse()\fR parses a \s-1PKCS12\s0 structure.
+.PP
+\&\fBp12\fR is the \fB\s-1PKCS12\s0\fR structure to parse. \fBpass\fR is the passphrase to use.
+If successful the private key will be written to \fB*pkey\fR, the corresponding
+certificate to \fB*cert\fR and any additional certificates to \fB*ca\fR.
+.SH "NOTES"
+.IX Header "NOTES"
+The parameters \fBpkey\fR and \fBcert\fR cannot be \fB\s-1NULL\s0\fR. \fBca\fR can be <\s-1NULL\s0> in
+which case additional certificates will be discarded. \fB*ca\fR can also be a
+valid \s-1STACK\s0 in which case additional certificates are appended to \fB*ca\fR. If
+\&\fB*ca\fR is \fB\s-1NULL\s0\fR a new \s-1STACK\s0 will be allocated.
+.PP
+The \fBfriendlyName\fR and \fBlocalKeyID\fR attributes (if present) on each
+certificate will be stored in the \fBalias\fR and \fBkeyid\fR attributes of the
+\&\fBX509\fR structure.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+\&\fIPKCS12_parse()\fR returns 1 for success and zero if an error occurred.
+.PP
+The error can be obtained from \fIERR_get_error\fR\|(3)
+.SH "BUGS"
+.IX Header "BUGS"
+Only a single private key and corresponding certificate is returned by this
+function. More complex PKCS#12 files with multiple private keys will only
+return the first match.
+.PP
+Only \fBfriendlyName\fR and \fBlocalKeyID\fR attributes are currently stored in
+certificates. Other attributes are discarded.
+.PP
+Attributes currently cannot be stored in the private key \fB\s-1EVP_PKEY\s0\fR structure.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fId2i_PKCS12\fR\|(3)
+.SH "HISTORY"
+.IX Header "HISTORY"
+PKCS12_parse was added in OpenSSL 0.9.3
diff --git a/secure/lib/libcrypto/man/PKCS7_decrypt.3 b/secure/lib/libcrypto/man/PKCS7_decrypt.3
new file mode 100644
index 0000000..5e81459
--- /dev/null
+++ b/secure/lib/libcrypto/man/PKCS7_decrypt.3
@@ -0,0 +1,176 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "PKCS7_decrypt 3"
+.TH PKCS7_decrypt 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+PKCS7_decrypt \- decrypt content from a PKCS#7 envelopedData structure
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/pkcs7.h>
+\&
+\& int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\fIPKCS7_decrypt()\fR extracts and decrypts the content from a PKCS#7 envelopedData
+structure. \fBpkey\fR is the private key of the recipient, \fBcert\fR is the
+recipients certificate, \fBdata\fR is a \s-1BIO\s0 to write the content to and
+\&\fBflags\fR is an optional set of flags.
+.SH "NOTES"
+.IX Header "NOTES"
+\&\fIOpenSSL_add_all_algorithms()\fR (or equivalent) should be called before using this
+function or errors about unknown algorithms will occur.
+.PP
+Although the recipients certificate is not needed to decrypt the data it is needed
+to locate the appropriate (of possible several) recipients in the PKCS#7 structure.
+.PP
+The following flags can be passed in the \fBflags\fR parameter.
+.PP
+If the \fB\s-1PKCS7_TEXT\s0\fR flag is set \s-1MIME\s0 headers for type \fBtext/plain\fR are deleted
+from the content. If the content is not of type \fBtext/plain\fR then an error is
+returned.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+\&\fIPKCS7_decrypt()\fR returns either 1 for success or 0 for failure.
+The error can be obtained from \fIERR_get_error\fR\|(3)
+.SH "BUGS"
+.IX Header "BUGS"
+\&\fIPKCS7_decrypt()\fR must be passed the correct recipient key and certificate. It would
+be better if it could look up the correct key and certificate from a database.
+.PP
+The lack of single pass processing and need to hold all data in memory as
+mentioned in \fIPKCS7_sign()\fR also applies to \fIPKCS7_verify()\fR.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIERR_get_error\fR\|(3), \fIPKCS7_encrypt\fR\|(3)
+.SH "HISTORY"
+.IX Header "HISTORY"
+\&\fIPKCS7_decrypt()\fR was added to OpenSSL 0.9.5
diff --git a/secure/lib/libcrypto/man/PKCS7_encrypt.3 b/secure/lib/libcrypto/man/PKCS7_encrypt.3
new file mode 100644
index 0000000..9507930
--- /dev/null
+++ b/secure/lib/libcrypto/man/PKCS7_encrypt.3
@@ -0,0 +1,188 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "PKCS7_encrypt 3"
+.TH PKCS7_encrypt 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+PKCS7_encrypt \- create a PKCS#7 envelopedData structure
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/pkcs7.h>
+\&
+\& PKCS7 *PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, const EVP_CIPHER *cipher, int flags);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\fIPKCS7_encrypt()\fR creates and returns a PKCS#7 envelopedData structure. \fBcerts\fR
+is a list of recipient certificates. \fBin\fR is the content to be encrypted.
+\&\fBcipher\fR is the symmetric cipher to use. \fBflags\fR is an optional set of flags.
+.SH "NOTES"
+.IX Header "NOTES"
+Only \s-1RSA\s0 keys are supported in PKCS#7 and envelopedData so the recipient certificates
+supplied to this function must all contain \s-1RSA\s0 public keys, though they do not have to
+be signed using the \s-1RSA\s0 algorithm.
+.PP
+\&\fIEVP_des_ede3_cbc()\fR (triple \s-1DES\s0) is the algorithm of choice for S/MIME use because
+most clients will support it.
+.PP
+Some old \*(L"export grade\*(R" clients may only support weak encryption using 40 or 64 bit
+\&\s-1RC2\s0. These can be used by passing \fIEVP_rc2_40_cbc()\fR and \fIEVP_rc2_64_cbc()\fR respectively.
+.PP
+The algorithm passed in the \fBcipher\fR parameter must support \s-1ASN1\s0 encoding of its
+parameters.
+.PP
+Many browsers implement a \*(L"sign and encrypt\*(R" option which is simply an S/MIME
+envelopedData containing an S/MIME signed message. This can be readily produced
+by storing the S/MIME signed message in a memory \s-1BIO\s0 and passing it to
+\&\fIPKCS7_encrypt()\fR.
+.PP
+The following flags can be passed in the \fBflags\fR parameter.
+.PP
+If the \fB\s-1PKCS7_TEXT\s0\fR flag is set \s-1MIME\s0 headers for type \fBtext/plain\fR are prepended
+to the data.
+.PP
+Normally the supplied content is translated into \s-1MIME\s0 canonical format (as required
+by the S/MIME specifications) if \fB\s-1PKCS7_BINARY\s0\fR is set no translation occurs. This
+option should be used if the supplied data is in binary format otherwise the translation
+will corrupt it. If \fB\s-1PKCS7_BINARY\s0\fR is set then \fB\s-1PKCS7_TEXT\s0\fR is ignored.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+\&\fIPKCS7_encrypt()\fR returns either a valid \s-1PKCS7\s0 structure or \s-1NULL\s0 if an error occurred.
+The error can be obtained from \fIERR_get_error\fR\|(3).
+.SH "BUGS"
+.IX Header "BUGS"
+The lack of single pass processing and need to hold all data in memory as
+mentioned in \fIPKCS7_sign()\fR also applies to \fIPKCS7_verify()\fR.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIERR_get_error\fR\|(3), \fIPKCS7_decrypt\fR\|(3)
+.SH "HISTORY"
+.IX Header "HISTORY"
+\&\fIPKCS7_decrypt()\fR was added to OpenSSL 0.9.5
diff --git a/secure/lib/libcrypto/man/PKCS7_sign.3 b/secure/lib/libcrypto/man/PKCS7_sign.3
new file mode 100644
index 0000000..89a2c17
--- /dev/null
+++ b/secure/lib/libcrypto/man/PKCS7_sign.3
@@ -0,0 +1,222 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "PKCS7_sign 3"
+.TH PKCS7_sign 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+PKCS7_sign \- create a PKCS#7 signedData structure
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/pkcs7.h>
+\&
+\& PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, BIO *data, int flags);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\fIPKCS7_sign()\fR creates and returns a PKCS#7 signedData structure. \fBsigncert\fR
+is the certificate to sign with, \fBpkey\fR is the corresponsding private key.
+\&\fBcerts\fR is an optional additional set of certificates to include in the
+PKCS#7 structure (for example any intermediate CAs in the chain).
+.PP
+The data to be signed is read from \s-1BIO\s0 \fBdata\fR.
+.PP
+\&\fBflags\fR is an optional set of flags.
+.SH "NOTES"
+.IX Header "NOTES"
+Any of the following flags (ored together) can be passed in the \fBflags\fR parameter.
+.PP
+Many S/MIME clients expect the signed content to include valid \s-1MIME\s0 headers. If
+the \fB\s-1PKCS7_TEXT\s0\fR flag is set \s-1MIME\s0 headers for type \fBtext/plain\fR are prepended
+to the data.
+.PP
+If \fB\s-1PKCS7_NOCERTS\s0\fR is set the signer's certificate will not be included in the
+\&\s-1PKCS7\s0 structure, the signer's certificate must still be supplied in the \fBsigncert\fR
+parameter though. This can reduce the size of the signature if the signers certificate
+can be obtained by other means: for example a previously signed message.
+.PP
+The data being signed is included in the \s-1PKCS7\s0 structure, unless \fB\s-1PKCS7_DETACHED\s0\fR
+is set in which case it is omitted. This is used for \s-1PKCS7\s0 detached signatures
+which are used in S/MIME plaintext signed messages for example.
+.PP
+Normally the supplied content is translated into \s-1MIME\s0 canonical format (as required
+by the S/MIME specifications) if \fB\s-1PKCS7_BINARY\s0\fR is set no translation occurs. This
+option should be used if the supplied data is in binary format otherwise the translation
+will corrupt it.
+.PP
+The signedData structure includes several PKCS#7 autenticatedAttributes including
+the signing time, the PKCS#7 content type and the supported list of ciphers in
+an SMIMECapabilities attribute. If \fB\s-1PKCS7_NOATTR\s0\fR is set then no authenticatedAttributes
+will be used. If \fB\s-1PKCS7_NOSMIMECAP\s0\fR is set then just the SMIMECapabilities are
+omitted.
+.PP
+If present the SMIMECapabilities attribute indicates support for the following
+algorithms: triple \s-1DES\s0, 128 bit \s-1RC2\s0, 64 bit \s-1RC2\s0, \s-1DES\s0 and 40 bit \s-1RC2\s0. If any
+of these algorithms is disabled then it will not be included.
+.PP
+If the flags \fB\s-1PKCS7_PARTSIGN\s0\fR is set then the returned \fB\s-1PKCS7\s0\fR structure
+is just initialized ready to perform the signing operation. The signing
+is however \fBnot\fR performed and the data to be signed is not read from
+the \fBdata\fR parameter. Signing is deferred until after the data has been
+written. In this way data can be signed in a single pass. Currently the
+flag \fB\s-1PKCS7_DETACHED\s0\fR \fBmust\fR also be set.
+.SH "NOTES"
+.IX Header "NOTES"
+Currently the flag \fB\s-1PKCS7_PARTSIGN\s0\fR is only supported for detached
+data. If this flag is set the returned \fB\s-1PKCS7\s0\fR structure is \fBnot\fR
+complete and outputting its contents via a function that does not
+properly finalize the \fB\s-1PKCS7\s0\fR structure will give unpredictable
+results.
+.PP
+At present only the \fISMIME_write_PKCS7()\fR function properly finalizes the
+structure.
+.SH "BUGS"
+.IX Header "BUGS"
+\&\fIPKCS7_sign()\fR is somewhat limited. It does not support multiple signers, some
+advanced attributes such as counter signatures are not supported.
+.PP
+The \s-1SHA1\s0 digest algorithm is currently always used.
+.PP
+When the signed data is not detached it will be stored in memory within the
+\&\fB\s-1PKCS7\s0\fR structure. This effectively limits the size of messages which can be
+signed due to memory restraints. There should be a way to sign data without
+having to hold it all in memory, this would however require fairly major
+revisions of the OpenSSL \s-1ASN1\s0 code.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+\&\fIPKCS7_sign()\fR returns either a valid \s-1PKCS7\s0 structure or \s-1NULL\s0 if an error occurred.
+The error can be obtained from \fIERR_get_error\fR\|(3).
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIERR_get_error\fR\|(3), \fIPKCS7_verify\fR\|(3)
+.SH "HISTORY"
+.IX Header "HISTORY"
+\&\fIPKCS7_sign()\fR was added to OpenSSL 0.9.5
+.PP
+The \fB\s-1PKCS7_PARTSIGN\s0\fR flag was added in OpenSSL 0.9.8
diff --git a/secure/lib/libcrypto/man/PKCS7_verify.3 b/secure/lib/libcrypto/man/PKCS7_verify.3
new file mode 100644
index 0000000..397725f
--- /dev/null
+++ b/secure/lib/libcrypto/man/PKCS7_verify.3
@@ -0,0 +1,238 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "PKCS7_verify 3"
+.TH PKCS7_verify 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+PKCS7_verify \- verify a PKCS#7 signedData structure
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/pkcs7.h>
+\&
+\& int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, BIO *indata, BIO *out, int flags);
+\&
+\& STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, int flags);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\fIPKCS7_verify()\fR verifies a PKCS#7 signedData structure. \fBp7\fR is the \s-1PKCS7\s0
+structure to verify. \fBcerts\fR is a set of certificates in which to search for
+the signer's certificate. \fBstore\fR is a trusted certficate store (used for
+chain verification). \fBindata\fR is the signed data if the content is not
+present in \fBp7\fR (that is it is detached). The content is written to \fBout\fR
+if it is not \s-1NULL\s0.
+.PP
+\&\fBflags\fR is an optional set of flags, which can be used to modify the verify
+operation.
+.PP
+\&\fIPKCS7_get0_signers()\fR retrieves the signer's certificates from \fBp7\fR, it does
+\&\fBnot\fR check their validity or whether any signatures are valid. The \fBcerts\fR
+and \fBflags\fR parameters have the same meanings as in \fIPKCS7_verify()\fR.
+.SH "VERIFY PROCESS"
+.IX Header "VERIFY PROCESS"
+Normally the verify process proceeds as follows.
+.PP
+Initially some sanity checks are performed on \fBp7\fR. The type of \fBp7\fR must
+be signedData. There must be at least one signature on the data and if
+the content is detached \fBindata\fR cannot be \fB\s-1NULL\s0\fR.
+.PP
+An attempt is made to locate all the signer's certificates, first looking in
+the \fBcerts\fR parameter (if it is not \fB\s-1NULL\s0\fR) and then looking in any certificates
+contained in the \fBp7\fR structure itself. If any signer's certificates cannot be
+located the operation fails.
+.PP
+Each signer's certificate is chain verified using the \fBsmimesign\fR purpose and
+the supplied trusted certificate store. Any internal certificates in the message
+are used as untrusted CAs. If any chain verify fails an error code is returned.
+.PP
+Finally the signed content is read (and written to \fBout\fR is it is not \s-1NULL\s0) and
+the signature's checked.
+.PP
+If all signature's verify correctly then the function is successful.
+.PP
+Any of the following flags (ored together) can be passed in the \fBflags\fR parameter
+to change the default verify behaviour. Only the flag \fB\s-1PKCS7_NOINTERN\s0\fR is
+meaningful to \fIPKCS7_get0_signers()\fR.
+.PP
+If \fB\s-1PKCS7_NOINTERN\s0\fR is set the certificates in the message itself are not
+searched when locating the signer's certificate. This means that all the signers
+certificates must be in the \fBcerts\fR parameter.
+.PP
+If the \fB\s-1PKCS7_TEXT\s0\fR flag is set \s-1MIME\s0 headers for type \fBtext/plain\fR are deleted
+from the content. If the content is not of type \fBtext/plain\fR then an error is
+returned.
+.PP
+If \fB\s-1PKCS7_NOVERIFY\s0\fR is set the signer's certificates are not chain verified.
+.PP
+If \fB\s-1PKCS7_NOCHAIN\s0\fR is set then the certificates contained in the message are
+not used as untrusted CAs. This means that the whole verify chain (apart from
+the signer's certificate) must be contained in the trusted store.
+.PP
+If \fB\s-1PKCS7_NOSIGS\s0\fR is set then the signatures on the data are not checked.
+.SH "NOTES"
+.IX Header "NOTES"
+One application of \fB\s-1PKCS7_NOINTERN\s0\fR is to only accept messages signed by
+a small number of certificates. The acceptable certificates would be passed
+in the \fBcerts\fR parameter. In this case if the signer is not one of the
+certificates supplied in \fBcerts\fR then the verify will fail because the
+signer cannot be found.
+.PP
+Care should be taken when modifying the default verify behaviour, for example
+setting \fBPKCS7_NOVERIFY|PKCS7_NOSIGS\fR will totally disable all verification
+and any signed message will be considered valid. This combination is however
+useful if one merely wishes to write the content to \fBout\fR and its validity
+is not considered important.
+.PP
+Chain verification should arguably be performed using the signing time rather
+than the current time. However since the signing time is supplied by the
+signer it cannot be trusted without additional evidence (such as a trusted
+timestamp).
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+\&\fIPKCS7_verify()\fR returns 1 for a successful verification and zero or a negative
+value if an error occurs.
+.PP
+\&\fIPKCS7_get0_signers()\fR returns all signers or \fB\s-1NULL\s0\fR if an error occurred.
+.PP
+The error can be obtained from \fIERR_get_error\fR\|(3)
+.SH "BUGS"
+.IX Header "BUGS"
+The trusted certificate store is not searched for the signers certificate,
+this is primarily due to the inadequacies of the current \fBX509_STORE\fR
+functionality.
+.PP
+The lack of single pass processing and need to hold all data in memory as
+mentioned in \fIPKCS7_sign()\fR also applies to \fIPKCS7_verify()\fR.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIERR_get_error\fR\|(3), \fIPKCS7_sign\fR\|(3)
+.SH "HISTORY"
+.IX Header "HISTORY"
+\&\fIPKCS7_verify()\fR was added to OpenSSL 0.9.5
diff --git a/secure/lib/libcrypto/man/RAND_add.3 b/secure/lib/libcrypto/man/RAND_add.3
new file mode 100644
index 0000000..23f4d36
--- /dev/null
+++ b/secure/lib/libcrypto/man/RAND_add.3
@@ -0,0 +1,200 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "RAND_add 3"
+.TH RAND_add 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+RAND_add, RAND_seed, RAND_status, RAND_event, RAND_screen \- add
+entropy to the PRNG
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/rand.h>
+\&
+\& void RAND_seed(const void *buf, int num);
+\&
+\& void RAND_add(const void *buf, int num, double entropy);
+\&
+\& int RAND_status(void);
+\&
+\& int RAND_event(UINT iMsg, WPARAM wParam, LPARAM lParam);
+\& void RAND_screen(void);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\fIRAND_add()\fR mixes the \fBnum\fR bytes at \fBbuf\fR into the \s-1PRNG\s0 state. Thus,
+if the data at \fBbuf\fR are unpredictable to an adversary, this
+increases the uncertainty about the state and makes the \s-1PRNG\s0 output
+less predictable. Suitable input comes from user interaction (random
+key presses, mouse movements) and certain hardware events. The
+\&\fBentropy\fR argument is (the lower bound of) an estimate of how much
+randomness is contained in \fBbuf\fR, measured in bytes. Details about
+sources of randomness and how to estimate their entropy can be found
+in the literature, e.g. \s-1RFC\s0 1750.
+.PP
+\&\fIRAND_add()\fR may be called with sensitive data such as user entered
+passwords. The seed values cannot be recovered from the \s-1PRNG\s0 output.
+.PP
+OpenSSL makes sure that the \s-1PRNG\s0 state is unique for each thread. On
+systems that provide \f(CW\*(C`/dev/urandom\*(C'\fR, the randomness device is used
+to seed the \s-1PRNG\s0 transparently. However, on all other systems, the
+application is responsible for seeding the \s-1PRNG\s0 by calling \fIRAND_add()\fR,
+\&\fIRAND_egd\fR\|(3)
+or \fIRAND_load_file\fR\|(3).
+.PP
+\&\fIRAND_seed()\fR is equivalent to \fIRAND_add()\fR when \fBnum == entropy\fR.
+.PP
+\&\fIRAND_event()\fR collects the entropy from Windows events such as mouse
+movements and other user interaction. It should be called with the
+\&\fBiMsg\fR, \fBwParam\fR and \fBlParam\fR arguments of \fIall\fR messages sent to
+the window procedure. It will estimate the entropy contained in the
+event message (if any), and add it to the \s-1PRNG\s0. The program can then
+process the messages as usual.
+.PP
+The \fIRAND_screen()\fR function is available for the convenience of Windows
+programmers. It adds the current contents of the screen to the \s-1PRNG\s0.
+For applications that can catch Windows events, seeding the \s-1PRNG\s0 by
+calling \fIRAND_event()\fR is a significantly better source of
+randomness. It should be noted that both methods cannot be used on
+servers that run without user interaction.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+\&\fIRAND_status()\fR and \fIRAND_event()\fR return 1 if the \s-1PRNG\s0 has been seeded
+with enough data, 0 otherwise.
+.PP
+The other functions do not return values.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIrand\fR\|(3), \fIRAND_egd\fR\|(3),
+\&\fIRAND_load_file\fR\|(3), \fIRAND_cleanup\fR\|(3)
+.SH "HISTORY"
+.IX Header "HISTORY"
+\&\fIRAND_seed()\fR and \fIRAND_screen()\fR are available in all versions of SSLeay
+and OpenSSL. \fIRAND_add()\fR and \fIRAND_status()\fR have been added in OpenSSL
+0.9.5, \fIRAND_event()\fR in OpenSSL 0.9.5a.
diff --git a/secure/lib/libcrypto/man/RAND_bytes.3 b/secure/lib/libcrypto/man/RAND_bytes.3
new file mode 100644
index 0000000..1da3eb6
--- /dev/null
+++ b/secure/lib/libcrypto/man/RAND_bytes.3
@@ -0,0 +1,173 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "RAND_bytes 3"
+.TH RAND_bytes 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+RAND_bytes, RAND_pseudo_bytes \- generate random data
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/rand.h>
+\&
+\& int RAND_bytes(unsigned char *buf, int num);
+\&
+\& int RAND_pseudo_bytes(unsigned char *buf, int num);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\fIRAND_bytes()\fR puts \fBnum\fR cryptographically strong pseudo-random bytes
+into \fBbuf\fR. An error occurs if the \s-1PRNG\s0 has not been seeded with
+enough randomness to ensure an unpredictable byte sequence.
+.PP
+\&\fIRAND_pseudo_bytes()\fR puts \fBnum\fR pseudo-random bytes into \fBbuf\fR.
+Pseudo-random byte sequences generated by \fIRAND_pseudo_bytes()\fR will be
+unique if they are of sufficient length, but are not necessarily
+unpredictable. They can be used for non-cryptographic purposes and for
+certain purposes in cryptographic protocols, but usually not for key
+generation etc.
+.PP
+The contents of \fBbuf\fR is mixed into the entropy pool before retrieving
+the new pseudo-random bytes unless disabled at compile time (see \s-1FAQ\s0).
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+\&\fIRAND_bytes()\fR returns 1 on success, 0 otherwise. The error code can be
+obtained by \fIERR_get_error\fR\|(3). \fIRAND_pseudo_bytes()\fR returns 1 if the
+bytes generated are cryptographically strong, 0 otherwise. Both
+functions return \-1 if they are not supported by the current \s-1RAND\s0
+method.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIrand\fR\|(3), \fIERR_get_error\fR\|(3),
+\&\fIRAND_add\fR\|(3)
+.SH "HISTORY"
+.IX Header "HISTORY"
+\&\fIRAND_bytes()\fR is available in all versions of SSLeay and OpenSSL. It
+has a return value since OpenSSL 0.9.5. \fIRAND_pseudo_bytes()\fR was added
+in OpenSSL 0.9.5.
diff --git a/secure/lib/libcrypto/man/RAND_cleanup.3 b/secure/lib/libcrypto/man/RAND_cleanup.3
new file mode 100644
index 0000000..13f245f
--- /dev/null
+++ b/secure/lib/libcrypto/man/RAND_cleanup.3
@@ -0,0 +1,152 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "RAND_cleanup 3"
+.TH RAND_cleanup 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+RAND_cleanup \- erase the PRNG state
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/rand.h>
+\&
+\& void RAND_cleanup(void);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\fIRAND_cleanup()\fR erases the memory used by the \s-1PRNG\s0.
+.SH "RETURN VALUE"
+.IX Header "RETURN VALUE"
+\&\fIRAND_cleanup()\fR returns no value.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIrand\fR\|(3)
+.SH "HISTORY"
+.IX Header "HISTORY"
+\&\fIRAND_cleanup()\fR is available in all versions of SSLeay and OpenSSL.
diff --git a/secure/lib/libcrypto/man/RAND_egd.3 b/secure/lib/libcrypto/man/RAND_egd.3
new file mode 100644
index 0000000..58784a9
--- /dev/null
+++ b/secure/lib/libcrypto/man/RAND_egd.3
@@ -0,0 +1,210 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "RAND_egd 3"
+.TH RAND_egd 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+RAND_egd \- query entropy gathering daemon
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/rand.h>
+\&
+\& int RAND_egd(const char *path);
+\& int RAND_egd_bytes(const char *path, int bytes);
+\&
+\& int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\fIRAND_egd()\fR queries the entropy gathering daemon \s-1EGD\s0 on socket \fBpath\fR.
+It queries 255 bytes and uses \fIRAND_add\fR\|(3) to seed the
+OpenSSL built-in \s-1PRNG\s0. RAND_egd(path) is a wrapper for
+RAND_egd_bytes(path, 255);
+.PP
+\&\fIRAND_egd_bytes()\fR queries the entropy gathering daemon \s-1EGD\s0 on socket \fBpath\fR.
+It queries \fBbytes\fR bytes and uses \fIRAND_add\fR\|(3) to seed the
+OpenSSL built-in \s-1PRNG\s0.
+This function is more flexible than \fIRAND_egd()\fR.
+When only one secret key must
+be generated, it is not necessary to request the full amount 255 bytes from
+the \s-1EGD\s0 socket. This can be advantageous, since the amount of entropy
+that can be retrieved from \s-1EGD\s0 over time is limited.
+.PP
+\&\fIRAND_query_egd_bytes()\fR performs the actual query of the \s-1EGD\s0 daemon on socket
+\&\fBpath\fR. If \fBbuf\fR is given, \fBbytes\fR bytes are queried and written into
+\&\fBbuf\fR. If \fBbuf\fR is \s-1NULL\s0, \fBbytes\fR bytes are queried and used to seed the
+OpenSSL built-in \s-1PRNG\s0 using \fIRAND_add\fR\|(3).
+.SH "NOTES"
+.IX Header "NOTES"
+On systems without /dev/*random devices providing entropy from the kernel,
+the \s-1EGD\s0 entropy gathering daemon can be used to collect entropy. It provides
+a socket interface through which entropy can be gathered in chunks up to
+255 bytes. Several chunks can be queried during one connection.
+.PP
+\&\s-1EGD\s0 is available from http://www.lothar.com/tech/crypto/ (\f(CW\*(C`perl
+Makefile.PL; make; make install\*(C'\fR to install). It is run as \fBegd\fR
+\&\fIpath\fR, where \fIpath\fR is an absolute path designating a socket. When
+\&\fIRAND_egd()\fR is called with that path as an argument, it tries to read
+random bytes that \s-1EGD\s0 has collected. \fIRAND_egd()\fR retrieves entropy from the
+daemon using the daemon's \*(L"non-blocking read\*(R" command which shall
+be answered immediately by the daemon without waiting for additional
+entropy to be collected. The write and read socket operations in the
+communication are blocking.
+.PP
+Alternatively, the EGD-interface compatible daemon \s-1PRNGD\s0 can be used. It is
+available from
+http://prngd.sourceforge.net/ .
+\&\s-1PRNGD\s0 does employ an internal \s-1PRNG\s0 itself and can therefore never run
+out of entropy.
+.PP
+OpenSSL automatically queries \s-1EGD\s0 when entropy is requested via \fIRAND_bytes()\fR
+or the status is checked via \fIRAND_status()\fR for the first time, if the socket
+is located at /var/run/egd\-pool, /dev/egd\-pool or /etc/egd\-pool.
+.SH "RETURN VALUE"
+.IX Header "RETURN VALUE"
+\&\fIRAND_egd()\fR and \fIRAND_egd_bytes()\fR return the number of bytes read from the
+daemon on success, and \-1 if the connection failed or the daemon did not
+return enough data to fully seed the \s-1PRNG\s0.
+.PP
+\&\fIRAND_query_egd_bytes()\fR returns the number of bytes read from the daemon on
+success, and \-1 if the connection failed. The \s-1PRNG\s0 state is not considered.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIrand\fR\|(3), \fIRAND_add\fR\|(3),
+\&\fIRAND_cleanup\fR\|(3)
+.SH "HISTORY"
+.IX Header "HISTORY"
+\&\fIRAND_egd()\fR is available since OpenSSL 0.9.5.
+.PP
+\&\fIRAND_egd_bytes()\fR is available since OpenSSL 0.9.6.
+.PP
+\&\fIRAND_query_egd_bytes()\fR is available since OpenSSL 0.9.7.
+.PP
+The automatic query of /var/run/egd\-pool et al was added in OpenSSL 0.9.7.
diff --git a/secure/lib/libcrypto/man/RAND_load_file.3 b/secure/lib/libcrypto/man/RAND_load_file.3
new file mode 100644
index 0000000..b0edd2b
--- /dev/null
+++ b/secure/lib/libcrypto/man/RAND_load_file.3
@@ -0,0 +1,176 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "RAND_load_file 3"
+.TH RAND_load_file 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+RAND_load_file, RAND_write_file, RAND_file_name \- PRNG seed file
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/rand.h>
+\&
+\& const char *RAND_file_name(char *buf, size_t num);
+\&
+\& int RAND_load_file(const char *filename, long max_bytes);
+\&
+\& int RAND_write_file(const char *filename);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\fIRAND_file_name()\fR generates a default path for the random seed
+file. \fBbuf\fR points to a buffer of size \fBnum\fR in which to store the
+filename. The seed file is \f(CW$RANDFILE\fR if that environment variable is
+set, \f(CW$HOME\fR/.rnd otherwise. If \f(CW$HOME\fR is not set either, or \fBnum\fR is
+too small for the path name, an error occurs.
+.PP
+\&\fIRAND_load_file()\fR reads a number of bytes from file \fBfilename\fR and
+adds them to the \s-1PRNG\s0. If \fBmax_bytes\fR is non-negative,
+up to to \fBmax_bytes\fR are read; starting with OpenSSL 0.9.5,
+if \fBmax_bytes\fR is \-1, the complete file is read.
+.PP
+\&\fIRAND_write_file()\fR writes a number of random bytes (currently 1024) to
+file \fBfilename\fR which can be used to initialize the \s-1PRNG\s0 by calling
+\&\fIRAND_load_file()\fR in a later session.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+\&\fIRAND_load_file()\fR returns the number of bytes read.
+.PP
+\&\fIRAND_write_file()\fR returns the number of bytes written, and \-1 if the
+bytes written were generated without appropriate seed.
+.PP
+\&\fIRAND_file_name()\fR returns a pointer to \fBbuf\fR on success, and \s-1NULL\s0 on
+error.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIrand\fR\|(3), \fIRAND_add\fR\|(3), \fIRAND_cleanup\fR\|(3)
+.SH "HISTORY"
+.IX Header "HISTORY"
+\&\fIRAND_load_file()\fR, \fIRAND_write_file()\fR and \fIRAND_file_name()\fR are available in
+all versions of SSLeay and OpenSSL.
diff --git a/secure/lib/libcrypto/man/RAND_set_rand_method.3 b/secure/lib/libcrypto/man/RAND_set_rand_method.3
new file mode 100644
index 0000000..722925d
--- /dev/null
+++ b/secure/lib/libcrypto/man/RAND_set_rand_method.3
@@ -0,0 +1,206 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "RAND_set_rand_method 3"
+.TH RAND_set_rand_method 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+RAND_set_rand_method, RAND_get_rand_method, RAND_SSLeay \- select RAND method
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/rand.h>
+\&
+\& void RAND_set_rand_method(const RAND_METHOD *meth);
+\&
+\& const RAND_METHOD *RAND_get_rand_method(void);
+\&
+\& RAND_METHOD *RAND_SSLeay(void);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+A \fB\s-1RAND_METHOD\s0\fR specifies the functions that OpenSSL uses for random number
+generation. By modifying the method, alternative implementations such as
+hardware RNGs may be used. \s-1IMPORTANT:\s0 See the \s-1NOTES\s0 section for important
+information about how these \s-1RAND\s0 \s-1API\s0 functions are affected by the use of
+\&\fB\s-1ENGINE\s0\fR \s-1API\s0 calls.
+.PP
+Initially, the default \s-1RAND_METHOD\s0 is the OpenSSL internal implementation, as
+returned by \fIRAND_SSLeay()\fR.
+.PP
+\&\fIRAND_set_default_method()\fR makes \fBmeth\fR the method for \s-1PRNG\s0 use. \fB\s-1NB\s0\fR: This is
+true only whilst no \s-1ENGINE\s0 has been set as a default for \s-1RAND\s0, so this function
+is no longer recommended.
+.PP
+\&\fIRAND_get_default_method()\fR returns a pointer to the current \s-1RAND_METHOD\s0.
+However, the meaningfulness of this result is dependent on whether the \s-1ENGINE\s0
+\&\s-1API\s0 is being used, so this function is no longer recommended.
+.SH "THE RAND_METHOD STRUCTURE"
+.IX Header "THE RAND_METHOD STRUCTURE"
+.Vb 9
+\& typedef struct rand_meth_st
+\& {
+\& void (*seed)(const void *buf, int num);
+\& int (*bytes)(unsigned char *buf, int num);
+\& void (*cleanup)(void);
+\& void (*add)(const void *buf, int num, int entropy);
+\& int (*pseudorand)(unsigned char *buf, int num);
+\& int (*status)(void);
+\& } RAND_METHOD;
+.Ve
+.PP
+The components point to the implementation of \fIRAND_seed()\fR,
+\&\fIRAND_bytes()\fR, \fIRAND_cleanup()\fR, \fIRAND_add()\fR, \fIRAND_pseudo_rand()\fR
+and \fIRAND_status()\fR.
+Each component may be \s-1NULL\s0 if the function is not implemented.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+\&\fIRAND_set_rand_method()\fR returns no value. \fIRAND_get_rand_method()\fR and
+\&\fIRAND_SSLeay()\fR return pointers to the respective methods.
+.SH "NOTES"
+.IX Header "NOTES"
+As of version 0.9.7, \s-1RAND_METHOD\s0 implementations are grouped together with other
+algorithmic APIs (eg. \s-1RSA_METHOD\s0, \s-1EVP_CIPHER\s0, etc) in \fB\s-1ENGINE\s0\fR modules. If a
+default \s-1ENGINE\s0 is specified for \s-1RAND\s0 functionality using an \s-1ENGINE\s0 \s-1API\s0 function,
+that will override any \s-1RAND\s0 defaults set using the \s-1RAND\s0 \s-1API\s0 (ie.
+\&\fIRAND_set_rand_method()\fR). For this reason, the \s-1ENGINE\s0 \s-1API\s0 is the recommended way
+to control default implementations for use in \s-1RAND\s0 and other cryptographic
+algorithms.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIrand\fR\|(3), \fIengine\fR\|(3)
+.SH "HISTORY"
+.IX Header "HISTORY"
+\&\fIRAND_set_rand_method()\fR, \fIRAND_get_rand_method()\fR and \fIRAND_SSLeay()\fR are
+available in all versions of OpenSSL.
+.PP
+In the engine version of version 0.9.6, \fIRAND_set_rand_method()\fR was altered to
+take an \s-1ENGINE\s0 pointer as its argument. As of version 0.9.7, that has been
+reverted as the \s-1ENGINE\s0 \s-1API\s0 transparently overrides \s-1RAND\s0 defaults if used,
+otherwise \s-1RAND\s0 \s-1API\s0 functions work as before. \fIRAND_set_rand_engine()\fR was also
+introduced in version 0.9.7.
diff --git a/secure/lib/libcrypto/man/RSA_blinding_on.3 b/secure/lib/libcrypto/man/RSA_blinding_on.3
new file mode 100644
index 0000000..61aabbf
--- /dev/null
+++ b/secure/lib/libcrypto/man/RSA_blinding_on.3
@@ -0,0 +1,166 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "RSA_blinding_on 3"
+.TH RSA_blinding_on 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+RSA_blinding_on, RSA_blinding_off \- protect the RSA operation from timing attacks
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/rsa.h>
+\&
+\& int RSA_blinding_on(RSA *rsa, BN_CTX *ctx);
+\&
+\& void RSA_blinding_off(RSA *rsa);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\s-1RSA\s0 is vulnerable to timing attacks. In a setup where attackers can
+measure the time of \s-1RSA\s0 decryption or signature operations, blinding
+must be used to protect the \s-1RSA\s0 operation from that attack.
+.PP
+\&\fIRSA_blinding_on()\fR turns blinding on for key \fBrsa\fR and generates a
+random blinding factor. \fBctx\fR is \fB\s-1NULL\s0\fR or a pre-allocated and
+initialized \fB\s-1BN_CTX\s0\fR. The random number generator must be seeded
+prior to calling \fIRSA_blinding_on()\fR.
+.PP
+\&\fIRSA_blinding_off()\fR turns blinding off and frees the memory used for
+the blinding factor.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+\&\fIRSA_blinding_on()\fR returns 1 on success, and 0 if an error occurred.
+.PP
+\&\fIRSA_blinding_off()\fR returns no value.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIrsa\fR\|(3), \fIrand\fR\|(3)
+.SH "HISTORY"
+.IX Header "HISTORY"
+\&\fIRSA_blinding_on()\fR and \fIRSA_blinding_off()\fR appeared in SSLeay 0.9.0.
diff --git a/secure/lib/libcrypto/man/RSA_check_key.3 b/secure/lib/libcrypto/man/RSA_check_key.3
new file mode 100644
index 0000000..4fba01d
--- /dev/null
+++ b/secure/lib/libcrypto/man/RSA_check_key.3
@@ -0,0 +1,188 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "RSA_check_key 3"
+.TH RSA_check_key 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+RSA_check_key \- validate private RSA keys
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/rsa.h>
+\&
+\& int RSA_check_key(RSA *rsa);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+This function validates \s-1RSA\s0 keys. It checks that \fBp\fR and \fBq\fR are
+in fact prime, and that \fBn = p*q\fR.
+.PP
+It also checks that \fBd*e = 1 mod (p\-1*q\-1)\fR,
+and that \fBdmp1\fR, \fBdmq1\fR and \fBiqmp\fR are set correctly or are \fB\s-1NULL\s0\fR.
+.PP
+As such, this function can not be used with any arbitrary \s-1RSA\s0 key object,
+even if it is otherwise fit for regular \s-1RSA\s0 operation. See \fB\s-1NOTES\s0\fR for more
+information.
+.SH "RETURN VALUE"
+.IX Header "RETURN VALUE"
+\&\fIRSA_check_key()\fR returns 1 if \fBrsa\fR is a valid \s-1RSA\s0 key, and 0 otherwise.
+\&\-1 is returned if an error occurs while checking the key.
+.PP
+If the key is invalid or an error occurred, the reason code can be
+obtained using \fIERR_get_error\fR\|(3).
+.SH "NOTES"
+.IX Header "NOTES"
+This function does not work on \s-1RSA\s0 public keys that have only the modulus
+and public exponent elements populated. It performs integrity checks on all
+the \s-1RSA\s0 key material, so the \s-1RSA\s0 key structure must contain all the private
+key data too.
+.PP
+Unlike most other \s-1RSA\s0 functions, this function does \fBnot\fR work
+transparently with any underlying \s-1ENGINE\s0 implementation because it uses the
+key data in the \s-1RSA\s0 structure directly. An \s-1ENGINE\s0 implementation can
+override the way key data is stored and handled, and can even provide
+support for \s-1HSM\s0 keys \- in which case the \s-1RSA\s0 structure may contain \fBno\fR
+key data at all! If the \s-1ENGINE\s0 in question is only being used for
+acceleration or analysis purposes, then in all likelihood the \s-1RSA\s0 key data
+is complete and untouched, but this can't be assumed in the general case.
+.SH "BUGS"
+.IX Header "BUGS"
+A method of verifying the \s-1RSA\s0 key using opaque \s-1RSA\s0 \s-1API\s0 functions might need
+to be considered. Right now \fIRSA_check_key()\fR simply uses the \s-1RSA\s0 structure
+elements directly, bypassing the \s-1RSA_METHOD\s0 table altogether (and
+completely violating encapsulation and object-orientation in the process).
+The best fix will probably be to introduce a \*(L"\fIcheck_key()\fR\*(R" handler to the
+\&\s-1RSA_METHOD\s0 function table so that alternative implementations can also
+provide their own verifiers.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIrsa\fR\|(3), \fIERR_get_error\fR\|(3)
+.SH "HISTORY"
+.IX Header "HISTORY"
+\&\fIRSA_check_key()\fR appeared in OpenSSL 0.9.4.
diff --git a/secure/lib/libcrypto/man/RSA_generate_key.3 b/secure/lib/libcrypto/man/RSA_generate_key.3
new file mode 100644
index 0000000..d71fe32
--- /dev/null
+++ b/secure/lib/libcrypto/man/RSA_generate_key.3
@@ -0,0 +1,181 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "RSA_generate_key 3"
+.TH RSA_generate_key 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+RSA_generate_key \- generate RSA key pair
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/rsa.h>
+\&
+\& RSA *RSA_generate_key(int num, unsigned long e,
+\& void (*callback)(int,int,void *), void *cb_arg);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\fIRSA_generate_key()\fR generates a key pair and returns it in a newly
+allocated \fB\s-1RSA\s0\fR structure. The pseudo-random number generator must
+be seeded prior to calling \fIRSA_generate_key()\fR.
+.PP
+The modulus size will be \fBnum\fR bits, and the public exponent will be
+\&\fBe\fR. Key sizes with \fBnum\fR < 1024 should be considered insecure.
+The exponent is an odd number, typically 3, 17 or 65537.
+.PP
+A callback function may be used to provide feedback about the
+progress of the key generation. If \fBcallback\fR is not \fB\s-1NULL\s0\fR, it
+will be called as follows:
+.IP "\(bu" 4
+While a random prime number is generated, it is called as
+described in \fIBN_generate_prime\fR\|(3).
+.IP "\(bu" 4
+When the n\-th randomly generated prime is rejected as not
+suitable for the key, \fBcallback(2, n, cb_arg)\fR is called.
+.IP "\(bu" 4
+When a random p has been found with p\-1 relatively prime to \fBe\fR,
+it is called as \fBcallback(3, 0, cb_arg)\fR.
+.PP
+The process is then repeated for prime q with \fBcallback(3, 1, cb_arg)\fR.
+.SH "RETURN VALUE"
+.IX Header "RETURN VALUE"
+If key generation fails, \fIRSA_generate_key()\fR returns \fB\s-1NULL\s0\fR; the
+error codes can be obtained by \fIERR_get_error\fR\|(3).
+.SH "BUGS"
+.IX Header "BUGS"
+\&\fBcallback(2, x, cb_arg)\fR is used with two different meanings.
+.PP
+\&\fIRSA_generate_key()\fR goes into an infinite loop for illegal input values.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIERR_get_error\fR\|(3), \fIrand\fR\|(3), \fIrsa\fR\|(3),
+\&\fIRSA_free\fR\|(3)
+.SH "HISTORY"
+.IX Header "HISTORY"
+The \fBcb_arg\fR argument was added in SSLeay 0.9.0.
diff --git a/secure/lib/libcrypto/man/RSA_get_ex_new_index.3 b/secure/lib/libcrypto/man/RSA_get_ex_new_index.3
new file mode 100644
index 0000000..f0ea95a
--- /dev/null
+++ b/secure/lib/libcrypto/man/RSA_get_ex_new_index.3
@@ -0,0 +1,242 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "RSA_get_ex_new_index 3"
+.TH RSA_get_ex_new_index 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+RSA_get_ex_new_index, RSA_set_ex_data, RSA_get_ex_data \- add application specific data to RSA structures
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/rsa.h>
+\&
+\& int RSA_get_ex_new_index(long argl, void *argp,
+\& CRYPTO_EX_new *new_func,
+\& CRYPTO_EX_dup *dup_func,
+\& CRYPTO_EX_free *free_func);
+\&
+\& int RSA_set_ex_data(RSA *r, int idx, void *arg);
+\&
+\& void *RSA_get_ex_data(RSA *r, int idx);
+\&
+\& typedef int CRYPTO_EX_new(void *parent, void *ptr, CRYPTO_EX_DATA *ad,
+\& int idx, long argl, void *argp);
+\& typedef void CRYPTO_EX_free(void *parent, void *ptr, CRYPTO_EX_DATA *ad,
+\& int idx, long argl, void *argp);
+\& typedef int CRYPTO_EX_dup(CRYPTO_EX_DATA *to, CRYPTO_EX_DATA *from, void *from_d,
+\& int idx, long argl, void *argp);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+Several OpenSSL structures can have application specific data attached to them.
+This has several potential uses, it can be used to cache data associated with
+a structure (for example the hash of some part of the structure) or some
+additional data (for example a handle to the data in an external library).
+.PP
+Since the application data can be anything at all it is passed and retrieved
+as a \fBvoid *\fR type.
+.PP
+The \fB\f(BIRSA_get_ex_new_index()\fB\fR function is initially called to \*(L"register\*(R" some
+new application specific data. It takes three optional function pointers which
+are called when the parent structure (in this case an \s-1RSA\s0 structure) is
+initially created, when it is copied and when it is freed up. If any or all of
+these function pointer arguments are not used they should be set to \s-1NULL\s0. The
+precise manner in which these function pointers are called is described in more
+detail below. \fB\f(BIRSA_get_ex_new_index()\fB\fR also takes additional long and pointer
+parameters which will be passed to the supplied functions but which otherwise
+have no special meaning. It returns an \fBindex\fR which should be stored
+(typically in a static variable) and passed used in the \fBidx\fR parameter in
+the remaining functions. Each successful call to \fB\f(BIRSA_get_ex_new_index()\fB\fR
+will return an index greater than any previously returned, this is important
+because the optional functions are called in order of increasing index value.
+.PP
+\&\fB\f(BIRSA_set_ex_data()\fB\fR is used to set application specific data, the data is
+supplied in the \fBarg\fR parameter and its precise meaning is up to the
+application.
+.PP
+\&\fB\f(BIRSA_get_ex_data()\fB\fR is used to retrieve application specific data. The data
+is returned to the application, this will be the same value as supplied to
+a previous \fB\f(BIRSA_set_ex_data()\fB\fR call.
+.PP
+\&\fB\f(BInew_func()\fB\fR is called when a structure is initially allocated (for example
+with \fB\f(BIRSA_new()\fB\fR. The parent structure members will not have any meaningful
+values at this point. This function will typically be used to allocate any
+application specific structure.
+.PP
+\&\fB\f(BIfree_func()\fB\fR is called when a structure is being freed up. The dynamic parent
+structure members should not be accessed because they will be freed up when
+this function is called.
+.PP
+\&\fB\f(BInew_func()\fB\fR and \fB\f(BIfree_func()\fB\fR take the same parameters. \fBparent\fR is a
+pointer to the parent \s-1RSA\s0 structure. \fBptr\fR is a the application specific data
+(this wont be of much use in \fB\f(BInew_func()\fB\fR. \fBad\fR is a pointer to the
+\&\fB\s-1CRYPTO_EX_DATA\s0\fR structure from the parent \s-1RSA\s0 structure: the functions
+\&\fB\f(BICRYPTO_get_ex_data()\fB\fR and \fB\f(BICRYPTO_set_ex_data()\fB\fR can be called to manipulate
+it. The \fBidx\fR parameter is the index: this will be the same value returned by
+\&\fB\f(BIRSA_get_ex_new_index()\fB\fR when the functions were initially registered. Finally
+the \fBargl\fR and \fBargp\fR parameters are the values originally passed to the same
+corresponding parameters when \fB\f(BIRSA_get_ex_new_index()\fB\fR was called.
+.PP
+\&\fB\f(BIdup_func()\fB\fR is called when a structure is being copied. Pointers to the
+destination and source \fB\s-1CRYPTO_EX_DATA\s0\fR structures are passed in the \fBto\fR and
+\&\fBfrom\fR parameters respectively. The \fBfrom_d\fR parameter is passed a pointer to
+the source application data when the function is called, when the function returns
+the value is copied to the destination: the application can thus modify the data
+pointed to by \fBfrom_d\fR and have different values in the source and destination.
+The \fBidx\fR, \fBargl\fR and \fBargp\fR parameters are the same as those in \fB\f(BInew_func()\fB\fR
+and \fB\f(BIfree_func()\fB\fR.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+\&\fB\f(BIRSA_get_ex_new_index()\fB\fR returns a new index or \-1 on failure (note 0 is a valid
+index value).
+.PP
+\&\fB\f(BIRSA_set_ex_data()\fB\fR returns 1 on success or 0 on failure.
+.PP
+\&\fB\f(BIRSA_get_ex_data()\fB\fR returns the application data or 0 on failure. 0 may also
+be valid application data but currently it can only fail if given an invalid \fBidx\fR
+parameter.
+.PP
+\&\fB\f(BInew_func()\fB\fR and \fB\f(BIdup_func()\fB\fR should return 0 for failure and 1 for success.
+.PP
+On failure an error code can be obtained from \fIERR_get_error\fR\|(3).
+.SH "BUGS"
+.IX Header "BUGS"
+\&\fB\f(BIdup_func()\fB\fR is currently never called.
+.PP
+The return value of \fB\f(BInew_func()\fB\fR is ignored.
+.PP
+The \fB\f(BInew_func()\fB\fR function isn't very useful because no meaningful values are
+present in the parent \s-1RSA\s0 structure when it is called.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIrsa\fR\|(3), \fICRYPTO_set_ex_data\fR\|(3)
+.SH "HISTORY"
+.IX Header "HISTORY"
+\&\fIRSA_get_ex_new_index()\fR, \fIRSA_set_ex_data()\fR and \fIRSA_get_ex_data()\fR are
+available since SSLeay 0.9.0.
diff --git a/secure/lib/libcrypto/man/RSA_new.3 b/secure/lib/libcrypto/man/RSA_new.3
new file mode 100644
index 0000000..331128e
--- /dev/null
+++ b/secure/lib/libcrypto/man/RSA_new.3
@@ -0,0 +1,164 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "RSA_new 3"
+.TH RSA_new 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+RSA_new, RSA_free \- allocate and free RSA objects
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/rsa.h>
+\&
+\& RSA * RSA_new(void);
+\&
+\& void RSA_free(RSA *rsa);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\fIRSA_new()\fR allocates and initializes an \fB\s-1RSA\s0\fR structure. It is equivalent to
+calling RSA_new_method(\s-1NULL\s0).
+.PP
+\&\fIRSA_free()\fR frees the \fB\s-1RSA\s0\fR structure and its components. The key is
+erased before the memory is returned to the system.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+If the allocation fails, \fIRSA_new()\fR returns \fB\s-1NULL\s0\fR and sets an error
+code that can be obtained by \fIERR_get_error\fR\|(3). Otherwise it returns
+a pointer to the newly allocated structure.
+.PP
+\&\fIRSA_free()\fR returns no value.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIERR_get_error\fR\|(3), \fIrsa\fR\|(3),
+\&\fIRSA_generate_key\fR\|(3),
+\&\fIRSA_new_method\fR\|(3)
+.SH "HISTORY"
+.IX Header "HISTORY"
+\&\fIRSA_new()\fR and \fIRSA_free()\fR are available in all versions of SSLeay and OpenSSL.
diff --git a/secure/lib/libcrypto/man/RSA_padding_add_PKCS1_type_1.3 b/secure/lib/libcrypto/man/RSA_padding_add_PKCS1_type_1.3
new file mode 100644
index 0000000..86fc5dd
--- /dev/null
+++ b/secure/lib/libcrypto/man/RSA_padding_add_PKCS1_type_1.3
@@ -0,0 +1,238 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "RSA_padding_add_PKCS1_type_1 3"
+.TH RSA_padding_add_PKCS1_type_1 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+RSA_padding_add_PKCS1_type_1, RSA_padding_check_PKCS1_type_1,
+RSA_padding_add_PKCS1_type_2, RSA_padding_check_PKCS1_type_2,
+RSA_padding_add_PKCS1_OAEP, RSA_padding_check_PKCS1_OAEP,
+RSA_padding_add_SSLv23, RSA_padding_check_SSLv23,
+RSA_padding_add_none, RSA_padding_check_none \- asymmetric encryption
+padding
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/rsa.h>
+\&
+\& int RSA_padding_add_PKCS1_type_1(unsigned char *to, int tlen,
+\& unsigned char *f, int fl);
+\&
+\& int RSA_padding_check_PKCS1_type_1(unsigned char *to, int tlen,
+\& unsigned char *f, int fl, int rsa_len);
+\&
+\& int RSA_padding_add_PKCS1_type_2(unsigned char *to, int tlen,
+\& unsigned char *f, int fl);
+\&
+\& int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen,
+\& unsigned char *f, int fl, int rsa_len);
+\&
+\& int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen,
+\& unsigned char *f, int fl, unsigned char *p, int pl);
+\&
+\& int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen,
+\& unsigned char *f, int fl, int rsa_len, unsigned char *p, int pl);
+\&
+\& int RSA_padding_add_SSLv23(unsigned char *to, int tlen,
+\& unsigned char *f, int fl);
+\&
+\& int RSA_padding_check_SSLv23(unsigned char *to, int tlen,
+\& unsigned char *f, int fl, int rsa_len);
+\&
+\& int RSA_padding_add_none(unsigned char *to, int tlen,
+\& unsigned char *f, int fl);
+\&
+\& int RSA_padding_check_none(unsigned char *to, int tlen,
+\& unsigned char *f, int fl, int rsa_len);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+The \fIRSA_padding_xxx_xxx()\fR functions are called from the \s-1RSA\s0 encrypt,
+decrypt, sign and verify functions. Normally they should not be called
+from application programs.
+.PP
+However, they can also be called directly to implement padding for other
+asymmetric ciphers. \fIRSA_padding_add_PKCS1_OAEP()\fR and
+\&\fIRSA_padding_check_PKCS1_OAEP()\fR may be used in an application combined
+with \fB\s-1RSA_NO_PADDING\s0\fR in order to implement \s-1OAEP\s0 with an encoding
+parameter.
+.PP
+\&\fIRSA_padding_add_xxx()\fR encodes \fBfl\fR bytes from \fBf\fR so as to fit into
+\&\fBtlen\fR bytes and stores the result at \fBto\fR. An error occurs if \fBfl\fR
+does not meet the size requirements of the encoding method.
+.PP
+The following encoding methods are implemented:
+.IP "PKCS1_type_1" 4
+.IX Item "PKCS1_type_1"
+\&\s-1PKCS\s0 #1 v2.0 EMSA\-PKCS1\-v1_5 (\s-1PKCS\s0 #1 v1.5 block type 1); used for signatures
+.IP "PKCS1_type_2" 4
+.IX Item "PKCS1_type_2"
+\&\s-1PKCS\s0 #1 v2.0 EME\-PKCS1\-v1_5 (\s-1PKCS\s0 #1 v1.5 block type 2)
+.IP "\s-1PKCS1_OAEP\s0" 4
+.IX Item "PKCS1_OAEP"
+\&\s-1PKCS\s0 #1 v2.0 EME-OAEP
+.IP "SSLv23" 4
+.IX Item "SSLv23"
+\&\s-1PKCS\s0 #1 EME\-PKCS1\-v1_5 with SSL-specific modification
+.IP "none" 4
+.IX Item "none"
+simply copy the data
+.PP
+The random number generator must be seeded prior to calling
+\&\fIRSA_padding_add_xxx()\fR.
+.PP
+\&\fIRSA_padding_check_xxx()\fR verifies that the \fBfl\fR bytes at \fBf\fR contain
+a valid encoding for a \fBrsa_len\fR byte \s-1RSA\s0 key in the respective
+encoding method and stores the recovered data of at most \fBtlen\fR bytes
+(for \fB\s-1RSA_NO_PADDING\s0\fR: of size \fBtlen\fR)
+at \fBto\fR.
+.PP
+For \fIRSA_padding_xxx_OAEP()\fR, \fBp\fR points to the encoding parameter
+of length \fBpl\fR. \fBp\fR may be \fB\s-1NULL\s0\fR if \fBpl\fR is 0.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+The \fIRSA_padding_add_xxx()\fR functions return 1 on success, 0 on error.
+The \fIRSA_padding_check_xxx()\fR functions return the length of the
+recovered data, \-1 on error. Error codes can be obtained by calling
+\&\fIERR_get_error\fR\|(3).
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIRSA_public_encrypt\fR\|(3),
+\&\fIRSA_private_decrypt\fR\|(3),
+\&\fIRSA_sign\fR\|(3), \fIRSA_verify\fR\|(3)
+.SH "HISTORY"
+.IX Header "HISTORY"
+\&\fIRSA_padding_add_PKCS1_type_1()\fR, \fIRSA_padding_check_PKCS1_type_1()\fR,
+\&\fIRSA_padding_add_PKCS1_type_2()\fR, \fIRSA_padding_check_PKCS1_type_2()\fR,
+\&\fIRSA_padding_add_SSLv23()\fR, \fIRSA_padding_check_SSLv23()\fR,
+\&\fIRSA_padding_add_none()\fR and \fIRSA_padding_check_none()\fR appeared in
+SSLeay 0.9.0.
+.PP
+\&\fIRSA_padding_add_PKCS1_OAEP()\fR and \fIRSA_padding_check_PKCS1_OAEP()\fR were
+added in OpenSSL 0.9.2b.
diff --git a/secure/lib/libcrypto/man/RSA_print.3 b/secure/lib/libcrypto/man/RSA_print.3
new file mode 100644
index 0000000..5337147
--- /dev/null
+++ b/secure/lib/libcrypto/man/RSA_print.3
@@ -0,0 +1,172 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "RSA_print 3"
+.TH RSA_print 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+RSA_print, RSA_print_fp,
+DSAparams_print, DSAparams_print_fp, DSA_print, DSA_print_fp,
+DHparams_print, DHparams_print_fp \- print cryptographic parameters
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/rsa.h>
+\&
+\& int RSA_print(BIO *bp, RSA *x, int offset);
+\& int RSA_print_fp(FILE *fp, RSA *x, int offset);
+\&
+\& #include <openssl/dsa.h>
+\&
+\& int DSAparams_print(BIO *bp, DSA *x);
+\& int DSAparams_print_fp(FILE *fp, DSA *x);
+\& int DSA_print(BIO *bp, DSA *x, int offset);
+\& int DSA_print_fp(FILE *fp, DSA *x, int offset);
+\&
+\& #include <openssl/dh.h>
+\&
+\& int DHparams_print(BIO *bp, DH *x);
+\& int DHparams_print_fp(FILE *fp, DH *x);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+A human-readable hexadecimal output of the components of the \s-1RSA\s0
+key, \s-1DSA\s0 parameters or key or \s-1DH\s0 parameters is printed to \fBbp\fR or \fBfp\fR.
+.PP
+The output lines are indented by \fBoffset\fR spaces.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+These functions return 1 on success, 0 on error.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIdh\fR\|(3), \fIdsa\fR\|(3), \fIrsa\fR\|(3), \fIBN_bn2bin\fR\|(3)
+.SH "HISTORY"
+.IX Header "HISTORY"
+\&\fIRSA_print()\fR, \fIRSA_print_fp()\fR, \fIDSA_print()\fR, \fIDSA_print_fp()\fR, \fIDH_print()\fR,
+\&\fIDH_print_fp()\fR are available in all versions of SSLeay and OpenSSL.
+\&\fIDSAparams_print()\fR and \fIDSAparams_print_fp()\fR were added in SSLeay 0.8.
diff --git a/secure/lib/libcrypto/man/RSA_private_encrypt.3 b/secure/lib/libcrypto/man/RSA_private_encrypt.3
new file mode 100644
index 0000000..94471c6
--- /dev/null
+++ b/secure/lib/libcrypto/man/RSA_private_encrypt.3
@@ -0,0 +1,187 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "RSA_private_encrypt 3"
+.TH RSA_private_encrypt 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+RSA_private_encrypt, RSA_public_decrypt \- low level signature operations
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/rsa.h>
+\&
+\& int RSA_private_encrypt(int flen, unsigned char *from,
+\& unsigned char *to, RSA *rsa, int padding);
+\&
+\& int RSA_public_decrypt(int flen, unsigned char *from,
+\& unsigned char *to, RSA *rsa, int padding);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+These functions handle \s-1RSA\s0 signatures at a low level.
+.PP
+\&\fIRSA_private_encrypt()\fR signs the \fBflen\fR bytes at \fBfrom\fR (usually a
+message digest with an algorithm identifier) using the private key
+\&\fBrsa\fR and stores the signature in \fBto\fR. \fBto\fR must point to
+\&\fBRSA_size(rsa)\fR bytes of memory.
+.PP
+\&\fBpadding\fR denotes one of the following modes:
+.IP "\s-1RSA_PKCS1_PADDING\s0" 4
+.IX Item "RSA_PKCS1_PADDING"
+\&\s-1PKCS\s0 #1 v1.5 padding. This function does not handle the
+\&\fBalgorithmIdentifier\fR specified in \s-1PKCS\s0 #1. When generating or
+verifying \s-1PKCS\s0 #1 signatures, \fIRSA_sign\fR\|(3) and \fIRSA_verify\fR\|(3) should be
+used.
+.IP "\s-1RSA_NO_PADDING\s0" 4
+.IX Item "RSA_NO_PADDING"
+Raw \s-1RSA\s0 signature. This mode should \fIonly\fR be used to implement
+cryptographically sound padding modes in the application code.
+Signing user data directly with \s-1RSA\s0 is insecure.
+.PP
+\&\fIRSA_public_decrypt()\fR recovers the message digest from the \fBflen\fR
+bytes long signature at \fBfrom\fR using the signer's public key
+\&\fBrsa\fR. \fBto\fR must point to a memory section large enough to hold the
+message digest (which is smaller than \fBRSA_size(rsa) \-
+11\fR). \fBpadding\fR is the padding mode that was used to sign the data.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+\&\fIRSA_private_encrypt()\fR returns the size of the signature (i.e.,
+RSA_size(rsa)). \fIRSA_public_decrypt()\fR returns the size of the
+recovered message digest.
+.PP
+On error, \-1 is returned; the error codes can be
+obtained by \fIERR_get_error\fR\|(3).
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIERR_get_error\fR\|(3), \fIrsa\fR\|(3),
+\&\fIRSA_sign\fR\|(3), \fIRSA_verify\fR\|(3)
+.SH "HISTORY"
+.IX Header "HISTORY"
+The \fBpadding\fR argument was added in SSLeay 0.8. \s-1RSA_NO_PADDING\s0 is
+available since SSLeay 0.9.0.
diff --git a/secure/lib/libcrypto/man/RSA_public_encrypt.3 b/secure/lib/libcrypto/man/RSA_public_encrypt.3
new file mode 100644
index 0000000..5edece8
--- /dev/null
+++ b/secure/lib/libcrypto/man/RSA_public_encrypt.3
@@ -0,0 +1,198 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "RSA_public_encrypt 3"
+.TH RSA_public_encrypt 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+RSA_public_encrypt, RSA_private_decrypt \- RSA public key cryptography
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/rsa.h>
+\&
+\& int RSA_public_encrypt(int flen, unsigned char *from,
+\& unsigned char *to, RSA *rsa, int padding);
+\&
+\& int RSA_private_decrypt(int flen, unsigned char *from,
+\& unsigned char *to, RSA *rsa, int padding);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\fIRSA_public_encrypt()\fR encrypts the \fBflen\fR bytes at \fBfrom\fR (usually a
+session key) using the public key \fBrsa\fR and stores the ciphertext in
+\&\fBto\fR. \fBto\fR must point to RSA_size(\fBrsa\fR) bytes of memory.
+.PP
+\&\fBpadding\fR denotes one of the following modes:
+.IP "\s-1RSA_PKCS1_PADDING\s0" 4
+.IX Item "RSA_PKCS1_PADDING"
+\&\s-1PKCS\s0 #1 v1.5 padding. This currently is the most widely used mode.
+.IP "\s-1RSA_PKCS1_OAEP_PADDING\s0" 4
+.IX Item "RSA_PKCS1_OAEP_PADDING"
+EME-OAEP as defined in \s-1PKCS\s0 #1 v2.0 with \s-1SHA\-1\s0, \s-1MGF1\s0 and an empty
+encoding parameter. This mode is recommended for all new applications.
+.IP "\s-1RSA_SSLV23_PADDING\s0" 4
+.IX Item "RSA_SSLV23_PADDING"
+\&\s-1PKCS\s0 #1 v1.5 padding with an SSL-specific modification that denotes
+that the server is \s-1SSL3\s0 capable.
+.IP "\s-1RSA_NO_PADDING\s0" 4
+.IX Item "RSA_NO_PADDING"
+Raw \s-1RSA\s0 encryption. This mode should \fIonly\fR be used to implement
+cryptographically sound padding modes in the application code.
+Encrypting user data directly with \s-1RSA\s0 is insecure.
+.PP
+\&\fBflen\fR must be less than RSA_size(\fBrsa\fR) \- 11 for the \s-1PKCS\s0 #1 v1.5
+based padding modes, less than RSA_size(\fBrsa\fR) \- 41 for
+\&\s-1RSA_PKCS1_OAEP_PADDING\s0 and exactly RSA_size(\fBrsa\fR) for \s-1RSA_NO_PADDING\s0.
+The random number generator must be seeded prior to calling
+\&\fIRSA_public_encrypt()\fR.
+.PP
+\&\fIRSA_private_decrypt()\fR decrypts the \fBflen\fR bytes at \fBfrom\fR using the
+private key \fBrsa\fR and stores the plaintext in \fBto\fR. \fBto\fR must point
+to a memory section large enough to hold the decrypted data (which is
+smaller than RSA_size(\fBrsa\fR)). \fBpadding\fR is the padding mode that
+was used to encrypt the data.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+\&\fIRSA_public_encrypt()\fR returns the size of the encrypted data (i.e.,
+RSA_size(\fBrsa\fR)). \fIRSA_private_decrypt()\fR returns the size of the
+recovered plaintext.
+.PP
+On error, \-1 is returned; the error codes can be
+obtained by \fIERR_get_error\fR\|(3).
+.SH "CONFORMING TO"
+.IX Header "CONFORMING TO"
+\&\s-1SSL\s0, \s-1PKCS\s0 #1 v2.0
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIERR_get_error\fR\|(3), \fIrand\fR\|(3), \fIrsa\fR\|(3),
+\&\fIRSA_size\fR\|(3)
+.SH "HISTORY"
+.IX Header "HISTORY"
+The \fBpadding\fR argument was added in SSLeay 0.8. \s-1RSA_NO_PADDING\s0 is
+available since SSLeay 0.9.0, \s-1OAEP\s0 was added in OpenSSL 0.9.2b.
diff --git a/secure/lib/libcrypto/man/RSA_set_method.3 b/secure/lib/libcrypto/man/RSA_set_method.3
new file mode 100644
index 0000000..e746746
--- /dev/null
+++ b/secure/lib/libcrypto/man/RSA_set_method.3
@@ -0,0 +1,324 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "RSA_set_method 3"
+.TH RSA_set_method 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+RSA_set_default_method, RSA_get_default_method, RSA_set_method,
+RSA_get_method, RSA_PKCS1_SSLeay, RSA_null_method, RSA_flags,
+RSA_new_method \- select RSA method
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/rsa.h>
+\&
+\& void RSA_set_default_method(const RSA_METHOD *meth);
+\&
+\& RSA_METHOD *RSA_get_default_method(void);
+\&
+\& int RSA_set_method(RSA *rsa, const RSA_METHOD *meth);
+\&
+\& RSA_METHOD *RSA_get_method(const RSA *rsa);
+\&
+\& RSA_METHOD *RSA_PKCS1_SSLeay(void);
+\&
+\& RSA_METHOD *RSA_null_method(void);
+\&
+\& int RSA_flags(const RSA *rsa);
+\&
+\& RSA *RSA_new_method(RSA_METHOD *method);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+An \fB\s-1RSA_METHOD\s0\fR specifies the functions that OpenSSL uses for \s-1RSA\s0
+operations. By modifying the method, alternative implementations such as
+hardware accelerators may be used. \s-1IMPORTANT:\s0 See the \s-1NOTES\s0 section for
+important information about how these \s-1RSA\s0 \s-1API\s0 functions are affected by the
+use of \fB\s-1ENGINE\s0\fR \s-1API\s0 calls.
+.PP
+Initially, the default \s-1RSA_METHOD\s0 is the OpenSSL internal implementation,
+as returned by \fIRSA_PKCS1_SSLeay()\fR.
+.PP
+\&\fIRSA_set_default_method()\fR makes \fBmeth\fR the default method for all \s-1RSA\s0
+structures created later. \fB\s-1NB\s0\fR: This is true only whilst no \s-1ENGINE\s0 has
+been set as a default for \s-1RSA\s0, so this function is no longer recommended.
+.PP
+\&\fIRSA_get_default_method()\fR returns a pointer to the current default
+\&\s-1RSA_METHOD\s0. However, the meaningfulness of this result is dependent on
+whether the \s-1ENGINE\s0 \s-1API\s0 is being used, so this function is no longer
+recommended.
+.PP
+\&\fIRSA_set_method()\fR selects \fBmeth\fR to perform all operations using the key
+\&\fBrsa\fR. This will replace the \s-1RSA_METHOD\s0 used by the \s-1RSA\s0 key and if the
+previous method was supplied by an \s-1ENGINE\s0, the handle to that \s-1ENGINE\s0 will
+be released during the change. It is possible to have \s-1RSA\s0 keys that only
+work with certain \s-1RSA_METHOD\s0 implementations (eg. from an \s-1ENGINE\s0 module
+that supports embedded hardware-protected keys), and in such cases
+attempting to change the \s-1RSA_METHOD\s0 for the key can have unexpected
+results.
+.PP
+\&\fIRSA_get_method()\fR returns a pointer to the \s-1RSA_METHOD\s0 being used by \fBrsa\fR.
+This method may or may not be supplied by an \s-1ENGINE\s0 implementation, but if
+it is, the return value can only be guaranteed to be valid as long as the
+\&\s-1RSA\s0 key itself is valid and does not have its implementation changed by
+\&\fIRSA_set_method()\fR.
+.PP
+\&\fIRSA_flags()\fR returns the \fBflags\fR that are set for \fBrsa\fR's current
+\&\s-1RSA_METHOD\s0. See the \s-1BUGS\s0 section.
+.PP
+\&\fIRSA_new_method()\fR allocates and initializes an \s-1RSA\s0 structure so that
+\&\fBengine\fR will be used for the \s-1RSA\s0 operations. If \fBengine\fR is \s-1NULL\s0, the
+default \s-1ENGINE\s0 for \s-1RSA\s0 operations is used, and if no default \s-1ENGINE\s0 is set,
+the \s-1RSA_METHOD\s0 controlled by \fIRSA_set_default_method()\fR is used.
+.PP
+\&\fIRSA_flags()\fR returns the \fBflags\fR that are set for \fBrsa\fR's current method.
+.PP
+\&\fIRSA_new_method()\fR allocates and initializes an \fB\s-1RSA\s0\fR structure so that
+\&\fBmethod\fR will be used for the \s-1RSA\s0 operations. If \fBmethod\fR is \fB\s-1NULL\s0\fR,
+the default method is used.
+.SH "THE RSA_METHOD STRUCTURE"
+.IX Header "THE RSA_METHOD STRUCTURE"
+.Vb 4
+\& typedef struct rsa_meth_st
+\& {
+\& /* name of the implementation */
+\& const char *name;
+\&
+\& /* encrypt */
+\& int (*rsa_pub_enc)(int flen, unsigned char *from,
+\& unsigned char *to, RSA *rsa, int padding);
+\&
+\& /* verify arbitrary data */
+\& int (*rsa_pub_dec)(int flen, unsigned char *from,
+\& unsigned char *to, RSA *rsa, int padding);
+\&
+\& /* sign arbitrary data */
+\& int (*rsa_priv_enc)(int flen, unsigned char *from,
+\& unsigned char *to, RSA *rsa, int padding);
+\&
+\& /* decrypt */
+\& int (*rsa_priv_dec)(int flen, unsigned char *from,
+\& unsigned char *to, RSA *rsa, int padding);
+\&
+\& /* compute r0 = r0 ^ I mod rsa\->n (May be NULL for some
+\& implementations) */
+\& int (*rsa_mod_exp)(BIGNUM *r0, BIGNUM *I, RSA *rsa);
+\&
+\& /* compute r = a ^ p mod m (May be NULL for some implementations) */
+\& int (*bn_mod_exp)(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
+\& const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+\&
+\& /* called at RSA_new */
+\& int (*init)(RSA *rsa);
+\&
+\& /* called at RSA_free */
+\& int (*finish)(RSA *rsa);
+\&
+\& /* RSA_FLAG_EXT_PKEY \- rsa_mod_exp is called for private key
+\& * operations, even if p,q,dmp1,dmq1,iqmp
+\& * are NULL
+\& * RSA_FLAG_SIGN_VER \- enable rsa_sign and rsa_verify
+\& * RSA_METHOD_FLAG_NO_CHECK \- don\*(Aqt check pub/private match
+\& */
+\& int flags;
+\&
+\& char *app_data; /* ?? */
+\&
+\& /* sign. For backward compatibility, this is used only
+\& * if (flags & RSA_FLAG_SIGN_VER)
+\& */
+\& int (*rsa_sign)(int type, unsigned char *m, unsigned int m_len,
+\& unsigned char *sigret, unsigned int *siglen, RSA *rsa);
+\&
+\& /* verify. For backward compatibility, this is used only
+\& * if (flags & RSA_FLAG_SIGN_VER)
+\& */
+\& int (*rsa_verify)(int type, unsigned char *m, unsigned int m_len,
+\& unsigned char *sigbuf, unsigned int siglen, RSA *rsa);
+\&
+\& } RSA_METHOD;
+.Ve
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+\&\fIRSA_PKCS1_SSLeay()\fR, \fIRSA_PKCS1_null_method()\fR, \fIRSA_get_default_method()\fR
+and \fIRSA_get_method()\fR return pointers to the respective RSA_METHODs.
+.PP
+\&\fIRSA_set_default_method()\fR returns no value.
+.PP
+\&\fIRSA_set_method()\fR returns a pointer to the old \s-1RSA_METHOD\s0 implementation
+that was replaced. However, this return value should probably be ignored
+because if it was supplied by an \s-1ENGINE\s0, the pointer could be invalidated
+at any time if the \s-1ENGINE\s0 is unloaded (in fact it could be unloaded as a
+result of the \fIRSA_set_method()\fR function releasing its handle to the
+\&\s-1ENGINE\s0). For this reason, the return type may be replaced with a \fBvoid\fR
+declaration in a future release.
+.PP
+\&\fIRSA_new_method()\fR returns \s-1NULL\s0 and sets an error code that can be obtained
+by \fIERR_get_error\fR\|(3) if the allocation fails. Otherwise
+it returns a pointer to the newly allocated structure.
+.SH "NOTES"
+.IX Header "NOTES"
+As of version 0.9.7, \s-1RSA_METHOD\s0 implementations are grouped together with
+other algorithmic APIs (eg. \s-1DSA_METHOD\s0, \s-1EVP_CIPHER\s0, etc) into \fB\s-1ENGINE\s0\fR
+modules. If a default \s-1ENGINE\s0 is specified for \s-1RSA\s0 functionality using an
+\&\s-1ENGINE\s0 \s-1API\s0 function, that will override any \s-1RSA\s0 defaults set using the \s-1RSA\s0
+\&\s-1API\s0 (ie. \fIRSA_set_default_method()\fR). For this reason, the \s-1ENGINE\s0 \s-1API\s0 is the
+recommended way to control default implementations for use in \s-1RSA\s0 and other
+cryptographic algorithms.
+.SH "BUGS"
+.IX Header "BUGS"
+The behaviour of \fIRSA_flags()\fR is a mis-feature that is left as-is for now
+to avoid creating compatibility problems. \s-1RSA\s0 functionality, such as the
+encryption functions, are controlled by the \fBflags\fR value in the \s-1RSA\s0 key
+itself, not by the \fBflags\fR value in the \s-1RSA_METHOD\s0 attached to the \s-1RSA\s0 key
+(which is what this function returns). If the flags element of an \s-1RSA\s0 key
+is changed, the changes will be honoured by \s-1RSA\s0 functionality but will not
+be reflected in the return value of the \fIRSA_flags()\fR function \- in effect
+\&\fIRSA_flags()\fR behaves more like an \fIRSA_default_flags()\fR function (which does
+not currently exist).
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIrsa\fR\|(3), \fIRSA_new\fR\|(3)
+.SH "HISTORY"
+.IX Header "HISTORY"
+\&\fIRSA_new_method()\fR and \fIRSA_set_default_method()\fR appeared in SSLeay 0.8.
+\&\fIRSA_get_default_method()\fR, \fIRSA_set_method()\fR and \fIRSA_get_method()\fR as
+well as the rsa_sign and rsa_verify components of \s-1RSA_METHOD\s0 were
+added in OpenSSL 0.9.4.
+.PP
+\&\fIRSA_set_default_openssl_method()\fR and \fIRSA_get_default_openssl_method()\fR
+replaced \fIRSA_set_default_method()\fR and \fIRSA_get_default_method()\fR
+respectively, and \fIRSA_set_method()\fR and \fIRSA_new_method()\fR were altered to use
+\&\fB\s-1ENGINE\s0\fRs rather than \fB\s-1RSA_METHOD\s0\fRs during development of the engine
+version of OpenSSL 0.9.6. For 0.9.7, the handling of defaults in the \s-1ENGINE\s0
+\&\s-1API\s0 was restructured so that this change was reversed, and behaviour of the
+other functions resembled more closely the previous behaviour. The
+behaviour of defaults in the \s-1ENGINE\s0 \s-1API\s0 now transparently overrides the
+behaviour of defaults in the \s-1RSA\s0 \s-1API\s0 without requiring changing these
+function prototypes.
diff --git a/secure/lib/libcrypto/man/RSA_sign.3 b/secure/lib/libcrypto/man/RSA_sign.3
new file mode 100644
index 0000000..fc7f12a
--- /dev/null
+++ b/secure/lib/libcrypto/man/RSA_sign.3
@@ -0,0 +1,183 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "RSA_sign 3"
+.TH RSA_sign 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+RSA_sign, RSA_verify \- RSA signatures
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/rsa.h>
+\&
+\& int RSA_sign(int type, const unsigned char *m, unsigned int m_len,
+\& unsigned char *sigret, unsigned int *siglen, RSA *rsa);
+\&
+\& int RSA_verify(int type, const unsigned char *m, unsigned int m_len,
+\& unsigned char *sigbuf, unsigned int siglen, RSA *rsa);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\fIRSA_sign()\fR signs the message digest \fBm\fR of size \fBm_len\fR using the
+private key \fBrsa\fR as specified in \s-1PKCS\s0 #1 v2.0. It stores the
+signature in \fBsigret\fR and the signature size in \fBsiglen\fR. \fBsigret\fR
+must point to RSA_size(\fBrsa\fR) bytes of memory.
+.PP
+\&\fBtype\fR denotes the message digest algorithm that was used to generate
+\&\fBm\fR. It usually is one of \fBNID_sha1\fR, \fBNID_ripemd160\fR and \fBNID_md5\fR;
+see \fIobjects\fR\|(3) for details. If \fBtype\fR is \fBNID_md5_sha1\fR,
+an \s-1SSL\s0 signature (\s-1MD5\s0 and \s-1SHA1\s0 message digests with \s-1PKCS\s0 #1 padding
+and no algorithm identifier) is created.
+.PP
+\&\fIRSA_verify()\fR verifies that the signature \fBsigbuf\fR of size \fBsiglen\fR
+matches a given message digest \fBm\fR of size \fBm_len\fR. \fBtype\fR denotes
+the message digest algorithm that was used to generate the signature.
+\&\fBrsa\fR is the signer's public key.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+\&\fIRSA_sign()\fR returns 1 on success, 0 otherwise. \fIRSA_verify()\fR returns 1
+on successful verification, 0 otherwise.
+.PP
+The error codes can be obtained by \fIERR_get_error\fR\|(3).
+.SH "BUGS"
+.IX Header "BUGS"
+Certain signatures with an improper algorithm identifier are accepted
+for compatibility with SSLeay 0.4.5 :\-)
+.SH "CONFORMING TO"
+.IX Header "CONFORMING TO"
+\&\s-1SSL\s0, \s-1PKCS\s0 #1 v2.0
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIERR_get_error\fR\|(3), \fIobjects\fR\|(3),
+\&\fIrsa\fR\|(3), \fIRSA_private_encrypt\fR\|(3),
+\&\fIRSA_public_decrypt\fR\|(3)
+.SH "HISTORY"
+.IX Header "HISTORY"
+\&\fIRSA_sign()\fR and \fIRSA_verify()\fR are available in all versions of SSLeay
+and OpenSSL.
diff --git a/secure/lib/libcrypto/man/RSA_sign_ASN1_OCTET_STRING.3 b/secure/lib/libcrypto/man/RSA_sign_ASN1_OCTET_STRING.3
new file mode 100644
index 0000000..feb01c7
--- /dev/null
+++ b/secure/lib/libcrypto/man/RSA_sign_ASN1_OCTET_STRING.3
@@ -0,0 +1,181 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "RSA_sign_ASN1_OCTET_STRING 3"
+.TH RSA_sign_ASN1_OCTET_STRING 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+RSA_sign_ASN1_OCTET_STRING, RSA_verify_ASN1_OCTET_STRING \- RSA signatures
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/rsa.h>
+\&
+\& int RSA_sign_ASN1_OCTET_STRING(int dummy, unsigned char *m,
+\& unsigned int m_len, unsigned char *sigret, unsigned int *siglen,
+\& RSA *rsa);
+\&
+\& int RSA_verify_ASN1_OCTET_STRING(int dummy, unsigned char *m,
+\& unsigned int m_len, unsigned char *sigbuf, unsigned int siglen,
+\& RSA *rsa);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\fIRSA_sign_ASN1_OCTET_STRING()\fR signs the octet string \fBm\fR of size
+\&\fBm_len\fR using the private key \fBrsa\fR represented in \s-1DER\s0 using \s-1PKCS\s0 #1
+padding. It stores the signature in \fBsigret\fR and the signature size
+in \fBsiglen\fR. \fBsigret\fR must point to \fBRSA_size(rsa)\fR bytes of
+memory.
+.PP
+\&\fBdummy\fR is ignored.
+.PP
+The random number generator must be seeded prior to calling \fIRSA_sign_ASN1_OCTET_STRING()\fR.
+.PP
+\&\fIRSA_verify_ASN1_OCTET_STRING()\fR verifies that the signature \fBsigbuf\fR
+of size \fBsiglen\fR is the \s-1DER\s0 representation of a given octet string
+\&\fBm\fR of size \fBm_len\fR. \fBdummy\fR is ignored. \fBrsa\fR is the signer's
+public key.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+\&\fIRSA_sign_ASN1_OCTET_STRING()\fR returns 1 on success, 0 otherwise.
+\&\fIRSA_verify_ASN1_OCTET_STRING()\fR returns 1 on successful verification, 0
+otherwise.
+.PP
+The error codes can be obtained by \fIERR_get_error\fR\|(3).
+.SH "BUGS"
+.IX Header "BUGS"
+These functions serve no recognizable purpose.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIERR_get_error\fR\|(3), \fIobjects\fR\|(3),
+\&\fIrand\fR\|(3), \fIrsa\fR\|(3), \fIRSA_sign\fR\|(3),
+\&\fIRSA_verify\fR\|(3)
+.SH "HISTORY"
+.IX Header "HISTORY"
+\&\fIRSA_sign_ASN1_OCTET_STRING()\fR and \fIRSA_verify_ASN1_OCTET_STRING()\fR were
+added in SSLeay 0.8.
diff --git a/secure/lib/libcrypto/man/RSA_size.3 b/secure/lib/libcrypto/man/RSA_size.3
new file mode 100644
index 0000000..ab5fcdb
--- /dev/null
+++ b/secure/lib/libcrypto/man/RSA_size.3
@@ -0,0 +1,156 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "RSA_size 3"
+.TH RSA_size 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+RSA_size \- get RSA modulus size
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/rsa.h>
+\&
+\& int RSA_size(const RSA *rsa);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+This function returns the \s-1RSA\s0 modulus size in bytes. It can be used to
+determine how much memory must be allocated for an \s-1RSA\s0 encrypted
+value.
+.PP
+\&\fBrsa\->n\fR must not be \fB\s-1NULL\s0\fR.
+.SH "RETURN VALUE"
+.IX Header "RETURN VALUE"
+The size in bytes.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIrsa\fR\|(3)
+.SH "HISTORY"
+.IX Header "HISTORY"
+\&\fIRSA_size()\fR is available in all versions of SSLeay and OpenSSL.
diff --git a/secure/lib/libcrypto/man/SMIME_read_PKCS7.3 b/secure/lib/libcrypto/man/SMIME_read_PKCS7.3
new file mode 100644
index 0000000..530f16e
--- /dev/null
+++ b/secure/lib/libcrypto/man/SMIME_read_PKCS7.3
@@ -0,0 +1,196 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "SMIME_read_PKCS7 3"
+.TH SMIME_read_PKCS7 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+SMIME_read_PKCS7 \- parse S/MIME message.
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/pkcs7.h>
+\&
+\& PKCS7 *SMIME_read_PKCS7(BIO *in, BIO **bcont);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\fISMIME_read_PKCS7()\fR parses a message in S/MIME format.
+.PP
+\&\fBin\fR is a \s-1BIO\s0 to read the message from.
+.PP
+If cleartext signing is used then the content is saved in
+a memory bio which is written to \fB*bcont\fR, otherwise
+\&\fB*bcont\fR is set to \fB\s-1NULL\s0\fR.
+.PP
+The parsed PKCS#7 structure is returned or \fB\s-1NULL\s0\fR if an
+error occurred.
+.SH "NOTES"
+.IX Header "NOTES"
+If \fB*bcont\fR is not \fB\s-1NULL\s0\fR then the message is clear text
+signed. \fB*bcont\fR can then be passed to \fIPKCS7_verify()\fR with
+the \fB\s-1PKCS7_DETACHED\s0\fR flag set.
+.PP
+Otherwise the type of the returned structure can be determined
+using \fIPKCS7_type()\fR.
+.PP
+To support future functionality if \fBbcont\fR is not \fB\s-1NULL\s0\fR
+\&\fB*bcont\fR should be initialized to \fB\s-1NULL\s0\fR. For example:
+.PP
+.Vb 2
+\& BIO *cont = NULL;
+\& PKCS7 *p7;
+\&
+\& p7 = SMIME_read_PKCS7(in, &cont);
+.Ve
+.SH "BUGS"
+.IX Header "BUGS"
+The \s-1MIME\s0 parser used by \fISMIME_read_PKCS7()\fR is somewhat primitive.
+While it will handle most S/MIME messages more complex compound
+formats may not work.
+.PP
+The parser assumes that the \s-1PKCS7\s0 structure is always base64
+encoded and will not handle the case where it is in binary format
+or uses quoted printable format.
+.PP
+The use of a memory \s-1BIO\s0 to hold the signed content limits the size
+of message which can be processed due to memory restraints: a
+streaming single pass option should be available.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+\&\fISMIME_read_PKCS7()\fR returns a valid \fB\s-1PKCS7\s0\fR structure or \fB\s-1NULL\s0\fR
+is an error occurred. The error can be obtained from \fIERR_get_error\fR\|(3).
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIERR_get_error\fR\|(3), \fIPKCS7_type\fR\|(3)
+\&\fISMIME_read_PKCS7\fR\|(3), \fIPKCS7_sign\fR\|(3),
+\&\fIPKCS7_verify\fR\|(3), \fIPKCS7_encrypt\fR\|(3)
+\&\fIPKCS7_decrypt\fR\|(3)
+.SH "HISTORY"
+.IX Header "HISTORY"
+\&\fISMIME_read_PKCS7()\fR was added to OpenSSL 0.9.5
diff --git a/secure/lib/libcrypto/man/SMIME_write_PKCS7.3 b/secure/lib/libcrypto/man/SMIME_write_PKCS7.3
new file mode 100644
index 0000000..9f29d92
--- /dev/null
+++ b/secure/lib/libcrypto/man/SMIME_write_PKCS7.3
@@ -0,0 +1,184 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "SMIME_write_PKCS7 3"
+.TH SMIME_write_PKCS7 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+SMIME_write_PKCS7 \- convert PKCS#7 structure to S/MIME format.
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/pkcs7.h>
+\&
+\& int SMIME_write_PKCS7(BIO *out, PKCS7 *p7, BIO *data, int flags);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\fISMIME_write_PKCS7()\fR adds the appropriate \s-1MIME\s0 headers to a PKCS#7
+structure to produce an S/MIME message.
+.PP
+\&\fBout\fR is the \s-1BIO\s0 to write the data to. \fBp7\fR is the appropriate
+\&\fB\s-1PKCS7\s0\fR structure. If cleartext signing (\fBmultipart/signed\fR) is
+being used then the signed data must be supplied in the \fBdata\fR
+argument. \fBflags\fR is an optional set of flags.
+.SH "NOTES"
+.IX Header "NOTES"
+The following flags can be passed in the \fBflags\fR parameter.
+.PP
+If \fB\s-1PKCS7_DETACHED\s0\fR is set then cleartext signing will be used,
+this option only makes sense for signedData where \fB\s-1PKCS7_DETACHED\s0\fR
+is also set when \fIPKCS7_sign()\fR is also called.
+.PP
+If the \fB\s-1PKCS7_TEXT\s0\fR flag is set \s-1MIME\s0 headers for type \fBtext/plain\fR
+are added to the content, this only makes sense if \fB\s-1PKCS7_DETACHED\s0\fR
+is also set.
+.PP
+If the \fB\s-1PKCS7_PARTSIGN\s0\fR flag is set the signed data is finalized
+and output along with the content. This flag should only be set
+if \fB\s-1PKCS7_DETACHED\s0\fR is also set and the previous call to \fIPKCS7_sign()\fR
+also set these flags.
+.PP
+If cleartext signing is being used and \fB\s-1PKCS7_PARTSIGN\s0\fR not set then
+the data must be read twice: once to compute the signature in \fIPKCS7_sign()\fR
+and once to output the S/MIME message.
+.SH "BUGS"
+.IX Header "BUGS"
+\&\fISMIME_write_PKCS7()\fR always base64 encodes PKCS#7 structures, there
+should be an option to disable this.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+\&\fISMIME_write_PKCS7()\fR returns 1 for success or 0 for failure.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIERR_get_error\fR\|(3), \fIPKCS7_sign\fR\|(3),
+\&\fIPKCS7_verify\fR\|(3), \fIPKCS7_encrypt\fR\|(3)
+\&\fIPKCS7_decrypt\fR\|(3)
+.SH "HISTORY"
+.IX Header "HISTORY"
+\&\fISMIME_write_PKCS7()\fR was added to OpenSSL 0.9.5
diff --git a/secure/lib/libcrypto/man/X509_NAME_ENTRY_get_object.3 b/secure/lib/libcrypto/man/X509_NAME_ENTRY_get_object.3
new file mode 100644
index 0000000..0aaaa10
--- /dev/null
+++ b/secure/lib/libcrypto/man/X509_NAME_ENTRY_get_object.3
@@ -0,0 +1,197 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "X509_NAME_ENTRY_get_object 3"
+.TH X509_NAME_ENTRY_get_object 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+X509_NAME_ENTRY_get_object, X509_NAME_ENTRY_get_data,
+X509_NAME_ENTRY_set_object, X509_NAME_ENTRY_set_data,
+X509_NAME_ENTRY_create_by_txt, X509_NAME_ENTRY_create_by_NID,
+X509_NAME_ENTRY_create_by_OBJ \- X509_NAME_ENTRY utility functions
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/x509.h>
+\&
+\& ASN1_OBJECT * X509_NAME_ENTRY_get_object(X509_NAME_ENTRY *ne);
+\& ASN1_STRING * X509_NAME_ENTRY_get_data(X509_NAME_ENTRY *ne);
+\&
+\& int X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *ne, ASN1_OBJECT *obj);
+\& int X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type, const unsigned char *bytes, int len);
+\&
+\& X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_txt(X509_NAME_ENTRY **ne, const char *field, int type, const unsigned char *bytes, int len);
+\& X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(X509_NAME_ENTRY **ne, int nid, int type,unsigned char *bytes, int len);
+\& X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne, ASN1_OBJECT *obj, int type, const unsigned char *bytes, int len);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\fIX509_NAME_ENTRY_get_object()\fR retrieves the field name of \fBne\fR in
+and \fB\s-1ASN1_OBJECT\s0\fR structure.
+.PP
+\&\fIX509_NAME_ENTRY_get_data()\fR retrieves the field value of \fBne\fR in
+and \fB\s-1ASN1_STRING\s0\fR structure.
+.PP
+\&\fIX509_NAME_ENTRY_set_object()\fR sets the field name of \fBne\fR to \fBobj\fR.
+.PP
+\&\fIX509_NAME_ENTRY_set_data()\fR sets the field value of \fBne\fR to string type
+\&\fBtype\fR and value determined by \fBbytes\fR and \fBlen\fR.
+.PP
+\&\fIX509_NAME_ENTRY_create_by_txt()\fR, \fIX509_NAME_ENTRY_create_by_NID()\fR
+and \fIX509_NAME_ENTRY_create_by_OBJ()\fR create and return an
+\&\fBX509_NAME_ENTRY\fR structure.
+.SH "NOTES"
+.IX Header "NOTES"
+\&\fIX509_NAME_ENTRY_get_object()\fR and \fIX509_NAME_ENTRY_get_data()\fR can be
+used to examine an \fBX509_NAME_ENTRY\fR function as returned by
+\&\fIX509_NAME_get_entry()\fR for example.
+.PP
+\&\fIX509_NAME_ENTRY_create_by_txt()\fR, \fIX509_NAME_ENTRY_create_by_NID()\fR,
+and \fIX509_NAME_ENTRY_create_by_OBJ()\fR create and return an
+.PP
+\&\fIX509_NAME_ENTRY_create_by_txt()\fR, \fIX509_NAME_ENTRY_create_by_OBJ()\fR,
+\&\fIX509_NAME_ENTRY_create_by_NID()\fR and \fIX509_NAME_ENTRY_set_data()\fR
+are seldom used in practice because \fBX509_NAME_ENTRY\fR structures
+are almost always part of \fBX509_NAME\fR structures and the
+corresponding \fBX509_NAME\fR functions are typically used to
+create and add new entries in a single operation.
+.PP
+The arguments of these functions support similar options to the similarly
+named ones of the corresponding \fBX509_NAME\fR functions such as
+\&\fIX509_NAME_add_entry_by_txt()\fR. So for example \fBtype\fR can be set to
+\&\fB\s-1MBSTRING_ASC\s0\fR but in the case of \fIX509_set_data()\fR the field name must be
+set first so the relevant field information can be looked up internally.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIERR_get_error\fR\|(3), \fId2i_X509_NAME\fR\|(3),
+\&\fIOBJ_nid2obj\fR\|(3),\fIOBJ_nid2obj\fR\|(3)
+.SH "HISTORY"
+.IX Header "HISTORY"
+\&\s-1TBA\s0
diff --git a/secure/lib/libcrypto/man/X509_NAME_add_entry_by_txt.3 b/secure/lib/libcrypto/man/X509_NAME_add_entry_by_txt.3
new file mode 100644
index 0000000..db94069
--- /dev/null
+++ b/secure/lib/libcrypto/man/X509_NAME_add_entry_by_txt.3
@@ -0,0 +1,239 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "X509_NAME_add_entry_by_txt 3"
+.TH X509_NAME_add_entry_by_txt 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+X509_NAME_add_entry_by_txt, X509_NAME_add_entry_by_OBJ, X509_NAME_add_entry_by_NID,
+X509_NAME_add_entry, X509_NAME_delete_entry \- X509_NAME modification functions
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/x509.h>
+\&
+\& int X509_NAME_add_entry_by_txt(X509_NAME *name, const char *field, int type, const unsigned char *bytes, int len, int loc, int set);
+\&
+\& int X509_NAME_add_entry_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, int type, unsigned char *bytes, int len, int loc, int set);
+\&
+\& int X509_NAME_add_entry_by_NID(X509_NAME *name, int nid, int type, unsigned char *bytes, int len, int loc, int set);
+\&
+\& int X509_NAME_add_entry(X509_NAME *name,X509_NAME_ENTRY *ne, int loc, int set);
+\&
+\& X509_NAME_ENTRY *X509_NAME_delete_entry(X509_NAME *name, int loc);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\fIX509_NAME_add_entry_by_txt()\fR, \fIX509_NAME_add_entry_by_OBJ()\fR and
+\&\fIX509_NAME_add_entry_by_NID()\fR add a field whose name is defined
+by a string \fBfield\fR, an object \fBobj\fR or a \s-1NID\s0 \fBnid\fR respectively.
+The field value to be added is in \fBbytes\fR of length \fBlen\fR. If
+\&\fBlen\fR is \-1 then the field length is calculated internally using
+strlen(bytes).
+.PP
+The type of field is determined by \fBtype\fR which can either be a
+definition of the type of \fBbytes\fR (such as \fB\s-1MBSTRING_ASC\s0\fR) or a
+standard \s-1ASN1\s0 type (such as \fBV_ASN1_IA5STRING\fR). The new entry is
+added to a position determined by \fBloc\fR and \fBset\fR.
+.PP
+\&\fIX509_NAME_add_entry()\fR adds a copy of \fBX509_NAME_ENTRY\fR structure \fBne\fR
+to \fBname\fR. The new entry is added to a position determined by \fBloc\fR
+and \fBset\fR. Since a copy of \fBne\fR is added \fBne\fR must be freed up after
+the call.
+.PP
+\&\fIX509_NAME_delete_entry()\fR deletes an entry from \fBname\fR at position
+\&\fBloc\fR. The deleted entry is returned and must be freed up.
+.SH "NOTES"
+.IX Header "NOTES"
+The use of string types such as \fB\s-1MBSTRING_ASC\s0\fR or \fB\s-1MBSTRING_UTF8\s0\fR
+is strongly recommened for the \fBtype\fR parameter. This allows the
+internal code to correctly determine the type of the field and to
+apply length checks according to the relevant standards. This is
+done using \fIASN1_STRING_set_by_NID()\fR.
+.PP
+If instead an \s-1ASN1\s0 type is used no checks are performed and the
+supplied data in \fBbytes\fR is used directly.
+.PP
+In \fIX509_NAME_add_entry_by_txt()\fR the \fBfield\fR string represents
+the field name using OBJ_txt2obj(field, 0).
+.PP
+The \fBloc\fR and \fBset\fR parameters determine where a new entry should
+be added. For almost all applications \fBloc\fR can be set to \-1 and \fBset\fR
+to 0. This adds a new entry to the end of \fBname\fR as a single valued
+RelativeDistinguishedName (\s-1RDN\s0).
+.PP
+\&\fBloc\fR actually determines the index where the new entry is inserted:
+if it is \-1 it is appended.
+.PP
+\&\fBset\fR determines how the new type is added. If it is zero a
+new \s-1RDN\s0 is created.
+.PP
+If \fBset\fR is \-1 or 1 it is added to the previous or next \s-1RDN\s0
+structure respectively. This will then be a multivalued \s-1RDN:\s0
+since multivalues RDNs are very seldom used \fBset\fR is almost
+always set to zero.
+.SH "EXAMPLES"
+.IX Header "EXAMPLES"
+Create an \fBX509_NAME\fR structure:
+.PP
+\&\*(L"C=UK, O=Disorganized Organization, CN=Joe Bloggs\*(R"
+.PP
+.Vb 10
+\& X509_NAME *nm;
+\& nm = X509_NAME_new();
+\& if (nm == NULL)
+\& /* Some error */
+\& if (!X509_NAME_add_entry_by_txt(nm, MBSTRING_ASC,
+\& "C", "UK", \-1, \-1, 0))
+\& /* Error */
+\& if (!X509_NAME_add_entry_by_txt(nm, MBSTRING_ASC,
+\& "O", "Disorganized Organization", \-1, \-1, 0))
+\& /* Error */
+\& if (!X509_NAME_add_entry_by_txt(nm, MBSTRING_ASC,
+\& "CN", "Joe Bloggs", \-1, \-1, 0))
+\& /* Error */
+.Ve
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+\&\fIX509_NAME_add_entry_by_txt()\fR, \fIX509_NAME_add_entry_by_OBJ()\fR,
+\&\fIX509_NAME_add_entry_by_NID()\fR and \fIX509_NAME_add_entry()\fR return 1 for
+success of 0 if an error occurred.
+.PP
+\&\fIX509_NAME_delete_entry()\fR returns either the deleted \fBX509_NAME_ENTRY\fR
+structure of \fB\s-1NULL\s0\fR if an error occurred.
+.SH "BUGS"
+.IX Header "BUGS"
+\&\fBtype\fR can still be set to \fBV_ASN1_APP_CHOOSE\fR to use a
+different algorithm to determine field types. Since this form does
+not understand multicharacter types, performs no length checks and
+can result in invalid field types its use is strongly discouraged.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIERR_get_error\fR\|(3), \fId2i_X509_NAME\fR\|(3)
+.SH "HISTORY"
+.IX Header "HISTORY"
diff --git a/secure/lib/libcrypto/man/X509_NAME_get_index_by_NID.3 b/secure/lib/libcrypto/man/X509_NAME_get_index_by_NID.3
new file mode 100644
index 0000000..2e32476
--- /dev/null
+++ b/secure/lib/libcrypto/man/X509_NAME_get_index_by_NID.3
@@ -0,0 +1,233 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "X509_NAME_get_index_by_NID 3"
+.TH X509_NAME_get_index_by_NID 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+X509_NAME_get_index_by_NID, X509_NAME_get_index_by_OBJ, X509_NAME_get_entry,
+X509_NAME_entry_count, X509_NAME_get_text_by_NID, X509_NAME_get_text_by_OBJ \-
+X509_NAME lookup and enumeration functions
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/x509.h>
+\&
+\& int X509_NAME_get_index_by_NID(X509_NAME *name,int nid,int lastpos);
+\& int X509_NAME_get_index_by_OBJ(X509_NAME *name,ASN1_OBJECT *obj, int lastpos);
+\&
+\& int X509_NAME_entry_count(X509_NAME *name);
+\& X509_NAME_ENTRY *X509_NAME_get_entry(X509_NAME *name, int loc);
+\&
+\& int X509_NAME_get_text_by_NID(X509_NAME *name, int nid, char *buf,int len);
+\& int X509_NAME_get_text_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, char *buf,int len);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+These functions allow an \fBX509_NAME\fR structure to be examined. The
+\&\fBX509_NAME\fR structure is the same as the \fBName\fR type defined in
+\&\s-1RFC2459\s0 (and elsewhere) and used for example in certificate subject
+and issuer names.
+.PP
+\&\fIX509_NAME_get_index_by_NID()\fR and \fIX509_NAME_get_index_by_OBJ()\fR retrieve
+the next index matching \fBnid\fR or \fBobj\fR after \fBlastpos\fR. \fBlastpos\fR
+should initially be set to \-1. If there are no more entries \-1 is returned.
+.PP
+\&\fIX509_NAME_entry_count()\fR returns the total number of entries in \fBname\fR.
+.PP
+\&\fIX509_NAME_get_entry()\fR retrieves the \fBX509_NAME_ENTRY\fR from \fBname\fR
+corresponding to index \fBloc\fR. Acceptable values for \fBloc\fR run from
+0 to (X509_NAME_entry_count(name) \- 1). The value returned is an
+internal pointer which must not be freed.
+.PP
+\&\fIX509_NAME_get_text_by_NID()\fR, \fIX509_NAME_get_text_by_OBJ()\fR retrieve
+the \*(L"text\*(R" from the first entry in \fBname\fR which matches \fBnid\fR or
+\&\fBobj\fR, if no such entry exists \-1 is returned. At most \fBlen\fR bytes
+will be written and the text written to \fBbuf\fR will be null
+terminated. The length of the output string written is returned
+excluding the terminating null. If \fBbuf\fR is <\s-1NULL\s0> then the amount
+of space needed in \fBbuf\fR (excluding the final null) is returned.
+.SH "NOTES"
+.IX Header "NOTES"
+\&\fIX509_NAME_get_text_by_NID()\fR and \fIX509_NAME_get_text_by_OBJ()\fR are
+legacy functions which have various limitations which make them
+of minimal use in practice. They can only find the first matching
+entry and will copy the contents of the field verbatim: this can
+be highly confusing if the target is a muticharacter string type
+like a BMPString or a UTF8String.
+.PP
+For a more general solution \fIX509_NAME_get_index_by_NID()\fR or
+\&\fIX509_NAME_get_index_by_OBJ()\fR should be used followed by
+\&\fIX509_NAME_get_entry()\fR on any matching indices and then the
+various \fBX509_NAME_ENTRY\fR utility functions on the result.
+.SH "EXAMPLES"
+.IX Header "EXAMPLES"
+Process all entries:
+.PP
+.Vb 2
+\& int i;
+\& X509_NAME_ENTRY *e;
+\&
+\& for (i = 0; i < X509_NAME_entry_count(nm); i++)
+\& {
+\& e = X509_NAME_get_entry(nm, i);
+\& /* Do something with e */
+\& }
+.Ve
+.PP
+Process all commonName entries:
+.PP
+.Vb 2
+\& int loc;
+\& X509_NAME_ENTRY *e;
+\&
+\& loc = \-1;
+\& for (;;)
+\& {
+\& lastpos = X509_NAME_get_index_by_NID(nm, NID_commonName, lastpos);
+\& if (lastpos == \-1)
+\& break;
+\& e = X509_NAME_get_entry(nm, lastpos);
+\& /* Do something with e */
+\& }
+.Ve
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+\&\fIX509_NAME_get_index_by_NID()\fR and \fIX509_NAME_get_index_by_OBJ()\fR
+return the index of the next matching entry or \-1 if not found.
+.PP
+\&\fIX509_NAME_entry_count()\fR returns the total number of entries.
+.PP
+\&\fIX509_NAME_get_entry()\fR returns an \fBX509_NAME\fR pointer to the
+requested entry or \fB\s-1NULL\s0\fR if the index is invalid.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIERR_get_error\fR\|(3), \fId2i_X509_NAME\fR\|(3)
+.SH "HISTORY"
+.IX Header "HISTORY"
+\&\s-1TBA\s0
diff --git a/secure/lib/libcrypto/man/X509_NAME_print_ex.3 b/secure/lib/libcrypto/man/X509_NAME_print_ex.3
new file mode 100644
index 0000000..0e4f215
--- /dev/null
+++ b/secure/lib/libcrypto/man/X509_NAME_print_ex.3
@@ -0,0 +1,227 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "X509_NAME_print_ex 3"
+.TH X509_NAME_print_ex 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+X509_NAME_print_ex, X509_NAME_print_ex_fp, X509_NAME_print,
+X509_NAME_oneline \- X509_NAME printing routines.
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/x509.h>
+\&
+\& int X509_NAME_print_ex(BIO *out, X509_NAME *nm, int indent, unsigned long flags);
+\& int X509_NAME_print_ex_fp(FILE *fp, X509_NAME *nm, int indent, unsigned long flags);
+\& char * X509_NAME_oneline(X509_NAME *a,char *buf,int size);
+\& int X509_NAME_print(BIO *bp, X509_NAME *name, int obase);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\fIX509_NAME_print_ex()\fR prints a human readable version of \fBnm\fR to \s-1BIO\s0 \fBout\fR. Each
+line (for multiline formats) is indented by \fBindent\fR spaces. The output format
+can be extensively customised by use of the \fBflags\fR parameter.
+.PP
+\&\fIX509_NAME_print_ex_fp()\fR is identical to \fIX509_NAME_print_ex()\fR except the output is
+written to \s-1FILE\s0 pointer \fBfp\fR.
+.PP
+\&\fIX509_NAME_oneline()\fR prints an \s-1ASCII\s0 version of \fBa\fR to \fBbuf\fR. At most \fBsize\fR
+bytes will be written. If \fBbuf\fR is \fB\s-1NULL\s0\fR then a buffer is dynamically allocated
+and returned, otherwise \fBbuf\fR is returned.
+.PP
+\&\fIX509_NAME_print()\fR prints out \fBname\fR to \fBbp\fR indenting each line by \fBobase\fR
+characters. Multiple lines are used if the output (including indent) exceeds
+80 characters.
+.SH "NOTES"
+.IX Header "NOTES"
+The functions \fIX509_NAME_oneline()\fR and \fIX509_NAME_print()\fR are legacy functions which
+produce a non standard output form, they don't handle multi character fields and
+have various quirks and inconsistencies. Their use is strongly discouraged in new
+applications.
+.PP
+Although there are a large number of possible flags for most purposes
+\&\fB\s-1XN_FLAG_ONELINE\s0\fR, \fB\s-1XN_FLAG_MULTILINE\s0\fR or \fB\s-1XN_FLAG_RFC2253\s0\fR will suffice.
+As noted on the \fIASN1_STRING_print_ex\fR\|(3) manual page
+for \s-1UTF8\s0 terminals the \fB\s-1ASN1_STRFLGS_ESC_MSB\s0\fR should be unset: so for example
+\&\fB\s-1XN_FLAG_ONELINE\s0 & ~ASN1_STRFLGS_ESC_MSB\fR would be used.
+.PP
+The complete set of the flags supported by \fIX509_NAME_print_ex()\fR is listed below.
+.PP
+Several options can be ored together.
+.PP
+The options \fB\s-1XN_FLAG_SEP_COMMA_PLUS\s0\fR, \fB\s-1XN_FLAG_SEP_CPLUS_SPC\s0\fR,
+\&\fB\s-1XN_FLAG_SEP_SPLUS_SPC\s0\fR and \fB\s-1XN_FLAG_SEP_MULTILINE\s0\fR determine the field separators
+to use. Two distinct separators are used between distinct RelativeDistinguishedName
+components and separate values in the same \s-1RDN\s0 for a multi-valued \s-1RDN\s0. Multi-valued
+RDNs are currently very rare so the second separator will hardly ever be used.
+.PP
+\&\fB\s-1XN_FLAG_SEP_COMMA_PLUS\s0\fR uses comma and plus as separators. \fB\s-1XN_FLAG_SEP_CPLUS_SPC\s0\fR
+uses comma and plus with spaces: this is more readable that plain comma and plus.
+\&\fB\s-1XN_FLAG_SEP_SPLUS_SPC\s0\fR uses spaced semicolon and plus. \fB\s-1XN_FLAG_SEP_MULTILINE\s0\fR uses
+spaced newline and plus respectively.
+.PP
+If \fB\s-1XN_FLAG_DN_REV\s0\fR is set the whole \s-1DN\s0 is printed in reversed order.
+.PP
+The fields \fB\s-1XN_FLAG_FN_SN\s0\fR, \fB\s-1XN_FLAG_FN_LN\s0\fR, \fB\s-1XN_FLAG_FN_OID\s0\fR,
+\&\fB\s-1XN_FLAG_FN_NONE\s0\fR determine how a field name is displayed. It will
+use the short name (e.g. \s-1CN\s0) the long name (e.g. commonName) always
+use \s-1OID\s0 numerical form (normally OIDs are only used if the field name is not
+recognised) and no field name respectively.
+.PP
+If \fB\s-1XN_FLAG_SPC_EQ\s0\fR is set then spaces will be placed around the '=' character
+separating field names and values.
+.PP
+If \fB\s-1XN_FLAG_DUMP_UNKNOWN_FIELDS\s0\fR is set then the encoding of unknown fields is
+printed instead of the values.
+.PP
+If \fB\s-1XN_FLAG_FN_ALIGN\s0\fR is set then field names are padded to 20 characters: this
+is only of use for multiline format.
+.PP
+Additionally all the options supported by \fIASN1_STRING_print_ex()\fR can be used to
+control how each field value is displayed.
+.PP
+In addition a number options can be set for commonly used formats.
+.PP
+\&\fB\s-1XN_FLAG_RFC2253\s0\fR sets options which produce an output compatible with \s-1RFC2253\s0 it
+is equivalent to:
+ \fB\s-1ASN1_STRFLGS_RFC2253\s0 | \s-1XN_FLAG_SEP_COMMA_PLUS\s0 | \s-1XN_FLAG_DN_REV\s0 | \s-1XN_FLAG_FN_SN\s0 | \s-1XN_FLAG_DUMP_UNKNOWN_FIELDS\s0\fR
+.PP
+\&\fB\s-1XN_FLAG_ONELINE\s0\fR is a more readable one line format which is the same as:
+ \fB\s-1ASN1_STRFLGS_RFC2253\s0 | \s-1ASN1_STRFLGS_ESC_QUOTE\s0 | \s-1XN_FLAG_SEP_CPLUS_SPC\s0 | \s-1XN_FLAG_SPC_EQ\s0 | \s-1XN_FLAG_FN_SN\s0\fR
+.PP
+\&\fB\s-1XN_FLAG_MULTILINE\s0\fR is a multiline format which is the same as:
+ \fB\s-1ASN1_STRFLGS_ESC_CTRL\s0 | \s-1ASN1_STRFLGS_ESC_MSB\s0 | \s-1XN_FLAG_SEP_MULTILINE\s0 | \s-1XN_FLAG_SPC_EQ\s0 | \s-1XN_FLAG_FN_LN\s0 | \s-1XN_FLAG_FN_ALIGN\s0\fR
+.PP
+\&\fB\s-1XN_FLAG_COMPAT\s0\fR uses a format identical to \fIX509_NAME_print()\fR: in fact it calls \fIX509_NAME_print()\fR internally.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIASN1_STRING_print_ex\fR\|(3)
+.SH "HISTORY"
+.IX Header "HISTORY"
+\&\s-1TBA\s0
diff --git a/secure/lib/libcrypto/man/X509_new.3 b/secure/lib/libcrypto/man/X509_new.3
new file mode 100644
index 0000000..72cf6f9
--- /dev/null
+++ b/secure/lib/libcrypto/man/X509_new.3
@@ -0,0 +1,162 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "X509_new 3"
+.TH X509_new 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+X509_new, X509_free \- X509 certificate ASN1 allocation functions
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/x509.h>
+\&
+\& X509 *X509_new(void);
+\& void X509_free(X509 *a);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+The X509 \s-1ASN1\s0 allocation routines, allocate and free an
+X509 structure, which represents an X509 certificate.
+.PP
+\&\fIX509_new()\fR allocates and initializes a X509 structure.
+.PP
+\&\fIX509_free()\fR frees up the \fBX509\fR structure \fBa\fR.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+If the allocation fails, \fIX509_new()\fR returns \fB\s-1NULL\s0\fR and sets an error
+code that can be obtained by \fIERR_get_error\fR\|(3).
+Otherwise it returns a pointer to the newly allocated structure.
+.PP
+\&\fIX509_free()\fR returns no value.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIERR_get_error\fR\|(3), \fId2i_X509\fR\|(3)
+.SH "HISTORY"
+.IX Header "HISTORY"
+\&\fIX509_new()\fR and \fIX509_free()\fR are available in all versions of SSLeay and OpenSSL.
diff --git a/secure/lib/libcrypto/man/bio.3 b/secure/lib/libcrypto/man/bio.3
new file mode 100644
index 0000000..a43fa95
--- /dev/null
+++ b/secure/lib/libcrypto/man/bio.3
@@ -0,0 +1,180 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "bio 3"
+.TH bio 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+bio \- I/O abstraction
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/bio.h>
+.Ve
+.PP
+\&\s-1TBA\s0
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+A \s-1BIO\s0 is an I/O abstraction, it hides many of the underlying I/O
+details from an application. If an application uses a \s-1BIO\s0 for its
+I/O it can transparently handle \s-1SSL\s0 connections, unencrypted network
+connections and file I/O.
+.PP
+There are two type of \s-1BIO\s0, a source/sink \s-1BIO\s0 and a filter \s-1BIO\s0.
+.PP
+As its name implies a source/sink \s-1BIO\s0 is a source and/or sink of data,
+examples include a socket \s-1BIO\s0 and a file \s-1BIO\s0.
+.PP
+A filter \s-1BIO\s0 takes data from one \s-1BIO\s0 and passes it through to
+another, or the application. The data may be left unmodified (for
+example a message digest \s-1BIO\s0) or translated (for example an
+encryption \s-1BIO\s0). The effect of a filter \s-1BIO\s0 may change according
+to the I/O operation it is performing: for example an encryption
+\&\s-1BIO\s0 will encrypt data if it is being written to and decrypt data
+if it is being read from.
+.PP
+BIOs can be joined together to form a chain (a single \s-1BIO\s0 is a chain
+with one component). A chain normally consist of one source/sink
+\&\s-1BIO\s0 and one or more filter BIOs. Data read from or written to the
+first \s-1BIO\s0 then traverses the chain to the end (normally a source/sink
+\&\s-1BIO\s0).
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIBIO_ctrl\fR\|(3),
+\&\fIBIO_f_base64\fR\|(3), \fIBIO_f_buffer\fR\|(3),
+\&\fIBIO_f_cipher\fR\|(3), \fIBIO_f_md\fR\|(3),
+\&\fIBIO_f_null\fR\|(3), \fIBIO_f_ssl\fR\|(3),
+\&\fIBIO_find_type\fR\|(3), \fIBIO_new\fR\|(3),
+\&\fIBIO_new_bio_pair\fR\|(3),
+\&\fIBIO_push\fR\|(3), \fIBIO_read\fR\|(3),
+\&\fIBIO_s_accept\fR\|(3), \fIBIO_s_bio\fR\|(3),
+\&\fIBIO_s_connect\fR\|(3), \fIBIO_s_fd\fR\|(3),
+\&\fIBIO_s_file\fR\|(3), \fIBIO_s_mem\fR\|(3),
+\&\fIBIO_s_null\fR\|(3), \fIBIO_s_socket\fR\|(3),
+\&\fIBIO_set_callback\fR\|(3),
+\&\fIBIO_should_retry\fR\|(3)
diff --git a/secure/lib/libcrypto/man/blowfish.3 b/secure/lib/libcrypto/man/blowfish.3
new file mode 100644
index 0000000..8552647
--- /dev/null
+++ b/secure/lib/libcrypto/man/blowfish.3
@@ -0,0 +1,233 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "blowfish 3"
+.TH blowfish 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+blowfish, BF_set_key, BF_encrypt, BF_decrypt, BF_ecb_encrypt, BF_cbc_encrypt,
+BF_cfb64_encrypt, BF_ofb64_encrypt, BF_options \- Blowfish encryption
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/blowfish.h>
+\&
+\& void BF_set_key(BF_KEY *key, int len, const unsigned char *data);
+\&
+\& void BF_ecb_encrypt(const unsigned char *in, unsigned char *out,
+\& BF_KEY *key, int enc);
+\& void BF_cbc_encrypt(const unsigned char *in, unsigned char *out,
+\& long length, BF_KEY *schedule, unsigned char *ivec, int enc);
+\& void BF_cfb64_encrypt(const unsigned char *in, unsigned char *out,
+\& long length, BF_KEY *schedule, unsigned char *ivec, int *num,
+\& int enc);
+\& void BF_ofb64_encrypt(const unsigned char *in, unsigned char *out,
+\& long length, BF_KEY *schedule, unsigned char *ivec, int *num);
+\& const char *BF_options(void);
+\&
+\& void BF_encrypt(BF_LONG *data,const BF_KEY *key);
+\& void BF_decrypt(BF_LONG *data,const BF_KEY *key);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+This library implements the Blowfish cipher, which was invented and described
+by Counterpane (see http://www.counterpane.com/blowfish.html ).
+.PP
+Blowfish is a block cipher that operates on 64 bit (8 byte) blocks of data.
+It uses a variable size key, but typically, 128 bit (16 byte) keys are
+considered good for strong encryption. Blowfish can be used in the same
+modes as \s-1DES\s0 (see \fIdes_modes\fR\|(7)). Blowfish is currently one
+of the faster block ciphers. It is quite a bit faster than \s-1DES\s0, and much
+faster than \s-1IDEA\s0 or \s-1RC2\s0.
+.PP
+Blowfish consists of a key setup phase and the actual encryption or decryption
+phase.
+.PP
+\&\fIBF_set_key()\fR sets up the \fB\s-1BF_KEY\s0\fR \fBkey\fR using the \fBlen\fR bytes long key
+at \fBdata\fR.
+.PP
+\&\fIBF_ecb_encrypt()\fR is the basic Blowfish encryption and decryption function.
+It encrypts or decrypts the first 64 bits of \fBin\fR using the key \fBkey\fR,
+putting the result in \fBout\fR. \fBenc\fR decides if encryption (\fB\s-1BF_ENCRYPT\s0\fR)
+or decryption (\fB\s-1BF_DECRYPT\s0\fR) shall be performed. The vector pointed at by
+\&\fBin\fR and \fBout\fR must be 64 bits in length, no less. If they are larger,
+everything after the first 64 bits is ignored.
+.PP
+The mode functions \fIBF_cbc_encrypt()\fR, \fIBF_cfb64_encrypt()\fR and \fIBF_ofb64_encrypt()\fR
+all operate on variable length data. They all take an initialization vector
+\&\fBivec\fR which needs to be passed along into the next call of the same function
+for the same message. \fBivec\fR may be initialized with anything, but the
+recipient needs to know what it was initialized with, or it won't be able
+to decrypt. Some programs and protocols simplify this, like \s-1SSH\s0, where
+\&\fBivec\fR is simply initialized to zero.
+\&\fIBF_cbc_encrypt()\fR operates on data that is a multiple of 8 bytes long, while
+\&\fIBF_cfb64_encrypt()\fR and \fIBF_ofb64_encrypt()\fR are used to encrypt an variable
+number of bytes (the amount does not have to be an exact multiple of 8). The
+purpose of the latter two is to simulate stream ciphers, and therefore, they
+need the parameter \fBnum\fR, which is a pointer to an integer where the current
+offset in \fBivec\fR is stored between calls. This integer must be initialized
+to zero when \fBivec\fR is initialized.
+.PP
+\&\fIBF_cbc_encrypt()\fR is the Cipher Block Chaining function for Blowfish. It
+encrypts or decrypts the 64 bits chunks of \fBin\fR using the key \fBschedule\fR,
+putting the result in \fBout\fR. \fBenc\fR decides if encryption (\s-1BF_ENCRYPT\s0) or
+decryption (\s-1BF_DECRYPT\s0) shall be performed. \fBivec\fR must point at an 8 byte
+long initialization vector.
+.PP
+\&\fIBF_cfb64_encrypt()\fR is the \s-1CFB\s0 mode for Blowfish with 64 bit feedback.
+It encrypts or decrypts the bytes in \fBin\fR using the key \fBschedule\fR,
+putting the result in \fBout\fR. \fBenc\fR decides if encryption (\fB\s-1BF_ENCRYPT\s0\fR)
+or decryption (\fB\s-1BF_DECRYPT\s0\fR) shall be performed. \fBivec\fR must point at an
+8 byte long initialization vector. \fBnum\fR must point at an integer which must
+be initially zero.
+.PP
+\&\fIBF_ofb64_encrypt()\fR is the \s-1OFB\s0 mode for Blowfish with 64 bit feedback.
+It uses the same parameters as \fIBF_cfb64_encrypt()\fR, which must be initialized
+the same way.
+.PP
+\&\fIBF_encrypt()\fR and \fIBF_decrypt()\fR are the lowest level functions for Blowfish
+encryption. They encrypt/decrypt the first 64 bits of the vector pointed by
+\&\fBdata\fR, using the key \fBkey\fR. These functions should not be used unless you
+implement 'modes' of Blowfish. The alternative is to use \fIBF_ecb_encrypt()\fR.
+If you still want to use these functions, you should be aware that they take
+each 32\-bit chunk in host-byte order, which is little-endian on little-endian
+platforms and big-endian on big-endian ones.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+None of the functions presented here return any value.
+.SH "NOTE"
+.IX Header "NOTE"
+Applications should use the higher level functions
+\&\fIEVP_EncryptInit\fR\|(3) etc. instead of calling the
+blowfish functions directly.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIdes_modes\fR\|(7)
+.SH "HISTORY"
+.IX Header "HISTORY"
+The Blowfish functions are available in all versions of SSLeay and OpenSSL.
diff --git a/secure/lib/libcrypto/man/bn.3 b/secure/lib/libcrypto/man/bn.3
new file mode 100644
index 0000000..a22f61f
--- /dev/null
+++ b/secure/lib/libcrypto/man/bn.3
@@ -0,0 +1,306 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "bn 3"
+.TH bn 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+bn \- multiprecision integer arithmetics
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/bn.h>
+\&
+\& BIGNUM *BN_new(void);
+\& void BN_free(BIGNUM *a);
+\& void BN_init(BIGNUM *);
+\& void BN_clear(BIGNUM *a);
+\& void BN_clear_free(BIGNUM *a);
+\&
+\& BN_CTX *BN_CTX_new(void);
+\& void BN_CTX_init(BN_CTX *c);
+\& void BN_CTX_free(BN_CTX *c);
+\&
+\& BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b);
+\& BIGNUM *BN_dup(const BIGNUM *a);
+\&
+\& BIGNUM *BN_swap(BIGNUM *a, BIGNUM *b);
+\&
+\& int BN_num_bytes(const BIGNUM *a);
+\& int BN_num_bits(const BIGNUM *a);
+\& int BN_num_bits_word(BN_ULONG w);
+\&
+\& void BN_set_negative(BIGNUM *a, int n);
+\& int BN_is_negative(const BIGNUM *a);
+\&
+\& int BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
+\& int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
+\& int BN_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b, BN_CTX *ctx);
+\& int BN_sqr(BIGNUM *r, BIGNUM *a, BN_CTX *ctx);
+\& int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *a, const BIGNUM *d,
+\& BN_CTX *ctx);
+\& int BN_mod(BIGNUM *rem, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx);
+\& int BN_nnmod(BIGNUM *rem, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx);
+\& int BN_mod_add(BIGNUM *ret, BIGNUM *a, BIGNUM *b, const BIGNUM *m,
+\& BN_CTX *ctx);
+\& int BN_mod_sub(BIGNUM *ret, BIGNUM *a, BIGNUM *b, const BIGNUM *m,
+\& BN_CTX *ctx);
+\& int BN_mod_mul(BIGNUM *ret, BIGNUM *a, BIGNUM *b, const BIGNUM *m,
+\& BN_CTX *ctx);
+\& int BN_mod_sqr(BIGNUM *ret, BIGNUM *a, const BIGNUM *m, BN_CTX *ctx);
+\& int BN_exp(BIGNUM *r, BIGNUM *a, BIGNUM *p, BN_CTX *ctx);
+\& int BN_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
+\& const BIGNUM *m, BN_CTX *ctx);
+\& int BN_gcd(BIGNUM *r, BIGNUM *a, BIGNUM *b, BN_CTX *ctx);
+\&
+\& int BN_add_word(BIGNUM *a, BN_ULONG w);
+\& int BN_sub_word(BIGNUM *a, BN_ULONG w);
+\& int BN_mul_word(BIGNUM *a, BN_ULONG w);
+\& BN_ULONG BN_div_word(BIGNUM *a, BN_ULONG w);
+\& BN_ULONG BN_mod_word(const BIGNUM *a, BN_ULONG w);
+\&
+\& int BN_cmp(BIGNUM *a, BIGNUM *b);
+\& int BN_ucmp(BIGNUM *a, BIGNUM *b);
+\& int BN_is_zero(BIGNUM *a);
+\& int BN_is_one(BIGNUM *a);
+\& int BN_is_word(BIGNUM *a, BN_ULONG w);
+\& int BN_is_odd(BIGNUM *a);
+\&
+\& int BN_zero(BIGNUM *a);
+\& int BN_one(BIGNUM *a);
+\& const BIGNUM *BN_value_one(void);
+\& int BN_set_word(BIGNUM *a, unsigned long w);
+\& unsigned long BN_get_word(BIGNUM *a);
+\&
+\& int BN_rand(BIGNUM *rnd, int bits, int top, int bottom);
+\& int BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom);
+\& int BN_rand_range(BIGNUM *rnd, BIGNUM *range);
+\& int BN_pseudo_rand_range(BIGNUM *rnd, BIGNUM *range);
+\&
+\& BIGNUM *BN_generate_prime(BIGNUM *ret, int bits,int safe, BIGNUM *add,
+\& BIGNUM *rem, void (*callback)(int, int, void *), void *cb_arg);
+\& int BN_is_prime(const BIGNUM *p, int nchecks,
+\& void (*callback)(int, int, void *), BN_CTX *ctx, void *cb_arg);
+\&
+\& int BN_set_bit(BIGNUM *a, int n);
+\& int BN_clear_bit(BIGNUM *a, int n);
+\& int BN_is_bit_set(const BIGNUM *a, int n);
+\& int BN_mask_bits(BIGNUM *a, int n);
+\& int BN_lshift(BIGNUM *r, const BIGNUM *a, int n);
+\& int BN_lshift1(BIGNUM *r, BIGNUM *a);
+\& int BN_rshift(BIGNUM *r, BIGNUM *a, int n);
+\& int BN_rshift1(BIGNUM *r, BIGNUM *a);
+\&
+\& int BN_bn2bin(const BIGNUM *a, unsigned char *to);
+\& BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret);
+\& char *BN_bn2hex(const BIGNUM *a);
+\& char *BN_bn2dec(const BIGNUM *a);
+\& int BN_hex2bn(BIGNUM **a, const char *str);
+\& int BN_dec2bn(BIGNUM **a, const char *str);
+\& int BN_print(BIO *fp, const BIGNUM *a);
+\& int BN_print_fp(FILE *fp, const BIGNUM *a);
+\& int BN_bn2mpi(const BIGNUM *a, unsigned char *to);
+\& BIGNUM *BN_mpi2bn(unsigned char *s, int len, BIGNUM *ret);
+\&
+\& BIGNUM *BN_mod_inverse(BIGNUM *r, BIGNUM *a, const BIGNUM *n,
+\& BN_CTX *ctx);
+\&
+\& BN_RECP_CTX *BN_RECP_CTX_new(void);
+\& void BN_RECP_CTX_init(BN_RECP_CTX *recp);
+\& void BN_RECP_CTX_free(BN_RECP_CTX *recp);
+\& int BN_RECP_CTX_set(BN_RECP_CTX *recp, const BIGNUM *m, BN_CTX *ctx);
+\& int BN_mod_mul_reciprocal(BIGNUM *r, BIGNUM *a, BIGNUM *b,
+\& BN_RECP_CTX *recp, BN_CTX *ctx);
+\&
+\& BN_MONT_CTX *BN_MONT_CTX_new(void);
+\& void BN_MONT_CTX_init(BN_MONT_CTX *ctx);
+\& void BN_MONT_CTX_free(BN_MONT_CTX *mont);
+\& int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *m, BN_CTX *ctx);
+\& BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to, BN_MONT_CTX *from);
+\& int BN_mod_mul_montgomery(BIGNUM *r, BIGNUM *a, BIGNUM *b,
+\& BN_MONT_CTX *mont, BN_CTX *ctx);
+\& int BN_from_montgomery(BIGNUM *r, BIGNUM *a, BN_MONT_CTX *mont,
+\& BN_CTX *ctx);
+\& int BN_to_montgomery(BIGNUM *r, BIGNUM *a, BN_MONT_CTX *mont,
+\& BN_CTX *ctx);
+\&
+\& BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai,
+\& BIGNUM *mod);
+\& void BN_BLINDING_free(BN_BLINDING *b);
+\& int BN_BLINDING_update(BN_BLINDING *b,BN_CTX *ctx);
+\& int BN_BLINDING_convert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx);
+\& int BN_BLINDING_invert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx);
+\& int BN_BLINDING_convert_ex(BIGNUM *n, BIGNUM *r, BN_BLINDING *b,
+\& BN_CTX *ctx);
+\& int BN_BLINDING_invert_ex(BIGNUM *n,const BIGNUM *r,BN_BLINDING *b,
+\& BN_CTX *ctx);
+\& unsigned long BN_BLINDING_get_thread_id(const BN_BLINDING *);
+\& void BN_BLINDING_set_thread_id(BN_BLINDING *, unsigned long);
+\& unsigned long BN_BLINDING_get_flags(const BN_BLINDING *);
+\& void BN_BLINDING_set_flags(BN_BLINDING *, unsigned long);
+\& BN_BLINDING *BN_BLINDING_create_param(BN_BLINDING *b,
+\& const BIGNUM *e, BIGNUM *m, BN_CTX *ctx,
+\& int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+\& const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx),
+\& BN_MONT_CTX *m_ctx);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+This library performs arithmetic operations on integers of arbitrary
+size. It was written for use in public key cryptography, such as \s-1RSA\s0
+and Diffie-Hellman.
+.PP
+It uses dynamic memory allocation for storing its data structures.
+That means that there is no limit on the size of the numbers
+manipulated by these functions, but return values must always be
+checked in case a memory allocation error has occurred.
+.PP
+The basic object in this library is a \fB\s-1BIGNUM\s0\fR. It is used to hold a
+single large integer. This type should be considered opaque and fields
+should not be modified or accessed directly.
+.PP
+The creation of \fB\s-1BIGNUM\s0\fR objects is described in \fIBN_new\fR\|(3);
+\&\fIBN_add\fR\|(3) describes most of the arithmetic operations.
+Comparison is described in \fIBN_cmp\fR\|(3); \fIBN_zero\fR\|(3)
+describes certain assignments, \fIBN_rand\fR\|(3) the generation of
+random numbers, \fIBN_generate_prime\fR\|(3) deals with prime
+numbers and \fIBN_set_bit\fR\|(3) with bit operations. The conversion
+of \fB\s-1BIGNUM\s0\fRs to external formats is described in \fIBN_bn2bin\fR\|(3).
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIbn_internal\fR\|(3),
+\&\fIdh\fR\|(3), \fIerr\fR\|(3), \fIrand\fR\|(3), \fIrsa\fR\|(3),
+\&\fIBN_new\fR\|(3), \fIBN_CTX_new\fR\|(3),
+\&\fIBN_copy\fR\|(3), \fIBN_swap\fR\|(3), \fIBN_num_bytes\fR\|(3),
+\&\fIBN_add\fR\|(3), \fIBN_add_word\fR\|(3),
+\&\fIBN_cmp\fR\|(3), \fIBN_zero\fR\|(3), \fIBN_rand\fR\|(3),
+\&\fIBN_generate_prime\fR\|(3), \fIBN_set_bit\fR\|(3),
+\&\fIBN_bn2bin\fR\|(3), \fIBN_mod_inverse\fR\|(3),
+\&\fIBN_mod_mul_reciprocal\fR\|(3),
+\&\fIBN_mod_mul_montgomery\fR\|(3),
+\&\fIBN_BLINDING_new\fR\|(3)
diff --git a/secure/lib/libcrypto/man/bn_internal.3 b/secure/lib/libcrypto/man/bn_internal.3
new file mode 100644
index 0000000..9646e4a
--- /dev/null
+++ b/secure/lib/libcrypto/man/bn_internal.3
@@ -0,0 +1,360 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "bn_internal 3"
+.TH bn_internal 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+bn_mul_words, bn_mul_add_words, bn_sqr_words, bn_div_words,
+bn_add_words, bn_sub_words, bn_mul_comba4, bn_mul_comba8,
+bn_sqr_comba4, bn_sqr_comba8, bn_cmp_words, bn_mul_normal,
+bn_mul_low_normal, bn_mul_recursive, bn_mul_part_recursive,
+bn_mul_low_recursive, bn_mul_high, bn_sqr_normal, bn_sqr_recursive,
+bn_expand, bn_wexpand, bn_expand2, bn_fix_top, bn_check_top,
+bn_print, bn_dump, bn_set_max, bn_set_high, bn_set_low \- BIGNUM
+library internal functions
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/bn.h>
+\&
+\& BN_ULONG bn_mul_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w);
+\& BN_ULONG bn_mul_add_words(BN_ULONG *rp, BN_ULONG *ap, int num,
+\& BN_ULONG w);
+\& void bn_sqr_words(BN_ULONG *rp, BN_ULONG *ap, int num);
+\& BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d);
+\& BN_ULONG bn_add_words(BN_ULONG *rp, BN_ULONG *ap, BN_ULONG *bp,
+\& int num);
+\& BN_ULONG bn_sub_words(BN_ULONG *rp, BN_ULONG *ap, BN_ULONG *bp,
+\& int num);
+\&
+\& void bn_mul_comba4(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b);
+\& void bn_mul_comba8(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b);
+\& void bn_sqr_comba4(BN_ULONG *r, BN_ULONG *a);
+\& void bn_sqr_comba8(BN_ULONG *r, BN_ULONG *a);
+\&
+\& int bn_cmp_words(BN_ULONG *a, BN_ULONG *b, int n);
+\&
+\& void bn_mul_normal(BN_ULONG *r, BN_ULONG *a, int na, BN_ULONG *b,
+\& int nb);
+\& void bn_mul_low_normal(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n);
+\& void bn_mul_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2,
+\& int dna,int dnb,BN_ULONG *tmp);
+\& void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b,
+\& int n, int tna,int tnb, BN_ULONG *tmp);
+\& void bn_mul_low_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b,
+\& int n2, BN_ULONG *tmp);
+\& void bn_mul_high(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, BN_ULONG *l,
+\& int n2, BN_ULONG *tmp);
+\&
+\& void bn_sqr_normal(BN_ULONG *r, BN_ULONG *a, int n, BN_ULONG *tmp);
+\& void bn_sqr_recursive(BN_ULONG *r, BN_ULONG *a, int n2, BN_ULONG *tmp);
+\&
+\& void mul(BN_ULONG r, BN_ULONG a, BN_ULONG w, BN_ULONG c);
+\& void mul_add(BN_ULONG r, BN_ULONG a, BN_ULONG w, BN_ULONG c);
+\& void sqr(BN_ULONG r0, BN_ULONG r1, BN_ULONG a);
+\&
+\& BIGNUM *bn_expand(BIGNUM *a, int bits);
+\& BIGNUM *bn_wexpand(BIGNUM *a, int n);
+\& BIGNUM *bn_expand2(BIGNUM *a, int n);
+\& void bn_fix_top(BIGNUM *a);
+\&
+\& void bn_check_top(BIGNUM *a);
+\& void bn_print(BIGNUM *a);
+\& void bn_dump(BN_ULONG *d, int n);
+\& void bn_set_max(BIGNUM *a);
+\& void bn_set_high(BIGNUM *r, BIGNUM *a, int n);
+\& void bn_set_low(BIGNUM *r, BIGNUM *a, int n);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+This page documents the internal functions used by the OpenSSL
+\&\fB\s-1BIGNUM\s0\fR implementation. They are described here to facilitate
+debugging and extending the library. They are \fInot\fR to be used by
+applications.
+.SS "The \s-1BIGNUM\s0 structure"
+.IX Subsection "The BIGNUM structure"
+.Vb 1
+\& typedef struct bignum_st BIGNUM;
+\&
+\& struct bignum_st
+\& {
+\& BN_ULONG *d; /* Pointer to an array of \*(AqBN_BITS2\*(Aq bit chunks. */
+\& int top; /* Index of last used d +1. */
+\& /* The next are internal book keeping for bn_expand. */
+\& int dmax; /* Size of the d array. */
+\& int neg; /* one if the number is negative */
+\& int flags;
+\& };
+.Ve
+.PP
+The integer value is stored in \fBd\fR, a \fImalloc()\fRed array of words (\fB\s-1BN_ULONG\s0\fR),
+least significant word first. A \fB\s-1BN_ULONG\s0\fR can be either 16, 32 or 64 bits
+in size, depending on the 'number of bits' (\fB\s-1BITS2\s0\fR) specified in
+\&\f(CW\*(C`openssl/bn.h\*(C'\fR.
+.PP
+\&\fBdmax\fR is the size of the \fBd\fR array that has been allocated. \fBtop\fR
+is the number of words being used, so for a value of 4, bn.d[0]=4 and
+bn.top=1. \fBneg\fR is 1 if the number is negative. When a \fB\s-1BIGNUM\s0\fR is
+\&\fB0\fR, the \fBd\fR field can be \fB\s-1NULL\s0\fR and \fBtop\fR == \fB0\fR.
+.PP
+\&\fBflags\fR is a bit field of flags which are defined in \f(CW\*(C`openssl/bn.h\*(C'\fR. The
+flags begin with \fB\s-1BN_FLG_\s0\fR. The macros BN_set_flags(b,n) and
+BN_get_flags(b,n) exist to enable or fetch flag(s) \fBn\fR from \fB\s-1BIGNUM\s0\fR
+structure \fBb\fR.
+.PP
+Various routines in this library require the use of temporary
+\&\fB\s-1BIGNUM\s0\fR variables during their execution. Since dynamic memory
+allocation to create \fB\s-1BIGNUM\s0\fRs is rather expensive when used in
+conjunction with repeated subroutine calls, the \fB\s-1BN_CTX\s0\fR structure is
+used. This structure contains \fB\s-1BN_CTX_NUM\s0\fR \fB\s-1BIGNUM\s0\fRs, see
+\&\fIBN_CTX_start\fR\|(3).
+.SS "Low-level arithmetic operations"
+.IX Subsection "Low-level arithmetic operations"
+These functions are implemented in C and for several platforms in
+assembly language:
+.PP
+bn_mul_words(\fBrp\fR, \fBap\fR, \fBnum\fR, \fBw\fR) operates on the \fBnum\fR word
+arrays \fBrp\fR and \fBap\fR. It computes \fBap\fR * \fBw\fR, places the result
+in \fBrp\fR, and returns the high word (carry).
+.PP
+bn_mul_add_words(\fBrp\fR, \fBap\fR, \fBnum\fR, \fBw\fR) operates on the \fBnum\fR
+word arrays \fBrp\fR and \fBap\fR. It computes \fBap\fR * \fBw\fR + \fBrp\fR, places
+the result in \fBrp\fR, and returns the high word (carry).
+.PP
+bn_sqr_words(\fBrp\fR, \fBap\fR, \fBn\fR) operates on the \fBnum\fR word array
+\&\fBap\fR and the 2*\fBnum\fR word array \fBap\fR. It computes \fBap\fR * \fBap\fR
+word-wise, and places the low and high bytes of the result in \fBrp\fR.
+.PP
+bn_div_words(\fBh\fR, \fBl\fR, \fBd\fR) divides the two word number (\fBh\fR,\fBl\fR)
+by \fBd\fR and returns the result.
+.PP
+bn_add_words(\fBrp\fR, \fBap\fR, \fBbp\fR, \fBnum\fR) operates on the \fBnum\fR word
+arrays \fBap\fR, \fBbp\fR and \fBrp\fR. It computes \fBap\fR + \fBbp\fR, places the
+result in \fBrp\fR, and returns the high word (carry).
+.PP
+bn_sub_words(\fBrp\fR, \fBap\fR, \fBbp\fR, \fBnum\fR) operates on the \fBnum\fR word
+arrays \fBap\fR, \fBbp\fR and \fBrp\fR. It computes \fBap\fR \- \fBbp\fR, places the
+result in \fBrp\fR, and returns the carry (1 if \fBbp\fR > \fBap\fR, 0
+otherwise).
+.PP
+bn_mul_comba4(\fBr\fR, \fBa\fR, \fBb\fR) operates on the 4 word arrays \fBa\fR and
+\&\fBb\fR and the 8 word array \fBr\fR. It computes \fBa\fR*\fBb\fR and places the
+result in \fBr\fR.
+.PP
+bn_mul_comba8(\fBr\fR, \fBa\fR, \fBb\fR) operates on the 8 word arrays \fBa\fR and
+\&\fBb\fR and the 16 word array \fBr\fR. It computes \fBa\fR*\fBb\fR and places the
+result in \fBr\fR.
+.PP
+bn_sqr_comba4(\fBr\fR, \fBa\fR, \fBb\fR) operates on the 4 word arrays \fBa\fR and
+\&\fBb\fR and the 8 word array \fBr\fR.
+.PP
+bn_sqr_comba8(\fBr\fR, \fBa\fR, \fBb\fR) operates on the 8 word arrays \fBa\fR and
+\&\fBb\fR and the 16 word array \fBr\fR.
+.PP
+The following functions are implemented in C:
+.PP
+bn_cmp_words(\fBa\fR, \fBb\fR, \fBn\fR) operates on the \fBn\fR word arrays \fBa\fR
+and \fBb\fR. It returns 1, 0 and \-1 if \fBa\fR is greater than, equal and
+less than \fBb\fR.
+.PP
+bn_mul_normal(\fBr\fR, \fBa\fR, \fBna\fR, \fBb\fR, \fBnb\fR) operates on the \fBna\fR
+word array \fBa\fR, the \fBnb\fR word array \fBb\fR and the \fBna\fR+\fBnb\fR word
+array \fBr\fR. It computes \fBa\fR*\fBb\fR and places the result in \fBr\fR.
+.PP
+bn_mul_low_normal(\fBr\fR, \fBa\fR, \fBb\fR, \fBn\fR) operates on the \fBn\fR word
+arrays \fBr\fR, \fBa\fR and \fBb\fR. It computes the \fBn\fR low words of
+\&\fBa\fR*\fBb\fR and places the result in \fBr\fR.
+.PP
+bn_mul_recursive(\fBr\fR, \fBa\fR, \fBb\fR, \fBn2\fR, \fBdna\fR, \fBdnb\fR, \fBt\fR) operates
+on the word arrays \fBa\fR and \fBb\fR of length \fBn2\fR+\fBdna\fR and \fBn2\fR+\fBdnb\fR
+(\fBdna\fR and \fBdnb\fR are currently allowed to be 0 or negative) and the 2*\fBn2\fR
+word arrays \fBr\fR and \fBt\fR. \fBn2\fR must be a power of 2. It computes
+\&\fBa\fR*\fBb\fR and places the result in \fBr\fR.
+.PP
+bn_mul_part_recursive(\fBr\fR, \fBa\fR, \fBb\fR, \fBn\fR, \fBtna\fR, \fBtnb\fR, \fBtmp\fR)
+operates on the word arrays \fBa\fR and \fBb\fR of length \fBn\fR+\fBtna\fR and
+\&\fBn\fR+\fBtnb\fR and the 4*\fBn\fR word arrays \fBr\fR and \fBtmp\fR.
+.PP
+bn_mul_low_recursive(\fBr\fR, \fBa\fR, \fBb\fR, \fBn2\fR, \fBtmp\fR) operates on the
+\&\fBn2\fR word arrays \fBr\fR and \fBtmp\fR and the \fBn2\fR/2 word arrays \fBa\fR
+and \fBb\fR.
+.PP
+bn_mul_high(\fBr\fR, \fBa\fR, \fBb\fR, \fBl\fR, \fBn2\fR, \fBtmp\fR) operates on the
+\&\fBn2\fR word arrays \fBr\fR, \fBa\fR, \fBb\fR and \fBl\fR (?) and the 3*\fBn2\fR word
+array \fBtmp\fR.
+.PP
+\&\fIBN_mul()\fR calls \fIbn_mul_normal()\fR, or an optimized implementation if the
+factors have the same size: \fIbn_mul_comba8()\fR is used if they are 8
+words long, \fIbn_mul_recursive()\fR if they are larger than
+\&\fB\s-1BN_MULL_SIZE_NORMAL\s0\fR and the size is an exact multiple of the word
+size, and \fIbn_mul_part_recursive()\fR for others that are larger than
+\&\fB\s-1BN_MULL_SIZE_NORMAL\s0\fR.
+.PP
+bn_sqr_normal(\fBr\fR, \fBa\fR, \fBn\fR, \fBtmp\fR) operates on the \fBn\fR word array
+\&\fBa\fR and the 2*\fBn\fR word arrays \fBtmp\fR and \fBr\fR.
+.PP
+The implementations use the following macros which, depending on the
+architecture, may use \*(L"long long\*(R" C operations or inline assembler.
+They are defined in \f(CW\*(C`bn_lcl.h\*(C'\fR.
+.PP
+mul(\fBr\fR, \fBa\fR, \fBw\fR, \fBc\fR) computes \fBw\fR*\fBa\fR+\fBc\fR and places the
+low word of the result in \fBr\fR and the high word in \fBc\fR.
+.PP
+mul_add(\fBr\fR, \fBa\fR, \fBw\fR, \fBc\fR) computes \fBw\fR*\fBa\fR+\fBr\fR+\fBc\fR and
+places the low word of the result in \fBr\fR and the high word in \fBc\fR.
+.PP
+sqr(\fBr0\fR, \fBr1\fR, \fBa\fR) computes \fBa\fR*\fBa\fR and places the low word
+of the result in \fBr0\fR and the high word in \fBr1\fR.
+.SS "Size changes"
+.IX Subsection "Size changes"
+\&\fIbn_expand()\fR ensures that \fBb\fR has enough space for a \fBbits\fR bit
+number. \fIbn_wexpand()\fR ensures that \fBb\fR has enough space for an
+\&\fBn\fR word number. If the number has to be expanded, both macros
+call \fIbn_expand2()\fR, which allocates a new \fBd\fR array and copies the
+data. They return \fB\s-1NULL\s0\fR on error, \fBb\fR otherwise.
+.PP
+The \fIbn_fix_top()\fR macro reduces \fBa\->top\fR to point to the most
+significant non-zero word plus one when \fBa\fR has shrunk.
+.SS "Debugging"
+.IX Subsection "Debugging"
+\&\fIbn_check_top()\fR verifies that \f(CW\*(C`((a)\->top >= 0 && (a)\->top
+<= (a)\->dmax)\*(C'\fR. A violation will cause the program to abort.
+.PP
+\&\fIbn_print()\fR prints \fBa\fR to stderr. \fIbn_dump()\fR prints \fBn\fR words at \fBd\fR
+(in reverse order, i.e. most significant word first) to stderr.
+.PP
+\&\fIbn_set_max()\fR makes \fBa\fR a static number with a \fBdmax\fR of its current size.
+This is used by \fIbn_set_low()\fR and \fIbn_set_high()\fR to make \fBr\fR a read-only
+\&\fB\s-1BIGNUM\s0\fR that contains the \fBn\fR low or high words of \fBa\fR.
+.PP
+If \fB\s-1BN_DEBUG\s0\fR is not defined, \fIbn_check_top()\fR, \fIbn_print()\fR, \fIbn_dump()\fR
+and \fIbn_set_max()\fR are defined as empty macros.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIbn\fR\|(3)
diff --git a/secure/lib/libcrypto/man/buffer.3 b/secure/lib/libcrypto/man/buffer.3
new file mode 100644
index 0000000..c468cc3
--- /dev/null
+++ b/secure/lib/libcrypto/man/buffer.3
@@ -0,0 +1,198 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "buffer 3"
+.TH buffer 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+BUF_MEM_new, BUF_MEM_free, BUF_MEM_grow, BUF_strdup \- simple
+character arrays structure
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/buffer.h>
+\&
+\& BUF_MEM *BUF_MEM_new(void);
+\&
+\& void BUF_MEM_free(BUF_MEM *a);
+\&
+\& int BUF_MEM_grow(BUF_MEM *str, int len);
+\&
+\& char * BUF_strdup(const char *str);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+The buffer library handles simple character arrays. Buffers are used for
+various purposes in the library, most notably memory BIOs.
+.PP
+The library uses the \s-1BUF_MEM\s0 structure defined in buffer.h:
+.PP
+.Vb 6
+\& typedef struct buf_mem_st
+\& {
+\& int length; /* current number of bytes */
+\& char *data;
+\& int max; /* size of buffer */
+\& } BUF_MEM;
+.Ve
+.PP
+\&\fBlength\fR is the current size of the buffer in bytes, \fBmax\fR is the amount of
+memory allocated to the buffer. There are three functions which handle these
+and one \*(L"miscellaneous\*(R" function.
+.PP
+\&\fIBUF_MEM_new()\fR allocates a new buffer of zero size.
+.PP
+\&\fIBUF_MEM_free()\fR frees up an already existing buffer. The data is zeroed
+before freeing up in case the buffer contains sensitive data.
+.PP
+\&\fIBUF_MEM_grow()\fR changes the size of an already existing buffer to
+\&\fBlen\fR. Any data already in the buffer is preserved if it increases in
+size.
+.PP
+\&\fIBUF_strdup()\fR copies a null terminated string into a block of allocated
+memory and returns a pointer to the allocated block.
+Unlike the standard C library \fIstrdup()\fR this function uses \fIOPENSSL_malloc()\fR and so
+should be used in preference to the standard library \fIstrdup()\fR because it can
+be used for memory leak checking or replacing the \fImalloc()\fR function.
+.PP
+The memory allocated from \fIBUF_strdup()\fR should be freed up using the \fIOPENSSL_free()\fR
+function.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+\&\fIBUF_MEM_new()\fR returns the buffer or \s-1NULL\s0 on error.
+.PP
+\&\fIBUF_MEM_free()\fR has no return value.
+.PP
+\&\fIBUF_MEM_grow()\fR returns zero on error or the new size (i.e. \fBlen\fR).
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIbio\fR\|(3)
+.SH "HISTORY"
+.IX Header "HISTORY"
+\&\fIBUF_MEM_new()\fR, \fIBUF_MEM_free()\fR and \fIBUF_MEM_grow()\fR are available in all
+versions of SSLeay and OpenSSL. \fIBUF_strdup()\fR was added in SSLeay 0.8.
diff --git a/secure/lib/libcrypto/man/crypto.3 b/secure/lib/libcrypto/man/crypto.3
new file mode 100644
index 0000000..8175f2f
--- /dev/null
+++ b/secure/lib/libcrypto/man/crypto.3
@@ -0,0 +1,198 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "crypto 3"
+.TH crypto 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+crypto \- OpenSSL cryptographic library
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+The OpenSSL \fBcrypto\fR library implements a wide range of cryptographic
+algorithms used in various Internet standards. The services provided
+by this library are used by the OpenSSL implementations of \s-1SSL\s0, \s-1TLS\s0
+and S/MIME, and they have also been used to implement \s-1SSH\s0, OpenPGP, and
+other cryptographic standards.
+.SH "OVERVIEW"
+.IX Header "OVERVIEW"
+\&\fBlibcrypto\fR consists of a number of sub-libraries that implement the
+individual algorithms.
+.PP
+The functionality includes symmetric encryption, public key
+cryptography and key agreement, certificate handling, cryptographic
+hash functions and a cryptographic pseudo-random number generator.
+.IP "\s-1SYMMETRIC\s0 \s-1CIPHERS\s0" 4
+.IX Item "SYMMETRIC CIPHERS"
+\&\fIblowfish\fR\|(3), \fIcast\fR\|(3), \fIdes\fR\|(3),
+\&\fIidea\fR\|(3), \fIrc2\fR\|(3), \fIrc4\fR\|(3), \fIrc5\fR\|(3)
+.IP "\s-1PUBLIC\s0 \s-1KEY\s0 \s-1CRYPTOGRAPHY\s0 \s-1AND\s0 \s-1KEY\s0 \s-1AGREEMENT\s0" 4
+.IX Item "PUBLIC KEY CRYPTOGRAPHY AND KEY AGREEMENT"
+\&\fIdsa\fR\|(3), \fIdh\fR\|(3), \fIrsa\fR\|(3)
+.IP "\s-1CERTIFICATES\s0" 4
+.IX Item "CERTIFICATES"
+\&\fIx509\fR\|(3), \fIx509v3\fR\|(3)
+.IP "\s-1AUTHENTICATION\s0 \s-1CODES\s0, \s-1HASH\s0 \s-1FUNCTIONS\s0" 4
+.IX Item "AUTHENTICATION CODES, HASH FUNCTIONS"
+\&\fIhmac\fR\|(3), \fImd2\fR\|(3), \fImd4\fR\|(3),
+\&\fImd5\fR\|(3), \fImdc2\fR\|(3), \fIripemd\fR\|(3),
+\&\fIsha\fR\|(3)
+.IP "\s-1AUXILIARY\s0 \s-1FUNCTIONS\s0" 4
+.IX Item "AUXILIARY FUNCTIONS"
+\&\fIerr\fR\|(3), \fIthreads\fR\|(3), \fIrand\fR\|(3),
+\&\s-1\fIOPENSSL_VERSION_NUMBER\s0\fR\|(3)
+.IP "\s-1INPUT/OUTPUT\s0, \s-1DATA\s0 \s-1ENCODING\s0" 4
+.IX Item "INPUT/OUTPUT, DATA ENCODING"
+\&\fIasn1\fR\|(3), \fIbio\fR\|(3), \fIevp\fR\|(3), \fIpem\fR\|(3),
+\&\fIpkcs7\fR\|(3), \fIpkcs12\fR\|(3)
+.IP "\s-1INTERNAL\s0 \s-1FUNCTIONS\s0" 4
+.IX Item "INTERNAL FUNCTIONS"
+\&\fIbn\fR\|(3), \fIbuffer\fR\|(3), \fIlhash\fR\|(3),
+\&\fIobjects\fR\|(3), \fIstack\fR\|(3),
+\&\fItxt_db\fR\|(3)
+.SH "NOTES"
+.IX Header "NOTES"
+Some of the newer functions follow a naming convention using the numbers
+\&\fB0\fR and \fB1\fR. For example the functions:
+.PP
+.Vb 2
+\& int X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev);
+\& int X509_add1_trust_object(X509 *x, ASN1_OBJECT *obj);
+.Ve
+.PP
+The \fB0\fR version uses the supplied structure pointer directly
+in the parent and it will be freed up when the parent is freed.
+In the above example \fBcrl\fR would be freed but \fBrev\fR would not.
+.PP
+The \fB1\fR function uses a copy of the supplied structure pointer
+(or in some cases increases its link count) in the parent and
+so both (\fBx\fR and \fBobj\fR above) should be freed up.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIopenssl\fR\|(1), \fIssl\fR\|(3)
diff --git a/secure/lib/libcrypto/man/d2i_ASN1_OBJECT.3 b/secure/lib/libcrypto/man/d2i_ASN1_OBJECT.3
new file mode 100644
index 0000000..68de02b
--- /dev/null
+++ b/secure/lib/libcrypto/man/d2i_ASN1_OBJECT.3
@@ -0,0 +1,153 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "d2i_ASN1_OBJECT 3"
+.TH d2i_ASN1_OBJECT 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+d2i_ASN1_OBJECT, i2d_ASN1_OBJECT \- ASN1 OBJECT IDENTIFIER functions
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/objects.h>
+\&
+\& ASN1_OBJECT *d2i_ASN1_OBJECT(ASN1_OBJECT **a, unsigned char **pp, long length);
+\& int i2d_ASN1_OBJECT(ASN1_OBJECT *a, unsigned char **pp);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+These functions decode and encode an \s-1ASN1\s0 \s-1OBJECT\s0 \s-1IDENTIFIER\s0.
+.PP
+Othewise these behave in a similar way to \fId2i_X509()\fR and \fIi2d_X509()\fR
+described in the \fId2i_X509\fR\|(3) manual page.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fId2i_X509\fR\|(3)
+.SH "HISTORY"
+.IX Header "HISTORY"
+\&\s-1TBA\s0
diff --git a/secure/lib/libcrypto/man/d2i_DHparams.3 b/secure/lib/libcrypto/man/d2i_DHparams.3
new file mode 100644
index 0000000..0d8d30f
--- /dev/null
+++ b/secure/lib/libcrypto/man/d2i_DHparams.3
@@ -0,0 +1,154 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "d2i_DHparams 3"
+.TH d2i_DHparams 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+d2i_DHparams, i2d_DHparams \- PKCS#3 DH parameter functions.
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/dh.h>
+\&
+\& DH *d2i_DHparams(DH **a, unsigned char **pp, long length);
+\& int i2d_DHparams(DH *a, unsigned char **pp);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+These functions decode and encode PKCS#3 \s-1DH\s0 parameters using the
+DHparameter structure described in PKCS#3.
+.PP
+Othewise these behave in a similar way to \fId2i_X509()\fR and \fIi2d_X509()\fR
+described in the \fId2i_X509\fR\|(3) manual page.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fId2i_X509\fR\|(3)
+.SH "HISTORY"
+.IX Header "HISTORY"
+\&\s-1TBA\s0
diff --git a/secure/lib/libcrypto/man/d2i_DSAPublicKey.3 b/secure/lib/libcrypto/man/d2i_DSAPublicKey.3
new file mode 100644
index 0000000..69e8d7e
--- /dev/null
+++ b/secure/lib/libcrypto/man/d2i_DSAPublicKey.3
@@ -0,0 +1,206 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "d2i_DSAPublicKey 3"
+.TH d2i_DSAPublicKey 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+d2i_DSAPublicKey, i2d_DSAPublicKey, d2i_DSAPrivateKey, i2d_DSAPrivateKey,
+d2i_DSA_PUBKEY, i2d_DSA_PUBKEY, d2i_DSA_SIG, i2d_DSA_SIG \- DSA key encoding
+and parsing functions.
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 2
+\& #include <openssl/dsa.h>
+\& #include <openssl/x509.h>
+\&
+\& DSA * d2i_DSAPublicKey(DSA **a, const unsigned char **pp, long length);
+\&
+\& int i2d_DSAPublicKey(const DSA *a, unsigned char **pp);
+\&
+\& DSA * d2i_DSA_PUBKEY(DSA **a, const unsigned char **pp, long length);
+\&
+\& int i2d_DSA_PUBKEY(const DSA *a, unsigned char **pp);
+\&
+\& DSA * d2i_DSAPrivateKey(DSA **a, const unsigned char **pp, long length);
+\&
+\& int i2d_DSAPrivateKey(const DSA *a, unsigned char **pp);
+\&
+\& DSA * d2i_DSAparams(DSA **a, const unsigned char **pp, long length);
+\&
+\& int i2d_DSAparams(const DSA *a, unsigned char **pp);
+\&
+\& DSA * d2i_DSA_SIG(DSA_SIG **a, const unsigned char **pp, long length);
+\&
+\& int i2d_DSA_SIG(const DSA_SIG *a, unsigned char **pp);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\fId2i_DSAPublicKey()\fR and \fIi2d_DSAPublicKey()\fR decode and encode the \s-1DSA\s0 public key
+components structure.
+.PP
+\&\fId2i_DSA_PUBKEY()\fR and \fIi2d_DSA_PUBKEY()\fR decode and encode an \s-1DSA\s0 public key using
+a SubjectPublicKeyInfo (certificate public key) structure.
+.PP
+\&\fId2i_DSAPrivateKey()\fR, \fIi2d_DSAPrivateKey()\fR decode and encode the \s-1DSA\s0 private key
+components.
+.PP
+\&\fId2i_DSAparams()\fR, \fIi2d_DSAparams()\fR decode and encode the \s-1DSA\s0 parameters using
+a \fBDss-Parms\fR structure as defined in \s-1RFC2459\s0.
+.PP
+\&\fId2i_DSA_SIG()\fR, \fIi2d_DSA_SIG()\fR decode and encode a \s-1DSA\s0 signature using a
+\&\fBDss-Sig-Value\fR structure as defined in \s-1RFC2459\s0.
+.PP
+The usage of all of these functions is similar to the \fId2i_X509()\fR and
+\&\fIi2d_X509()\fR described in the \fId2i_X509\fR\|(3) manual page.
+.SH "NOTES"
+.IX Header "NOTES"
+The \fB\s-1DSA\s0\fR structure passed to the private key encoding functions should have
+all the private key components present.
+.PP
+The data encoded by the private key functions is unencrypted and therefore
+offers no private key security.
+.PP
+The \fB\s-1DSA_PUBKEY\s0\fR functions should be used in preference to the \fBDSAPublicKey\fR
+functions when encoding public keys because they use a standard format.
+.PP
+The \fBDSAPublicKey\fR functions use an non standard format the actual data encoded
+depends on the value of the \fBwrite_params\fR field of the \fBa\fR key parameter.
+If \fBwrite_params\fR is zero then only the \fBpub_key\fR field is encoded as an
+\&\fB\s-1INTEGER\s0\fR. If \fBwrite_params\fR is 1 then a \fB\s-1SEQUENCE\s0\fR consisting of the
+\&\fBp\fR, \fBq\fR, \fBg\fR and \fBpub_key\fR respectively fields are encoded.
+.PP
+The \fBDSAPrivateKey\fR functions also use a non standard structure consiting
+consisting of a \s-1SEQUENCE\s0 containing the \fBp\fR, \fBq\fR, \fBg\fR and \fBpub_key\fR and
+\&\fBpriv_key\fR fields respectively.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fId2i_X509\fR\|(3)
+.SH "HISTORY"
+.IX Header "HISTORY"
+\&\s-1TBA\s0
diff --git a/secure/lib/libcrypto/man/d2i_PKCS8PrivateKey.3 b/secure/lib/libcrypto/man/d2i_PKCS8PrivateKey.3
new file mode 100644
index 0000000..e658a3e
--- /dev/null
+++ b/secure/lib/libcrypto/man/d2i_PKCS8PrivateKey.3
@@ -0,0 +1,180 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "d2i_PKCS8PrivateKey 3"
+.TH d2i_PKCS8PrivateKey 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+d2i_PKCS8PrivateKey_bio, d2i_PKCS8PrivateKey_fp,
+i2d_PKCS8PrivateKey_bio, i2d_PKCS8PrivateKey_fp,
+i2d_PKCS8PrivateKey_nid_bio, i2d_PKCS8PrivateKey_nid_fp \- PKCS#8 format private key functions
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/evp.h>
+\&
+\& EVP_PKEY *d2i_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, void *u);
+\& EVP_PKEY *d2i_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, void *u);
+\&
+\& int i2d_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc,
+\& char *kstr, int klen,
+\& pem_password_cb *cb, void *u);
+\&
+\& int i2d_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,
+\& char *kstr, int klen,
+\& pem_password_cb *cb, void *u);
+\&
+\& int i2d_PKCS8PrivateKey_nid_bio(BIO *bp, EVP_PKEY *x, int nid,
+\& char *kstr, int klen,
+\& pem_password_cb *cb, void *u);
+\&
+\& int i2d_PKCS8PrivateKey_nid_fp(FILE *fp, EVP_PKEY *x, int nid,
+\& char *kstr, int klen,
+\& pem_password_cb *cb, void *u);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+The PKCS#8 functions encode and decode private keys in PKCS#8 format using both
+PKCS#5 v1.5 and PKCS#5 v2.0 password based encryption algorithms.
+.PP
+Other than the use of \s-1DER\s0 as opposed to \s-1PEM\s0 these functions are identical to the
+corresponding \fB\s-1PEM\s0\fR function as described in the \fIpem\fR\|(3) manual page.
+.SH "NOTES"
+.IX Header "NOTES"
+Before using these functions \fIOpenSSL_add_all_algorithms\fR\|(3)
+should be called to initialize the internal algorithm lookup tables otherwise errors about
+unknown algorithms will occur if an attempt is made to decrypt a private key.
+.PP
+These functions are currently the only way to store encrypted private keys using \s-1DER\s0 format.
+.PP
+Currently all the functions use BIOs or \s-1FILE\s0 pointers, there are no functions which
+work directly on memory: this can be readily worked around by converting the buffers
+to memory BIOs, see \fIBIO_s_mem\fR\|(3) for details.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIpem\fR\|(3)
diff --git a/secure/lib/libcrypto/man/d2i_RSAPublicKey.3 b/secure/lib/libcrypto/man/d2i_RSAPublicKey.3
new file mode 100644
index 0000000..64f4414
--- /dev/null
+++ b/secure/lib/libcrypto/man/d2i_RSAPublicKey.3
@@ -0,0 +1,190 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "d2i_RSAPublicKey 3"
+.TH d2i_RSAPublicKey 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+d2i_RSAPublicKey, i2d_RSAPublicKey, d2i_RSAPrivateKey, i2d_RSAPrivateKey,
+d2i_RSA_PUBKEY, i2d_RSA_PUBKEY, i2d_Netscape_RSA,
+d2i_Netscape_RSA \- RSA public and private key encoding functions.
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 2
+\& #include <openssl/rsa.h>
+\& #include <openssl/x509.h>
+\&
+\& RSA * d2i_RSAPublicKey(RSA **a, unsigned char **pp, long length);
+\&
+\& int i2d_RSAPublicKey(RSA *a, unsigned char **pp);
+\&
+\& RSA * d2i_RSA_PUBKEY(RSA **a, unsigned char **pp, long length);
+\&
+\& int i2d_RSA_PUBKEY(RSA *a, unsigned char **pp);
+\&
+\& RSA * d2i_RSAPrivateKey(RSA **a, unsigned char **pp, long length);
+\&
+\& int i2d_RSAPrivateKey(RSA *a, unsigned char **pp);
+\&
+\& int i2d_Netscape_RSA(RSA *a, unsigned char **pp, int (*cb)());
+\&
+\& RSA * d2i_Netscape_RSA(RSA **a, unsigned char **pp, long length, int (*cb)());
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\fId2i_RSAPublicKey()\fR and \fIi2d_RSAPublicKey()\fR decode and encode a PKCS#1 RSAPublicKey
+structure.
+.PP
+\&\fId2i_RSA_PUBKEY()\fR and \fIi2d_RSA_PUBKEY()\fR decode and encode an \s-1RSA\s0 public key using
+a SubjectPublicKeyInfo (certificate public key) structure.
+.PP
+\&\fId2i_RSAPrivateKey()\fR, \fIi2d_RSAPrivateKey()\fR decode and encode a PKCS#1 RSAPrivateKey
+structure.
+.PP
+\&\fId2i_Netscape_RSA()\fR, \fIi2d_Netscape_RSA()\fR decode and encode an \s-1RSA\s0 private key in
+\&\s-1NET\s0 format.
+.PP
+The usage of all of these functions is similar to the \fId2i_X509()\fR and
+\&\fIi2d_X509()\fR described in the \fId2i_X509\fR\|(3) manual page.
+.SH "NOTES"
+.IX Header "NOTES"
+The \fB\s-1RSA\s0\fR structure passed to the private key encoding functions should have
+all the PKCS#1 private key components present.
+.PP
+The data encoded by the private key functions is unencrypted and therefore
+offers no private key security.
+.PP
+The \s-1NET\s0 format functions are present to provide compatibility with certain very
+old software. This format has some severe security weaknesses and should be
+avoided if possible.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fId2i_X509\fR\|(3)
+.SH "HISTORY"
+.IX Header "HISTORY"
+\&\s-1TBA\s0
diff --git a/secure/lib/libcrypto/man/d2i_X509.3 b/secure/lib/libcrypto/man/d2i_X509.3
new file mode 100644
index 0000000..f0580f1
--- /dev/null
+++ b/secure/lib/libcrypto/man/d2i_X509.3
@@ -0,0 +1,360 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "d2i_X509 3"
+.TH d2i_X509 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+d2i_X509, i2d_X509, d2i_X509_bio, d2i_X509_fp, i2d_X509_bio,
+i2d_X509_fp \- X509 encode and decode functions
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/x509.h>
+\&
+\& X509 *d2i_X509(X509 **px, const unsigned char **in, int len);
+\& int i2d_X509(X509 *x, unsigned char **out);
+\&
+\& X509 *d2i_X509_bio(BIO *bp, X509 **x);
+\& X509 *d2i_X509_fp(FILE *fp, X509 **x);
+\&
+\& int i2d_X509_bio(BIO *bp, X509 *x);
+\& int i2d_X509_fp(FILE *fp, X509 *x);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+The X509 encode and decode routines encode and parse an
+\&\fBX509\fR structure, which represents an X509 certificate.
+.PP
+\&\fId2i_X509()\fR attempts to decode \fBlen\fR bytes at \fB*in\fR. If
+successful a pointer to the \fBX509\fR structure is returned. If an error
+occurred then \fB\s-1NULL\s0\fR is returned. If \fBpx\fR is not \fB\s-1NULL\s0\fR then the
+returned structure is written to \fB*px\fR. If \fB*px\fR is not \fB\s-1NULL\s0\fR
+then it is assumed that \fB*px\fR contains a valid \fBX509\fR
+structure and an attempt is made to reuse it. If the call is
+successful \fB*in\fR is incremented to the byte following the
+parsed data.
+.PP
+\&\fIi2d_X509()\fR encodes the structure pointed to by \fBx\fR into \s-1DER\s0 format.
+If \fBout\fR is not \fB\s-1NULL\s0\fR is writes the \s-1DER\s0 encoded data to the buffer
+at \fB*out\fR, and increments it to point after the data just written.
+If the return value is negative an error occurred, otherwise it
+returns the length of the encoded data.
+.PP
+For OpenSSL 0.9.7 and later if \fB*out\fR is \fB\s-1NULL\s0\fR memory will be
+allocated for a buffer and the encoded data written to it. In this
+case \fB*out\fR is not incremented and it points to the start of the
+data just written.
+.PP
+\&\fId2i_X509_bio()\fR is similar to \fId2i_X509()\fR except it attempts
+to parse data from \s-1BIO\s0 \fBbp\fR.
+.PP
+\&\fId2i_X509_fp()\fR is similar to \fId2i_X509()\fR except it attempts
+to parse data from \s-1FILE\s0 pointer \fBfp\fR.
+.PP
+\&\fIi2d_X509_bio()\fR is similar to \fIi2d_X509()\fR except it writes
+the encoding of the structure \fBx\fR to \s-1BIO\s0 \fBbp\fR and it
+returns 1 for success and 0 for failure.
+.PP
+\&\fIi2d_X509_fp()\fR is similar to \fIi2d_X509()\fR except it writes
+the encoding of the structure \fBx\fR to \s-1BIO\s0 \fBbp\fR and it
+returns 1 for success and 0 for failure.
+.SH "NOTES"
+.IX Header "NOTES"
+The letters \fBi\fR and \fBd\fR in for example \fBi2d_X509\fR stand for
+\&\*(L"internal\*(R" (that is an internal C structure) and \*(L"\s-1DER\s0\*(R". So that
+\&\fBi2d_X509\fR converts from internal to \s-1DER\s0.
+.PP
+The functions can also understand \fB\s-1BER\s0\fR forms.
+.PP
+The actual X509 structure passed to \fIi2d_X509()\fR must be a valid
+populated \fBX509\fR structure it can \fBnot\fR simply be fed with an
+empty structure such as that returned by \fIX509_new()\fR.
+.PP
+The encoded data is in binary form and may contain embedded zeroes.
+Therefore any \s-1FILE\s0 pointers or BIOs should be opened in binary mode.
+Functions such as \fB\f(BIstrlen()\fB\fR will \fBnot\fR return the correct length
+of the encoded structure.
+.PP
+The ways that \fB*in\fR and \fB*out\fR are incremented after the operation
+can trap the unwary. See the \fB\s-1WARNINGS\s0\fR section for some common
+errors.
+.PP
+The reason for the auto increment behaviour is to reflect a typical
+usage of \s-1ASN1\s0 functions: after one structure is encoded or decoded
+another will processed after it.
+.SH "EXAMPLES"
+.IX Header "EXAMPLES"
+Allocate and encode the \s-1DER\s0 encoding of an X509 structure:
+.PP
+.Vb 2
+\& int len;
+\& unsigned char *buf, *p;
+\&
+\& len = i2d_X509(x, NULL);
+\&
+\& buf = OPENSSL_malloc(len);
+\&
+\& if (buf == NULL)
+\& /* error */
+\&
+\& p = buf;
+\&
+\& i2d_X509(x, &p);
+.Ve
+.PP
+If you are using OpenSSL 0.9.7 or later then this can be
+simplified to:
+.PP
+.Vb 2
+\& int len;
+\& unsigned char *buf;
+\&
+\& buf = NULL;
+\&
+\& len = i2d_X509(x, &buf);
+\&
+\& if (len < 0)
+\& /* error */
+.Ve
+.PP
+Attempt to decode a buffer:
+.PP
+.Vb 1
+\& X509 *x;
+\&
+\& unsigned char *buf, *p;
+\&
+\& int len;
+\&
+\& /* Something to setup buf and len */
+\&
+\& p = buf;
+\&
+\& x = d2i_X509(NULL, &p, len);
+\&
+\& if (x == NULL)
+\& /* Some error */
+.Ve
+.PP
+Alternative technique:
+.PP
+.Vb 1
+\& X509 *x;
+\&
+\& unsigned char *buf, *p;
+\&
+\& int len;
+\&
+\& /* Something to setup buf and len */
+\&
+\& p = buf;
+\&
+\& x = NULL;
+\&
+\& if(!d2i_X509(&x, &p, len))
+\& /* Some error */
+.Ve
+.SH "WARNINGS"
+.IX Header "WARNINGS"
+The use of temporary variable is mandatory. A common
+mistake is to attempt to use a buffer directly as follows:
+.PP
+.Vb 2
+\& int len;
+\& unsigned char *buf;
+\&
+\& len = i2d_X509(x, NULL);
+\&
+\& buf = OPENSSL_malloc(len);
+\&
+\& if (buf == NULL)
+\& /* error */
+\&
+\& i2d_X509(x, &buf);
+\&
+\& /* Other stuff ... */
+\&
+\& OPENSSL_free(buf);
+.Ve
+.PP
+This code will result in \fBbuf\fR apparently containing garbage because
+it was incremented after the call to point after the data just written.
+Also \fBbuf\fR will no longer contain the pointer allocated by \fB\f(BIOPENSSL_malloc()\fB\fR
+and the subsequent call to \fB\f(BIOPENSSL_free()\fB\fR may well crash.
+.PP
+The auto allocation feature (setting buf to \s-1NULL\s0) only works on OpenSSL
+0.9.7 and later. Attempts to use it on earlier versions will typically
+cause a segmentation violation.
+.PP
+Another trap to avoid is misuse of the \fBxp\fR argument to \fB\f(BId2i_X509()\fB\fR:
+.PP
+.Vb 1
+\& X509 *x;
+\&
+\& if (!d2i_X509(&x, &p, len))
+\& /* Some error */
+.Ve
+.PP
+This will probably crash somewhere in \fB\f(BId2i_X509()\fB\fR. The reason for this
+is that the variable \fBx\fR is uninitialized and an attempt will be made to
+interpret its (invalid) value as an \fBX509\fR structure, typically causing
+a segmentation violation. If \fBx\fR is set to \s-1NULL\s0 first then this will not
+happen.
+.SH "BUGS"
+.IX Header "BUGS"
+In some versions of OpenSSL the \*(L"reuse\*(R" behaviour of \fId2i_X509()\fR when
+\&\fB*px\fR is valid is broken and some parts of the reused structure may
+persist if they are not present in the new one. As a result the use
+of this \*(L"reuse\*(R" behaviour is strongly discouraged.
+.PP
+\&\fIi2d_X509()\fR will not return an error in many versions of OpenSSL,
+if mandatory fields are not initialized due to a programming error
+then the encoded structure may contain invalid data or omit the
+fields entirely and will not be parsed by \fId2i_X509()\fR. This may be
+fixed in future so code should not assume that \fIi2d_X509()\fR will
+always succeed.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+\&\fId2i_X509()\fR, \fId2i_X509_bio()\fR and \fId2i_X509_fp()\fR return a valid \fBX509\fR structure
+or \fB\s-1NULL\s0\fR if an error occurs. The error code that can be obtained by
+\&\fIERR_get_error\fR\|(3).
+.PP
+\&\fIi2d_X509()\fR returns the number of bytes successfully encoded or a negative
+value if an error occurs. The error code can be obtained by
+\&\fIERR_get_error\fR\|(3).
+.PP
+\&\fIi2d_X509_bio()\fR and \fIi2d_X509_fp()\fR return 1 for success and 0 if an error
+occurs The error code can be obtained by \fIERR_get_error\fR\|(3).
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIERR_get_error\fR\|(3)
+.SH "HISTORY"
+.IX Header "HISTORY"
+d2i_X509, i2d_X509, d2i_X509_bio, d2i_X509_fp, i2d_X509_bio and i2d_X509_fp
+are available in all versions of SSLeay and OpenSSL.
diff --git a/secure/lib/libcrypto/man/d2i_X509_ALGOR.3 b/secure/lib/libcrypto/man/d2i_X509_ALGOR.3
new file mode 100644
index 0000000..4c4e298
--- /dev/null
+++ b/secure/lib/libcrypto/man/d2i_X509_ALGOR.3
@@ -0,0 +1,154 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "d2i_X509_ALGOR 3"
+.TH d2i_X509_ALGOR 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+d2i_X509_ALGOR, i2d_X509_ALGOR \- AlgorithmIdentifier functions.
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/x509.h>
+\&
+\& X509_ALGOR *d2i_X509_ALGOR(X509_ALGOR **a, unsigned char **pp, long length);
+\& int i2d_X509_ALGOR(X509_ALGOR *a, unsigned char **pp);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+These functions decode and encode an \fBX509_ALGOR\fR structure which is
+equivalent to the \fBAlgorithmIdentifier\fR structure.
+.PP
+Othewise these behave in a similar way to \fId2i_X509()\fR and \fIi2d_X509()\fR
+described in the \fId2i_X509\fR\|(3) manual page.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fId2i_X509\fR\|(3)
+.SH "HISTORY"
+.IX Header "HISTORY"
+\&\s-1TBA\s0
diff --git a/secure/lib/libcrypto/man/d2i_X509_CRL.3 b/secure/lib/libcrypto/man/d2i_X509_CRL.3
new file mode 100644
index 0000000..8b4de84
--- /dev/null
+++ b/secure/lib/libcrypto/man/d2i_X509_CRL.3
@@ -0,0 +1,161 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "d2i_X509_CRL 3"
+.TH d2i_X509_CRL 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+d2i_X509_CRL, i2d_X509_CRL, d2i_X509_CRL_bio, d2i_509_CRL_fp,
+i2d_X509_CRL_bio, i2d_X509_CRL_fp \- PKCS#10 certificate request functions.
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/x509.h>
+\&
+\& X509_CRL *d2i_X509_CRL(X509_CRL **a, const unsigned char **pp, long length);
+\& int i2d_X509_CRL(X509_CRL *a, unsigned char **pp);
+\&
+\& X509_CRL *d2i_X509_CRL_bio(BIO *bp, X509_CRL **x);
+\& X509_CRL *d2i_X509_CRL_fp(FILE *fp, X509_CRL **x);
+\&
+\& int i2d_X509_CRL_bio(BIO *bp, X509_CRL *x);
+\& int i2d_X509_CRL_fp(FILE *fp, X509_CRL *x);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+These functions decode and encode an X509 \s-1CRL\s0 (certificate revocation
+list).
+.PP
+Othewise the functions behave in a similar way to \fId2i_X509()\fR and \fIi2d_X509()\fR
+described in the \fId2i_X509\fR\|(3) manual page.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fId2i_X509\fR\|(3)
+.SH "HISTORY"
+.IX Header "HISTORY"
+\&\s-1TBA\s0
diff --git a/secure/lib/libcrypto/man/d2i_X509_NAME.3 b/secure/lib/libcrypto/man/d2i_X509_NAME.3
new file mode 100644
index 0000000..074c144
--- /dev/null
+++ b/secure/lib/libcrypto/man/d2i_X509_NAME.3
@@ -0,0 +1,155 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "d2i_X509_NAME 3"
+.TH d2i_X509_NAME 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+d2i_X509_NAME, i2d_X509_NAME \- X509_NAME encoding functions
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/x509.h>
+\&
+\& X509_NAME *d2i_X509_NAME(X509_NAME **a, unsigned char **pp, long length);
+\& int i2d_X509_NAME(X509_NAME *a, unsigned char **pp);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+These functions decode and encode an \fBX509_NAME\fR structure which is the
+the same as the \fBName\fR type defined in \s-1RFC2459\s0 (and elsewhere) and used
+for example in certificate subject and issuer names.
+.PP
+Othewise the functions behave in a similar way to \fId2i_X509()\fR and \fIi2d_X509()\fR
+described in the \fId2i_X509\fR\|(3) manual page.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fId2i_X509\fR\|(3)
+.SH "HISTORY"
+.IX Header "HISTORY"
+\&\s-1TBA\s0
diff --git a/secure/lib/libcrypto/man/d2i_X509_REQ.3 b/secure/lib/libcrypto/man/d2i_X509_REQ.3
new file mode 100644
index 0000000..8cffc57
--- /dev/null
+++ b/secure/lib/libcrypto/man/d2i_X509_REQ.3
@@ -0,0 +1,160 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "d2i_X509_REQ 3"
+.TH d2i_X509_REQ 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+d2i_X509_REQ, i2d_X509_REQ, d2i_X509_REQ_bio, d2i_X509_REQ_fp,
+i2d_X509_REQ_bio, i2d_X509_REQ_fp \- PKCS#10 certificate request functions.
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/x509.h>
+\&
+\& X509_REQ *d2i_X509_REQ(X509_REQ **a, const unsigned char **pp, long length);
+\& int i2d_X509_REQ(X509_REQ *a, unsigned char **pp);
+\&
+\& X509_REQ *d2i_X509_REQ_bio(BIO *bp, X509_REQ **x);
+\& X509_REQ *d2i_X509_REQ_fp(FILE *fp, X509_REQ **x);
+\&
+\& int i2d_X509_REQ_bio(BIO *bp, X509_REQ *x);
+\& int i2d_X509_REQ_fp(FILE *fp, X509_REQ *x);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+These functions decode and encode a PKCS#10 certificate request.
+.PP
+Othewise these behave in a similar way to \fId2i_X509()\fR and \fIi2d_X509()\fR
+described in the \fId2i_X509\fR\|(3) manual page.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fId2i_X509\fR\|(3)
+.SH "HISTORY"
+.IX Header "HISTORY"
+\&\s-1TBA\s0
diff --git a/secure/lib/libcrypto/man/d2i_X509_SIG.3 b/secure/lib/libcrypto/man/d2i_X509_SIG.3
new file mode 100644
index 0000000..f7e20b5
--- /dev/null
+++ b/secure/lib/libcrypto/man/d2i_X509_SIG.3
@@ -0,0 +1,154 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "d2i_X509_SIG 3"
+.TH d2i_X509_SIG 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+d2i_X509_SIG, i2d_X509_SIG \- DigestInfo functions.
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/x509.h>
+\&
+\& X509_SIG *d2i_X509_SIG(X509_SIG **a, unsigned char **pp, long length);
+\& int i2d_X509_SIG(X509_SIG *a, unsigned char **pp);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+These functions decode and encode an X509_SIG structure which is
+equivalent to the \fBDigestInfo\fR structure defined in PKCS#1 and PKCS#7.
+.PP
+Othewise these behave in a similar way to \fId2i_X509()\fR and \fIi2d_X509()\fR
+described in the \fId2i_X509\fR\|(3) manual page.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fId2i_X509\fR\|(3)
+.SH "HISTORY"
+.IX Header "HISTORY"
+\&\s-1TBA\s0
diff --git a/secure/lib/libcrypto/man/des.3 b/secure/lib/libcrypto/man/des.3
new file mode 100644
index 0000000..510fd18
--- /dev/null
+++ b/secure/lib/libcrypto/man/des.3
@@ -0,0 +1,478 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "des 3"
+.TH des 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+DES_random_key, DES_set_key, DES_key_sched, DES_set_key_checked,
+DES_set_key_unchecked, DES_set_odd_parity, DES_is_weak_key,
+DES_ecb_encrypt, DES_ecb2_encrypt, DES_ecb3_encrypt, DES_ncbc_encrypt,
+DES_cfb_encrypt, DES_ofb_encrypt, DES_pcbc_encrypt, DES_cfb64_encrypt,
+DES_ofb64_encrypt, DES_xcbc_encrypt, DES_ede2_cbc_encrypt,
+DES_ede2_cfb64_encrypt, DES_ede2_ofb64_encrypt, DES_ede3_cbc_encrypt,
+DES_ede3_cbcm_encrypt, DES_ede3_cfb64_encrypt, DES_ede3_ofb64_encrypt,
+DES_cbc_cksum, DES_quad_cksum, DES_string_to_key, DES_string_to_2keys,
+DES_fcrypt, DES_crypt, DES_enc_read, DES_enc_write \- DES encryption
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/des.h>
+\&
+\& void DES_random_key(DES_cblock *ret);
+\&
+\& int DES_set_key(const_DES_cblock *key, DES_key_schedule *schedule);
+\& int DES_key_sched(const_DES_cblock *key, DES_key_schedule *schedule);
+\& int DES_set_key_checked(const_DES_cblock *key,
+\& DES_key_schedule *schedule);
+\& void DES_set_key_unchecked(const_DES_cblock *key,
+\& DES_key_schedule *schedule);
+\&
+\& void DES_set_odd_parity(DES_cblock *key);
+\& int DES_is_weak_key(const_DES_cblock *key);
+\&
+\& void DES_ecb_encrypt(const_DES_cblock *input, DES_cblock *output,
+\& DES_key_schedule *ks, int enc);
+\& void DES_ecb2_encrypt(const_DES_cblock *input, DES_cblock *output,
+\& DES_key_schedule *ks1, DES_key_schedule *ks2, int enc);
+\& void DES_ecb3_encrypt(const_DES_cblock *input, DES_cblock *output,
+\& DES_key_schedule *ks1, DES_key_schedule *ks2,
+\& DES_key_schedule *ks3, int enc);
+\&
+\& void DES_ncbc_encrypt(const unsigned char *input, unsigned char *output,
+\& long length, DES_key_schedule *schedule, DES_cblock *ivec,
+\& int enc);
+\& void DES_cfb_encrypt(const unsigned char *in, unsigned char *out,
+\& int numbits, long length, DES_key_schedule *schedule,
+\& DES_cblock *ivec, int enc);
+\& void DES_ofb_encrypt(const unsigned char *in, unsigned char *out,
+\& int numbits, long length, DES_key_schedule *schedule,
+\& DES_cblock *ivec);
+\& void DES_pcbc_encrypt(const unsigned char *input, unsigned char *output,
+\& long length, DES_key_schedule *schedule, DES_cblock *ivec,
+\& int enc);
+\& void DES_cfb64_encrypt(const unsigned char *in, unsigned char *out,
+\& long length, DES_key_schedule *schedule, DES_cblock *ivec,
+\& int *num, int enc);
+\& void DES_ofb64_encrypt(const unsigned char *in, unsigned char *out,
+\& long length, DES_key_schedule *schedule, DES_cblock *ivec,
+\& int *num);
+\&
+\& void DES_xcbc_encrypt(const unsigned char *input, unsigned char *output,
+\& long length, DES_key_schedule *schedule, DES_cblock *ivec,
+\& const_DES_cblock *inw, const_DES_cblock *outw, int enc);
+\&
+\& void DES_ede2_cbc_encrypt(const unsigned char *input,
+\& unsigned char *output, long length, DES_key_schedule *ks1,
+\& DES_key_schedule *ks2, DES_cblock *ivec, int enc);
+\& void DES_ede2_cfb64_encrypt(const unsigned char *in,
+\& unsigned char *out, long length, DES_key_schedule *ks1,
+\& DES_key_schedule *ks2, DES_cblock *ivec, int *num, int enc);
+\& void DES_ede2_ofb64_encrypt(const unsigned char *in,
+\& unsigned char *out, long length, DES_key_schedule *ks1,
+\& DES_key_schedule *ks2, DES_cblock *ivec, int *num);
+\&
+\& void DES_ede3_cbc_encrypt(const unsigned char *input,
+\& unsigned char *output, long length, DES_key_schedule *ks1,
+\& DES_key_schedule *ks2, DES_key_schedule *ks3, DES_cblock *ivec,
+\& int enc);
+\& void DES_ede3_cbcm_encrypt(const unsigned char *in, unsigned char *out,
+\& long length, DES_key_schedule *ks1, DES_key_schedule *ks2,
+\& DES_key_schedule *ks3, DES_cblock *ivec1, DES_cblock *ivec2,
+\& int enc);
+\& void DES_ede3_cfb64_encrypt(const unsigned char *in, unsigned char *out,
+\& long length, DES_key_schedule *ks1, DES_key_schedule *ks2,
+\& DES_key_schedule *ks3, DES_cblock *ivec, int *num, int enc);
+\& void DES_ede3_ofb64_encrypt(const unsigned char *in, unsigned char *out,
+\& long length, DES_key_schedule *ks1,
+\& DES_key_schedule *ks2, DES_key_schedule *ks3,
+\& DES_cblock *ivec, int *num);
+\&
+\& DES_LONG DES_cbc_cksum(const unsigned char *input, DES_cblock *output,
+\& long length, DES_key_schedule *schedule,
+\& const_DES_cblock *ivec);
+\& DES_LONG DES_quad_cksum(const unsigned char *input, DES_cblock output[],
+\& long length, int out_count, DES_cblock *seed);
+\& void DES_string_to_key(const char *str, DES_cblock *key);
+\& void DES_string_to_2keys(const char *str, DES_cblock *key1,
+\& DES_cblock *key2);
+\&
+\& char *DES_fcrypt(const char *buf, const char *salt, char *ret);
+\& char *DES_crypt(const char *buf, const char *salt);
+\&
+\& int DES_enc_read(int fd, void *buf, int len, DES_key_schedule *sched,
+\& DES_cblock *iv);
+\& int DES_enc_write(int fd, const void *buf, int len,
+\& DES_key_schedule *sched, DES_cblock *iv);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+This library contains a fast implementation of the \s-1DES\s0 encryption
+algorithm.
+.PP
+There are two phases to the use of \s-1DES\s0 encryption. The first is the
+generation of a \fIDES_key_schedule\fR from a key, the second is the
+actual encryption. A \s-1DES\s0 key is of type \fIDES_cblock\fR. This type is
+consists of 8 bytes with odd parity. The least significant bit in
+each byte is the parity bit. The key schedule is an expanded form of
+the key; it is used to speed the encryption process.
+.PP
+\&\fIDES_random_key()\fR generates a random key. The \s-1PRNG\s0 must be seeded
+prior to using this function (see \fIrand\fR\|(3)). If the \s-1PRNG\s0
+could not generate a secure key, 0 is returned.
+.PP
+Before a \s-1DES\s0 key can be used, it must be converted into the
+architecture dependent \fIDES_key_schedule\fR via the
+\&\fIDES_set_key_checked()\fR or \fIDES_set_key_unchecked()\fR function.
+.PP
+\&\fIDES_set_key_checked()\fR will check that the key passed is of odd parity
+and is not a week or semi-weak key. If the parity is wrong, then \-1
+is returned. If the key is a weak key, then \-2 is returned. If an
+error is returned, the key schedule is not generated.
+.PP
+\&\fIDES_set_key()\fR works like
+\&\fIDES_set_key_checked()\fR if the \fIDES_check_key\fR flag is non-zero,
+otherwise like \fIDES_set_key_unchecked()\fR. These functions are available
+for compatibility; it is recommended to use a function that does not
+depend on a global variable.
+.PP
+\&\fIDES_set_odd_parity()\fR sets the parity of the passed \fIkey\fR to odd.
+.PP
+\&\fIDES_is_weak_key()\fR returns 1 is the passed key is a weak key, 0 if it
+is ok. The probability that a randomly generated key is weak is
+1/2^52, so it is not really worth checking for them.
+.PP
+The following routines mostly operate on an input and output stream of
+\&\fIDES_cblock\fRs.
+.PP
+\&\fIDES_ecb_encrypt()\fR is the basic \s-1DES\s0 encryption routine that encrypts or
+decrypts a single 8\-byte \fIDES_cblock\fR in \fIelectronic code book\fR
+(\s-1ECB\s0) mode. It always transforms the input data, pointed to by
+\&\fIinput\fR, into the output data, pointed to by the \fIoutput\fR argument.
+If the \fIencrypt\fR argument is non-zero (\s-1DES_ENCRYPT\s0), the \fIinput\fR
+(cleartext) is encrypted in to the \fIoutput\fR (ciphertext) using the
+key_schedule specified by the \fIschedule\fR argument, previously set via
+\&\fIDES_set_key\fR. If \fIencrypt\fR is zero (\s-1DES_DECRYPT\s0), the \fIinput\fR (now
+ciphertext) is decrypted into the \fIoutput\fR (now cleartext). Input
+and output may overlap. \fIDES_ecb_encrypt()\fR does not return a value.
+.PP
+\&\fIDES_ecb3_encrypt()\fR encrypts/decrypts the \fIinput\fR block by using
+three-key Triple-DES encryption in \s-1ECB\s0 mode. This involves encrypting
+the input with \fIks1\fR, decrypting with the key schedule \fIks2\fR, and
+then encrypting with \fIks3\fR. This routine greatly reduces the chances
+of brute force breaking of \s-1DES\s0 and has the advantage of if \fIks1\fR,
+\&\fIks2\fR and \fIks3\fR are the same, it is equivalent to just encryption
+using \s-1ECB\s0 mode and \fIks1\fR as the key.
+.PP
+The macro \fIDES_ecb2_encrypt()\fR is provided to perform two-key Triple-DES
+encryption by using \fIks1\fR for the final encryption.
+.PP
+\&\fIDES_ncbc_encrypt()\fR encrypts/decrypts using the \fIcipher-block-chaining\fR
+(\s-1CBC\s0) mode of \s-1DES\s0. If the \fIencrypt\fR argument is non-zero, the
+routine cipher-block-chain encrypts the cleartext data pointed to by
+the \fIinput\fR argument into the ciphertext pointed to by the \fIoutput\fR
+argument, using the key schedule provided by the \fIschedule\fR argument,
+and initialization vector provided by the \fIivec\fR argument. If the
+\&\fIlength\fR argument is not an integral multiple of eight bytes, the
+last block is copied to a temporary area and zero filled. The output
+is always an integral multiple of eight bytes.
+.PP
+\&\fIDES_xcbc_encrypt()\fR is \s-1RSA\s0's \s-1DESX\s0 mode of \s-1DES\s0. It uses \fIinw\fR and
+\&\fIoutw\fR to 'whiten' the encryption. \fIinw\fR and \fIoutw\fR are secret
+(unlike the iv) and are as such, part of the key. So the key is sort
+of 24 bytes. This is much better than \s-1CBC\s0 \s-1DES\s0.
+.PP
+\&\fIDES_ede3_cbc_encrypt()\fR implements outer triple \s-1CBC\s0 \s-1DES\s0 encryption with
+three keys. This means that each \s-1DES\s0 operation inside the \s-1CBC\s0 mode is
+really an \f(CW\*(C`C=E(ks3,D(ks2,E(ks1,M)))\*(C'\fR. This mode is used by \s-1SSL\s0.
+.PP
+The \fIDES_ede2_cbc_encrypt()\fR macro implements two-key Triple-DES by
+reusing \fIks1\fR for the final encryption. \f(CW\*(C`C=E(ks1,D(ks2,E(ks1,M)))\*(C'\fR.
+This form of Triple-DES is used by the \s-1RSAREF\s0 library.
+.PP
+\&\fIDES_pcbc_encrypt()\fR encrypt/decrypts using the propagating cipher block
+chaining mode used by Kerberos v4. Its parameters are the same as
+\&\fIDES_ncbc_encrypt()\fR.
+.PP
+\&\fIDES_cfb_encrypt()\fR encrypt/decrypts using cipher feedback mode. This
+method takes an array of characters as input and outputs and array of
+characters. It does not require any padding to 8 character groups.
+Note: the \fIivec\fR variable is changed and the new changed value needs to
+be passed to the next call to this function. Since this function runs
+a complete \s-1DES\s0 \s-1ECB\s0 encryption per \fInumbits\fR, this function is only
+suggested for use when sending small numbers of characters.
+.PP
+\&\fIDES_cfb64_encrypt()\fR
+implements \s-1CFB\s0 mode of \s-1DES\s0 with 64bit feedback. Why is this
+useful you ask? Because this routine will allow you to encrypt an
+arbitrary number of bytes, no 8 byte padding. Each call to this
+routine will encrypt the input bytes to output and then update ivec
+and num. num contains 'how far' we are though ivec. If this does
+not make much sense, read more about cfb mode of \s-1DES\s0 :\-).
+.PP
+\&\fIDES_ede3_cfb64_encrypt()\fR and \fIDES_ede2_cfb64_encrypt()\fR is the same as
+\&\fIDES_cfb64_encrypt()\fR except that Triple-DES is used.
+.PP
+\&\fIDES_ofb_encrypt()\fR encrypts using output feedback mode. This method
+takes an array of characters as input and outputs and array of
+characters. It does not require any padding to 8 character groups.
+Note: the \fIivec\fR variable is changed and the new changed value needs to
+be passed to the next call to this function. Since this function runs
+a complete \s-1DES\s0 \s-1ECB\s0 encryption per numbits, this function is only
+suggested for use when sending small numbers of characters.
+.PP
+\&\fIDES_ofb64_encrypt()\fR is the same as \fIDES_cfb64_encrypt()\fR using Output
+Feed Back mode.
+.PP
+\&\fIDES_ede3_ofb64_encrypt()\fR and \fIDES_ede2_ofb64_encrypt()\fR is the same as
+\&\fIDES_ofb64_encrypt()\fR, using Triple-DES.
+.PP
+The following functions are included in the \s-1DES\s0 library for
+compatibility with the \s-1MIT\s0 Kerberos library.
+.PP
+\&\fIDES_cbc_cksum()\fR produces an 8 byte checksum based on the input stream
+(via \s-1CBC\s0 encryption). The last 4 bytes of the checksum are returned
+and the complete 8 bytes are placed in \fIoutput\fR. This function is
+used by Kerberos v4. Other applications should use
+\&\fIEVP_DigestInit\fR\|(3) etc. instead.
+.PP
+\&\fIDES_quad_cksum()\fR is a Kerberos v4 function. It returns a 4 byte
+checksum from the input bytes. The algorithm can be iterated over the
+input, depending on \fIout_count\fR, 1, 2, 3 or 4 times. If \fIoutput\fR is
+non-NULL, the 8 bytes generated by each pass are written into
+\&\fIoutput\fR.
+.PP
+The following are DES-based transformations:
+.PP
+\&\fIDES_fcrypt()\fR is a fast version of the Unix \fIcrypt\fR\|(3) function. This
+version takes only a small amount of space relative to other fast
+\&\fIcrypt()\fR implementations. This is different to the normal crypt in
+that the third parameter is the buffer that the return value is
+written into. It needs to be at least 14 bytes long. This function
+is thread safe, unlike the normal crypt.
+.PP
+\&\fIDES_crypt()\fR is a faster replacement for the normal system \fIcrypt()\fR.
+This function calls \fIDES_fcrypt()\fR with a static array passed as the
+third parameter. This emulates the normal non-thread safe semantics
+of \fIcrypt\fR\|(3).
+.PP
+\&\fIDES_enc_write()\fR writes \fIlen\fR bytes to file descriptor \fIfd\fR from
+buffer \fIbuf\fR. The data is encrypted via \fIpcbc_encrypt\fR (default)
+using \fIsched\fR for the key and \fIiv\fR as a starting vector. The actual
+data send down \fIfd\fR consists of 4 bytes (in network byte order)
+containing the length of the following encrypted data. The encrypted
+data then follows, padded with random data out to a multiple of 8
+bytes.
+.PP
+\&\fIDES_enc_read()\fR is used to read \fIlen\fR bytes from file descriptor
+\&\fIfd\fR into buffer \fIbuf\fR. The data being read from \fIfd\fR is assumed to
+have come from \fIDES_enc_write()\fR and is decrypted using \fIsched\fR for
+the key schedule and \fIiv\fR for the initial vector.
+.PP
+\&\fBWarning:\fR The data format used by \fIDES_enc_write()\fR and \fIDES_enc_read()\fR
+has a cryptographic weakness: When asked to write more than \s-1MAXWRITE\s0
+bytes, \fIDES_enc_write()\fR will split the data into several chunks that
+are all encrypted using the same \s-1IV\s0. So don't use these functions
+unless you are sure you know what you do (in which case you might not
+want to use them anyway). They cannot handle non-blocking sockets.
+\&\fIDES_enc_read()\fR uses an internal state and thus cannot be used on
+multiple files.
+.PP
+\&\fIDES_rw_mode\fR is used to specify the encryption mode to use with
+\&\fIDES_enc_read()\fR and \fIDES_end_write()\fR. If set to \fI\s-1DES_PCBC_MODE\s0\fR (the
+default), DES_pcbc_encrypt is used. If set to \fI\s-1DES_CBC_MODE\s0\fR
+DES_cbc_encrypt is used.
+.SH "NOTES"
+.IX Header "NOTES"
+Single-key \s-1DES\s0 is insecure due to its short key size. \s-1ECB\s0 mode is
+not suitable for most applications; see \fIdes_modes\fR\|(7).
+.PP
+The \fIevp\fR\|(3) library provides higher-level encryption functions.
+.SH "BUGS"
+.IX Header "BUGS"
+\&\fIDES_3cbc_encrypt()\fR is flawed and must not be used in applications.
+.PP
+\&\fIDES_cbc_encrypt()\fR does not modify \fBivec\fR; use \fIDES_ncbc_encrypt()\fR
+instead.
+.PP
+\&\fIDES_cfb_encrypt()\fR and \fIDES_ofb_encrypt()\fR operates on input of 8 bits.
+What this means is that if you set numbits to 12, and length to 2, the
+first 12 bits will come from the 1st input byte and the low half of
+the second input byte. The second 12 bits will have the low 8 bits
+taken from the 3rd input byte and the top 4 bits taken from the 4th
+input byte. The same holds for output. This function has been
+implemented this way because most people will be using a multiple of 8
+and because once you get into pulling bytes input bytes apart things
+get ugly!
+.PP
+\&\fIDES_string_to_key()\fR is available for backward compatibility with the
+\&\s-1MIT\s0 library. New applications should use a cryptographic hash function.
+The same applies for \fIDES_string_to_2key()\fR.
+.SH "CONFORMING TO"
+.IX Header "CONFORMING TO"
+\&\s-1ANSI\s0 X3.106
+.PP
+The \fBdes\fR library was written to be source code compatible with
+the \s-1MIT\s0 Kerberos library.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIcrypt\fR\|(3), \fIdes_modes\fR\|(7), \fIevp\fR\|(3), \fIrand\fR\|(3)
+.SH "HISTORY"
+.IX Header "HISTORY"
+In OpenSSL 0.9.7, all des_ functions were renamed to \s-1DES_\s0 to avoid
+clashes with older versions of libdes. Compatibility des_ functions
+are provided for a short while, as well as \fIcrypt()\fR.
+Declarations for these are in <openssl/des_old.h>. There is no \s-1DES_\s0
+variant for \fIdes_random_seed()\fR.
+This will happen to other functions
+as well if they are deemed redundant (\fIdes_random_seed()\fR just calls
+\&\fIRAND_seed()\fR and is present for backward compatibility only), buggy or
+already scheduled for removal.
+.PP
+\&\fIdes_cbc_cksum()\fR, \fIdes_cbc_encrypt()\fR, \fIdes_ecb_encrypt()\fR,
+\&\fIdes_is_weak_key()\fR, \fIdes_key_sched()\fR, \fIdes_pcbc_encrypt()\fR,
+\&\fIdes_quad_cksum()\fR, \fIdes_random_key()\fR and \fIdes_string_to_key()\fR
+are available in the \s-1MIT\s0 Kerberos library;
+\&\fIdes_check_key_parity()\fR, \fIdes_fixup_key_parity()\fR and \fIdes_is_weak_key()\fR
+are available in newer versions of that library.
+.PP
+\&\fIdes_set_key_checked()\fR and \fIdes_set_key_unchecked()\fR were added in
+OpenSSL 0.9.5.
+.PP
+\&\fIdes_generate_random_block()\fR, \fIdes_init_random_number_generator()\fR,
+\&\fIdes_new_random_key()\fR, \fIdes_set_random_generator_seed()\fR and
+\&\fIdes_set_sequence_number()\fR and \fIdes_rand_data()\fR are used in newer
+versions of Kerberos but are not implemented here.
+.PP
+\&\fIdes_random_key()\fR generated cryptographically weak random data in
+SSLeay and in OpenSSL prior version 0.9.5, as well as in the original
+\&\s-1MIT\s0 library.
+.SH "AUTHOR"
+.IX Header "AUTHOR"
+Eric Young (eay@cryptsoft.com). Modified for the OpenSSL project
+(http://www.openssl.org).
diff --git a/secure/lib/libcrypto/man/des_modes.3 b/secure/lib/libcrypto/man/des_modes.3
new file mode 100644
index 0000000..788e0e8
--- /dev/null
+++ b/secure/lib/libcrypto/man/des_modes.3
@@ -0,0 +1,290 @@
+.\" Automatically generated by Pod::Man version 1.15
+.\" Mon Jan 13 19:29:14 2003
+.\"
+.\" Standard preamble:
+.\" ======================================================================
+.de Sh \" Subsection heading
+.br
+.if t .Sp
+.ne 5
+.PP
+\fB\\$1\fR
+.PP
+..
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Ip \" List item
+.br
+.ie \\n(.$>=3 .ne \\$3
+.el .ne 3
+.IP "\\$1" \\$2
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. | will give a
+.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used
+.\" to do unbreakable dashes and therefore won't be available. \*(C` and
+.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<>
+.tr \(*W-|\(bv\*(Tr
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr
+.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and
+.\" index entries marked with X<> in POD. Of course, you'll have to process
+.\" the output yourself in some meaningful fashion.
+.if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.\"
+.\" For nroff, turn off justification. Always turn off hyphenation; it
+.\" makes way too many mistakes in technical documents.
+.hy 0
+.if n .na
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+.bd B 3
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ======================================================================
+.\"
+.IX Title "des_modes 3"
+.TH des_modes 3 "0.9.7" "2003-01-13" "OpenSSL"
+.UC
+.SH "NAME"
+Modes of \s-1DES\s0 \- the variants of \s-1DES\s0 and other crypto algorithms of OpenSSL
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+Several crypto algorithms for OpenSSL can be used in a number of modes. Those
+are used for using block ciphers in a way similar to stream ciphers, among
+other things.
+.SH "OVERVIEW"
+.IX Header "OVERVIEW"
+.Sh "Electronic Codebook Mode (\s-1ECB\s0)"
+.IX Subsection "Electronic Codebook Mode (ECB)"
+Normally, this is found as the function \fIalgorithm\fR\fI_ecb_encrypt()\fR.
+.Ip "\(bu" 2
+64 bits are enciphered at a time.
+.Ip "\(bu" 2
+The order of the blocks can be rearranged without detection.
+.Ip "\(bu" 2
+The same plaintext block always produces the same ciphertext block
+(for the same key) making it vulnerable to a 'dictionary attack'.
+.Ip "\(bu" 2
+An error will only affect one ciphertext block.
+.Sh "Cipher Block Chaining Mode (\s-1CBC\s0)"
+.IX Subsection "Cipher Block Chaining Mode (CBC)"
+Normally, this is found as the function \fIalgorithm\fR\fI_cbc_encrypt()\fR.
+Be aware that \fIdes_cbc_encrypt()\fR is not really \s-1DES\s0 \s-1CBC\s0 (it does
+not update the \s-1IV\s0); use \fIdes_ncbc_encrypt()\fR instead.
+.Ip "\(bu" 2
+a multiple of 64 bits are enciphered at a time.
+.Ip "\(bu" 2
+The \s-1CBC\s0 mode produces the same ciphertext whenever the same
+plaintext is encrypted using the same key and starting variable.
+.Ip "\(bu" 2
+The chaining operation makes the ciphertext blocks dependent on the
+current and all preceding plaintext blocks and therefore blocks can not
+be rearranged.
+.Ip "\(bu" 2
+The use of different starting variables prevents the same plaintext
+enciphering to the same ciphertext.
+.Ip "\(bu" 2
+An error will affect the current and the following ciphertext blocks.
+.Sh "Cipher Feedback Mode (\s-1CFB\s0)"
+.IX Subsection "Cipher Feedback Mode (CFB)"
+Normally, this is found as the function \fIalgorithm\fR\fI_cfb_encrypt()\fR.
+.Ip "\(bu" 2
+a number of bits (j) <= 64 are enciphered at a time.
+.Ip "\(bu" 2
+The \s-1CFB\s0 mode produces the same ciphertext whenever the same
+plaintext is encrypted using the same key and starting variable.
+.Ip "\(bu" 2
+The chaining operation makes the ciphertext variables dependent on the
+current and all preceding variables and therefore j-bit variables are
+chained together and can not be rearranged.
+.Ip "\(bu" 2
+The use of different starting variables prevents the same plaintext
+enciphering to the same ciphertext.
+.Ip "\(bu" 2
+The strength of the \s-1CFB\s0 mode depends on the size of k (maximal if
+j == k). In my implementation this is always the case.
+.Ip "\(bu" 2
+Selection of a small value for j will require more cycles through
+the encipherment algorithm per unit of plaintext and thus cause
+greater processing overheads.
+.Ip "\(bu" 2
+Only multiples of j bits can be enciphered.
+.Ip "\(bu" 2
+An error will affect the current and the following ciphertext variables.
+.Sh "Output Feedback Mode (\s-1OFB\s0)"
+.IX Subsection "Output Feedback Mode (OFB)"
+Normally, this is found as the function \fIalgorithm\fR\fI_ofb_encrypt()\fR.
+.Ip "\(bu" 2
+a number of bits (j) <= 64 are enciphered at a time.
+.Ip "\(bu" 2
+The \s-1OFB\s0 mode produces the same ciphertext whenever the same
+plaintext enciphered using the same key and starting variable. More
+over, in the \s-1OFB\s0 mode the same key stream is produced when the same
+key and start variable are used. Consequently, for security reasons
+a specific start variable should be used only once for a given key.
+.Ip "\(bu" 2
+The absence of chaining makes the \s-1OFB\s0 more vulnerable to specific attacks.
+.Ip "\(bu" 2
+The use of different start variables values prevents the same
+plaintext enciphering to the same ciphertext, by producing different
+key streams.
+.Ip "\(bu" 2
+Selection of a small value for j will require more cycles through
+the encipherment algorithm per unit of plaintext and thus cause
+greater processing overheads.
+.Ip "\(bu" 2
+Only multiples of j bits can be enciphered.
+.Ip "\(bu" 2
+\&\s-1OFB\s0 mode of operation does not extend ciphertext errors in the
+resultant plaintext output. Every bit error in the ciphertext causes
+only one bit to be in error in the deciphered plaintext.
+.Ip "\(bu" 2
+\&\s-1OFB\s0 mode is not self-synchronizing. If the two operation of
+encipherment and decipherment get out of synchronism, the system needs
+to be re-initialized.
+.Ip "\(bu" 2
+Each re-initialization should use a value of the start variable
+different from the start variable values used before with the same
+key. The reason for this is that an identical bit stream would be
+produced each time from the same parameters. This would be
+susceptible to a 'known plaintext' attack.
+.Sh "Triple \s-1ECB\s0 Mode"
+.IX Subsection "Triple ECB Mode"
+Normally, this is found as the function \fIalgorithm\fR\fI_ecb3_encrypt()\fR.
+.Ip "\(bu" 2
+Encrypt with key1, decrypt with key2 and encrypt with key3 again.
+.Ip "\(bu" 2
+As for \s-1ECB\s0 encryption but increases the key length to 168 bits.
+There are theoretic attacks that can be used that make the effective
+key length 112 bits, but this attack also requires 2^56 blocks of
+memory, not very likely, even for the \s-1NSA\s0.
+.Ip "\(bu" 2
+If both keys are the same it is equivalent to encrypting once with
+just one key.
+.Ip "\(bu" 2
+If the first and last key are the same, the key length is 112 bits.
+There are attacks that could reduce the effective key strength
+to only slightly more than 56 bits, but these require a lot of memory.
+.Ip "\(bu" 2
+If all 3 keys are the same, this is effectively the same as normal
+ecb mode.
+.Sh "Triple \s-1CBC\s0 Mode"
+.IX Subsection "Triple CBC Mode"
+Normally, this is found as the function \fIalgorithm\fR\fI_ede3_cbc_encrypt()\fR.
+.Ip "\(bu" 2
+Encrypt with key1, decrypt with key2 and then encrypt with key3.
+.Ip "\(bu" 2
+As for \s-1CBC\s0 encryption but increases the key length to 168 bits with
+the same restrictions as for triple ecb mode.
+.SH "NOTES"
+.IX Header "NOTES"
+This text was been written in large parts by Eric Young in his original
+documentation for SSLeay, the predecessor of OpenSSL. In turn, he attributed
+it to:
+.PP
+.Vb 5
+\& AS 2805.5.2
+\& Australian Standard
+\& Electronic funds transfer - Requirements for interfaces,
+\& Part 5.2: Modes of operation for an n-bit block cipher algorithm
+\& Appendix A
+.Ve
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+blowfish(3), des(3), idea(3),
+rc2(3)
diff --git a/secure/lib/libcrypto/man/dh.3 b/secure/lib/libcrypto/man/dh.3
new file mode 100644
index 0000000..19bc676
--- /dev/null
+++ b/secure/lib/libcrypto/man/dh.3
@@ -0,0 +1,205 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "dh 3"
+.TH dh 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+dh \- Diffie\-Hellman key agreement
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 2
+\& #include <openssl/dh.h>
+\& #include <openssl/engine.h>
+\&
+\& DH * DH_new(void);
+\& void DH_free(DH *dh);
+\&
+\& int DH_size(const DH *dh);
+\&
+\& DH * DH_generate_parameters(int prime_len, int generator,
+\& void (*callback)(int, int, void *), void *cb_arg);
+\& int DH_check(const DH *dh, int *codes);
+\&
+\& int DH_generate_key(DH *dh);
+\& int DH_compute_key(unsigned char *key, BIGNUM *pub_key, DH *dh);
+\&
+\& void DH_set_default_method(const DH_METHOD *meth);
+\& const DH_METHOD *DH_get_default_method(void);
+\& int DH_set_method(DH *dh, const DH_METHOD *meth);
+\& DH *DH_new_method(ENGINE *engine);
+\& const DH_METHOD *DH_OpenSSL(void);
+\&
+\& int DH_get_ex_new_index(long argl, char *argp, int (*new_func)(),
+\& int (*dup_func)(), void (*free_func)());
+\& int DH_set_ex_data(DH *d, int idx, char *arg);
+\& char *DH_get_ex_data(DH *d, int idx);
+\&
+\& DH * d2i_DHparams(DH **a, unsigned char **pp, long length);
+\& int i2d_DHparams(const DH *a, unsigned char **pp);
+\&
+\& int DHparams_print_fp(FILE *fp, const DH *x);
+\& int DHparams_print(BIO *bp, const DH *x);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+These functions implement the Diffie-Hellman key agreement protocol.
+The generation of shared \s-1DH\s0 parameters is described in
+\&\fIDH_generate_parameters\fR\|(3); \fIDH_generate_key\fR\|(3) describes how
+to perform a key agreement.
+.PP
+The \fB\s-1DH\s0\fR structure consists of several \s-1BIGNUM\s0 components.
+.PP
+.Vb 9
+\& struct
+\& {
+\& BIGNUM *p; // prime number (shared)
+\& BIGNUM *g; // generator of Z_p (shared)
+\& BIGNUM *priv_key; // private DH value x
+\& BIGNUM *pub_key; // public DH value g^x
+\& // ...
+\& };
+\& DH
+.Ve
+.PP
+Note that \s-1DH\s0 keys may use non-standard \fB\s-1DH_METHOD\s0\fR implementations,
+either directly or by the use of \fB\s-1ENGINE\s0\fR modules. In some cases (eg. an
+\&\s-1ENGINE\s0 providing support for hardware-embedded keys), these \s-1BIGNUM\s0 values
+will not be used by the implementation or may be used for alternative data
+storage. For this reason, applications should generally avoid using \s-1DH\s0
+structure elements directly and instead use \s-1API\s0 functions to query or
+modify keys.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIdhparam\fR\|(1), \fIbn\fR\|(3), \fIdsa\fR\|(3), \fIerr\fR\|(3),
+\&\fIrand\fR\|(3), \fIrsa\fR\|(3), \fIengine\fR\|(3),
+\&\fIDH_set_method\fR\|(3), \fIDH_new\fR\|(3),
+\&\fIDH_get_ex_new_index\fR\|(3),
+\&\fIDH_generate_parameters\fR\|(3),
+\&\fIDH_compute_key\fR\|(3), \fId2i_DHparams\fR\|(3),
+\&\fIRSA_print\fR\|(3)
diff --git a/secure/lib/libcrypto/man/dsa.3 b/secure/lib/libcrypto/man/dsa.3
new file mode 100644
index 0000000..80259da
--- /dev/null
+++ b/secure/lib/libcrypto/man/dsa.3
@@ -0,0 +1,240 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "dsa 3"
+.TH dsa 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+dsa \- Digital Signature Algorithm
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 2
+\& #include <openssl/dsa.h>
+\& #include <openssl/engine.h>
+\&
+\& DSA * DSA_new(void);
+\& void DSA_free(DSA *dsa);
+\&
+\& int DSA_size(const DSA *dsa);
+\&
+\& DSA * DSA_generate_parameters(int bits, unsigned char *seed,
+\& int seed_len, int *counter_ret, unsigned long *h_ret,
+\& void (*callback)(int, int, void *), void *cb_arg);
+\&
+\& DH * DSA_dup_DH(const DSA *r);
+\&
+\& int DSA_generate_key(DSA *dsa);
+\&
+\& int DSA_sign(int dummy, const unsigned char *dgst, int len,
+\& unsigned char *sigret, unsigned int *siglen, DSA *dsa);
+\& int DSA_sign_setup(DSA *dsa, BN_CTX *ctx, BIGNUM **kinvp,
+\& BIGNUM **rp);
+\& int DSA_verify(int dummy, const unsigned char *dgst, int len,
+\& const unsigned char *sigbuf, int siglen, DSA *dsa);
+\&
+\& void DSA_set_default_method(const DSA_METHOD *meth);
+\& const DSA_METHOD *DSA_get_default_method(void);
+\& int DSA_set_method(DSA *dsa, const DSA_METHOD *meth);
+\& DSA *DSA_new_method(ENGINE *engine);
+\& const DSA_METHOD *DSA_OpenSSL(void);
+\&
+\& int DSA_get_ex_new_index(long argl, char *argp, int (*new_func)(),
+\& int (*dup_func)(), void (*free_func)());
+\& int DSA_set_ex_data(DSA *d, int idx, char *arg);
+\& char *DSA_get_ex_data(DSA *d, int idx);
+\&
+\& DSA_SIG *DSA_SIG_new(void);
+\& void DSA_SIG_free(DSA_SIG *a);
+\& int i2d_DSA_SIG(const DSA_SIG *a, unsigned char **pp);
+\& DSA_SIG *d2i_DSA_SIG(DSA_SIG **v, unsigned char **pp, long length);
+\&
+\& DSA_SIG *DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa);
+\& int DSA_do_verify(const unsigned char *dgst, int dgst_len,
+\& DSA_SIG *sig, DSA *dsa);
+\&
+\& DSA * d2i_DSAPublicKey(DSA **a, unsigned char **pp, long length);
+\& DSA * d2i_DSAPrivateKey(DSA **a, unsigned char **pp, long length);
+\& DSA * d2i_DSAparams(DSA **a, unsigned char **pp, long length);
+\& int i2d_DSAPublicKey(const DSA *a, unsigned char **pp);
+\& int i2d_DSAPrivateKey(const DSA *a, unsigned char **pp);
+\& int i2d_DSAparams(const DSA *a,unsigned char **pp);
+\&
+\& int DSAparams_print(BIO *bp, const DSA *x);
+\& int DSAparams_print_fp(FILE *fp, const DSA *x);
+\& int DSA_print(BIO *bp, const DSA *x, int off);
+\& int DSA_print_fp(FILE *bp, const DSA *x, int off);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+These functions implement the Digital Signature Algorithm (\s-1DSA\s0). The
+generation of shared \s-1DSA\s0 parameters is described in
+\&\fIDSA_generate_parameters\fR\|(3);
+\&\fIDSA_generate_key\fR\|(3) describes how to
+generate a signature key. Signature generation and verification are
+described in \fIDSA_sign\fR\|(3).
+.PP
+The \fB\s-1DSA\s0\fR structure consists of several \s-1BIGNUM\s0 components.
+.PP
+.Vb 10
+\& struct
+\& {
+\& BIGNUM *p; // prime number (public)
+\& BIGNUM *q; // 160\-bit subprime, q | p\-1 (public)
+\& BIGNUM *g; // generator of subgroup (public)
+\& BIGNUM *priv_key; // private key x
+\& BIGNUM *pub_key; // public key y = g^x
+\& // ...
+\& }
+\& DSA;
+.Ve
+.PP
+In public keys, \fBpriv_key\fR is \s-1NULL\s0.
+.PP
+Note that \s-1DSA\s0 keys may use non-standard \fB\s-1DSA_METHOD\s0\fR implementations,
+either directly or by the use of \fB\s-1ENGINE\s0\fR modules. In some cases (eg. an
+\&\s-1ENGINE\s0 providing support for hardware-embedded keys), these \s-1BIGNUM\s0 values
+will not be used by the implementation or may be used for alternative data
+storage. For this reason, applications should generally avoid using \s-1DSA\s0
+structure elements directly and instead use \s-1API\s0 functions to query or
+modify keys.
+.SH "CONFORMING TO"
+.IX Header "CONFORMING TO"
+\&\s-1US\s0 Federal Information Processing Standard \s-1FIPS\s0 186 (Digital Signature
+Standard, \s-1DSS\s0), \s-1ANSI\s0 X9.30
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIbn\fR\|(3), \fIdh\fR\|(3), \fIerr\fR\|(3), \fIrand\fR\|(3),
+\&\fIrsa\fR\|(3), \fIsha\fR\|(3), \fIengine\fR\|(3),
+\&\fIDSA_new\fR\|(3),
+\&\fIDSA_size\fR\|(3),
+\&\fIDSA_generate_parameters\fR\|(3),
+\&\fIDSA_dup_DH\fR\|(3),
+\&\fIDSA_generate_key\fR\|(3),
+\&\fIDSA_sign\fR\|(3), \fIDSA_set_method\fR\|(3),
+\&\fIDSA_get_ex_new_index\fR\|(3),
+\&\fIRSA_print\fR\|(3)
diff --git a/secure/lib/libcrypto/man/ecdsa.3 b/secure/lib/libcrypto/man/ecdsa.3
new file mode 100644
index 0000000..d048a87
--- /dev/null
+++ b/secure/lib/libcrypto/man/ecdsa.3
@@ -0,0 +1,344 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "ecdsa 3"
+.TH ecdsa 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+ecdsa \- Elliptic Curve Digital Signature Algorithm
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/ecdsa.h>
+\&
+\& ECDSA_SIG* ECDSA_SIG_new(void);
+\& void ECDSA_SIG_free(ECDSA_SIG *sig);
+\& int i2d_ECDSA_SIG(const ECDSA_SIG *sig, unsigned char **pp);
+\& ECDSA_SIG* d2i_ECDSA_SIG(ECDSA_SIG **sig, const unsigned char **pp,
+\& long len);
+\&
+\& ECDSA_SIG* ECDSA_do_sign(const unsigned char *dgst, int dgst_len,
+\& EC_KEY *eckey);
+\& ECDSA_SIG* ECDSA_do_sign_ex(const unsigned char *dgst, int dgstlen,
+\& const BIGNUM *kinv, const BIGNUM *rp,
+\& EC_KEY *eckey);
+\& int ECDSA_do_verify(const unsigned char *dgst, int dgst_len,
+\& const ECDSA_SIG *sig, EC_KEY* eckey);
+\& int ECDSA_sign_setup(EC_KEY *eckey, BN_CTX *ctx,
+\& BIGNUM **kinv, BIGNUM **rp);
+\& int ECDSA_sign(int type, const unsigned char *dgst,
+\& int dgstlen, unsigned char *sig,
+\& unsigned int *siglen, EC_KEY *eckey);
+\& int ECDSA_sign_ex(int type, const unsigned char *dgst,
+\& int dgstlen, unsigned char *sig,
+\& unsigned int *siglen, const BIGNUM *kinv,
+\& const BIGNUM *rp, EC_KEY *eckey);
+\& int ECDSA_verify(int type, const unsigned char *dgst,
+\& int dgstlen, const unsigned char *sig,
+\& int siglen, EC_KEY *eckey);
+\& int ECDSA_size(const EC_KEY *eckey);
+\&
+\& const ECDSA_METHOD* ECDSA_OpenSSL(void);
+\& void ECDSA_set_default_method(const ECDSA_METHOD *meth);
+\& const ECDSA_METHOD* ECDSA_get_default_method(void);
+\& int ECDSA_set_method(EC_KEY *eckey,const ECDSA_METHOD *meth);
+\&
+\& int ECDSA_get_ex_new_index(long argl, void *argp,
+\& CRYPTO_EX_new *new_func,
+\& CRYPTO_EX_dup *dup_func,
+\& CRYPTO_EX_free *free_func);
+\& int ECDSA_set_ex_data(EC_KEY *d, int idx, void *arg);
+\& void* ECDSA_get_ex_data(EC_KEY *d, int idx);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+The \fB\s-1ECDSA_SIG\s0\fR structure consists of two BIGNUMs for the
+r and s value of a \s-1ECDSA\s0 signature (see X9.62 or \s-1FIPS\s0 186\-2).
+.PP
+.Vb 5
+\& struct
+\& {
+\& BIGNUM *r;
+\& BIGNUM *s;
+\& } ECDSA_SIG;
+.Ve
+.PP
+\&\fIECDSA_SIG_new()\fR allocates a new \fB\s-1ECDSA_SIG\s0\fR structure (note: this
+function also allocates the BIGNUMs) and initialize it.
+.PP
+\&\fIECDSA_SIG_free()\fR frees the \fB\s-1ECDSA_SIG\s0\fR structure \fBsig\fR.
+.PP
+\&\fIi2d_ECDSA_SIG()\fR creates the \s-1DER\s0 encoding of the \s-1ECDSA\s0 signature
+\&\fBsig\fR and writes the encoded signature to \fB*pp\fR (note: if \fBpp\fR
+is \s-1NULL\s0 \fBi2d_ECDSA_SIG\fR returns the expected length in bytes of
+the \s-1DER\s0 encoded signature). \fBi2d_ECDSA_SIG\fR returns the length
+of the \s-1DER\s0 encoded signature (or 0 on error).
+.PP
+\&\fId2i_ECDSA_SIG()\fR decodes a \s-1DER\s0 encoded \s-1ECDSA\s0 signature and returns
+the decoded signature in a newly allocated \fB\s-1ECDSA_SIG\s0\fR structure.
+\&\fB*sig\fR points to the buffer containing the \s-1DER\s0 encoded signature
+of size \fBlen\fR.
+.PP
+\&\fIECDSA_size()\fR returns the maximum length of a \s-1DER\s0 encoded
+\&\s-1ECDSA\s0 signature created with the private \s-1EC\s0 key \fBeckey\fR.
+.PP
+\&\fIECDSA_sign_setup()\fR may be used to precompute parts of the
+signing operation. \fBeckey\fR is the private \s-1EC\s0 key and \fBctx\fR
+is a pointer to \fB\s-1BN_CTX\s0\fR structure (or \s-1NULL\s0). The precomputed
+values or returned in \fBkinv\fR and \fBrp\fR and can be used in a
+later call to \fBECDSA_sign_ex\fR or \fBECDSA_do_sign_ex\fR.
+.PP
+\&\fIECDSA_sign()\fR is wrapper function for ECDSA_sign_ex with \fBkinv\fR
+and \fBrp\fR set to \s-1NULL\s0.
+.PP
+\&\fIECDSA_sign_ex()\fR computes a digital signature of the \fBdgstlen\fR bytes
+hash value \fBdgst\fR using the private \s-1EC\s0 key \fBeckey\fR and the optional
+pre-computed values \fBkinv\fR and \fBrp\fR. The \s-1DER\s0 encoded signatures is
+stored in \fBsig\fR and it's length is returned in \fBsig_len\fR. Note: \fBsig\fR
+must point to \fBECDSA_size\fR bytes of memory. The parameter \fBtype\fR
+is ignored.
+.PP
+\&\fIECDSA_verify()\fR verifies that the signature in \fBsig\fR of size
+\&\fBsiglen\fR is a valid \s-1ECDSA\s0 signature of the hash value
+value \fBdgst\fR of size \fBdgstlen\fR using the public key \fBeckey\fR.
+The parameter \fBtype\fR is ignored.
+.PP
+\&\fIECDSA_do_sign()\fR is wrapper function for ECDSA_do_sign_ex with \fBkinv\fR
+and \fBrp\fR set to \s-1NULL\s0.
+.PP
+\&\fIECDSA_do_sign_ex()\fR computes a digital signature of the \fBdgst_len\fR
+bytes hash value \fBdgst\fR using the private key \fBeckey\fR and the
+optional pre-computed values \fBkinv\fR and \fBrp\fR. The signature is
+returned in a newly allocated \fB\s-1ECDSA_SIG\s0\fR structure (or \s-1NULL\s0 on error).
+.PP
+\&\fIECDSA_do_verify()\fR verifies that the signature \fBsig\fR is a valid
+\&\s-1ECDSA\s0 signature of the hash value \fBdgst\fR of size \fBdgst_len\fR
+using the public key \fBeckey\fR.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+\&\fIECDSA_size()\fR returns the maximum length signature or 0 on error.
+.PP
+\&\fIECDSA_sign_setup()\fR and \fIECDSA_sign()\fR return 1 if successful or \-1
+on error.
+.PP
+\&\fIECDSA_verify()\fR and \fIECDSA_do_verify()\fR return 1 for a valid
+signature, 0 for an invalid signature and \-1 on error.
+The error codes can be obtained by \fIERR_get_error\fR\|(3).
+.SH "EXAMPLES"
+.IX Header "EXAMPLES"
+Creating a \s-1ECDSA\s0 signature of given \s-1SHA\-1\s0 hash value using the
+named curve secp192k1.
+.PP
+First step: create a \s-1EC_KEY\s0 object (note: this part is \fBnot\fR \s-1ECDSA\s0
+specific)
+.PP
+.Vb 10
+\& int ret;
+\& ECDSA_SIG *sig;
+\& EC_KEY *eckey = EC_KEY_new();
+\& if (eckey == NULL)
+\& {
+\& /* error */
+\& }
+\& key\->group = EC_GROUP_new_by_nid(NID_secp192k1);
+\& if (key\->group == NULL)
+\& {
+\& /* error */
+\& }
+\& if (!EC_KEY_generate_key(eckey))
+\& {
+\& /* error */
+\& }
+.Ve
+.PP
+Second step: compute the \s-1ECDSA\s0 signature of a \s-1SHA\-1\s0 hash value
+using \fBECDSA_do_sign\fR
+.PP
+.Vb 5
+\& sig = ECDSA_do_sign(digest, 20, eckey);
+\& if (sig == NULL)
+\& {
+\& /* error */
+\& }
+.Ve
+.PP
+or using \fBECDSA_sign\fR
+.PP
+.Vb 9
+\& unsigned char *buffer, *pp;
+\& int buf_len;
+\& buf_len = ECDSA_size(eckey);
+\& buffer = OPENSSL_malloc(buf_len);
+\& pp = buffer;
+\& if (!ECDSA_sign(0, dgst, dgstlen, pp, &buf_len, eckey);
+\& {
+\& /* error */
+\& }
+.Ve
+.PP
+Third step: verify the created \s-1ECDSA\s0 signature using \fBECDSA_do_verify\fR
+.PP
+.Vb 1
+\& ret = ECDSA_do_verify(digest, 20, sig, eckey);
+.Ve
+.PP
+or using \fBECDSA_verify\fR
+.PP
+.Vb 1
+\& ret = ECDSA_verify(0, digest, 20, buffer, buf_len, eckey);
+.Ve
+.PP
+and finally evaluate the return value:
+.PP
+.Vb 12
+\& if (ret == \-1)
+\& {
+\& /* error */
+\& }
+\& else if (ret == 0)
+\& {
+\& /* incorrect signature */
+\& }
+\& else /* ret == 1 */
+\& {
+\& /* signature ok */
+\& }
+.Ve
+.SH "CONFORMING TO"
+.IX Header "CONFORMING TO"
+\&\s-1ANSI\s0 X9.62, \s-1US\s0 Federal Information Processing Standard \s-1FIPS\s0 186\-2
+(Digital Signature Standard, \s-1DSS\s0)
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIdsa\fR\|(3), \fIrsa\fR\|(3)
+.SH "HISTORY"
+.IX Header "HISTORY"
+The ecdsa implementation was first introduced in OpenSSL 0.9.8
+.SH "AUTHOR"
+.IX Header "AUTHOR"
+Nils Larsch for the OpenSSL project (http://www.openssl.org).
diff --git a/secure/lib/libcrypto/man/engine.3 b/secure/lib/libcrypto/man/engine.3
new file mode 100644
index 0000000..e9ce280
--- /dev/null
+++ b/secure/lib/libcrypto/man/engine.3
@@ -0,0 +1,737 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "engine 3"
+.TH engine 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+engine \- ENGINE cryptographic module support
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/engine.h>
+\&
+\& ENGINE *ENGINE_get_first(void);
+\& ENGINE *ENGINE_get_last(void);
+\& ENGINE *ENGINE_get_next(ENGINE *e);
+\& ENGINE *ENGINE_get_prev(ENGINE *e);
+\&
+\& int ENGINE_add(ENGINE *e);
+\& int ENGINE_remove(ENGINE *e);
+\&
+\& ENGINE *ENGINE_by_id(const char *id);
+\&
+\& int ENGINE_init(ENGINE *e);
+\& int ENGINE_finish(ENGINE *e);
+\&
+\& void ENGINE_load_openssl(void);
+\& void ENGINE_load_dynamic(void);
+\& #ifndef OPENSSL_NO_STATIC_ENGINE
+\& void ENGINE_load_4758cca(void);
+\& void ENGINE_load_aep(void);
+\& void ENGINE_load_atalla(void);
+\& void ENGINE_load_chil(void);
+\& void ENGINE_load_cswift(void);
+\& void ENGINE_load_gmp(void);
+\& void ENGINE_load_nuron(void);
+\& void ENGINE_load_sureware(void);
+\& void ENGINE_load_ubsec(void);
+\& #endif
+\& void ENGINE_load_cryptodev(void);
+\& void ENGINE_load_builtin_engines(void);
+\&
+\& void ENGINE_cleanup(void);
+\&
+\& ENGINE *ENGINE_get_default_RSA(void);
+\& ENGINE *ENGINE_get_default_DSA(void);
+\& ENGINE *ENGINE_get_default_ECDH(void);
+\& ENGINE *ENGINE_get_default_ECDSA(void);
+\& ENGINE *ENGINE_get_default_DH(void);
+\& ENGINE *ENGINE_get_default_RAND(void);
+\& ENGINE *ENGINE_get_cipher_engine(int nid);
+\& ENGINE *ENGINE_get_digest_engine(int nid);
+\&
+\& int ENGINE_set_default_RSA(ENGINE *e);
+\& int ENGINE_set_default_DSA(ENGINE *e);
+\& int ENGINE_set_default_ECDH(ENGINE *e);
+\& int ENGINE_set_default_ECDSA(ENGINE *e);
+\& int ENGINE_set_default_DH(ENGINE *e);
+\& int ENGINE_set_default_RAND(ENGINE *e);
+\& int ENGINE_set_default_ciphers(ENGINE *e);
+\& int ENGINE_set_default_digests(ENGINE *e);
+\& int ENGINE_set_default_string(ENGINE *e, const char *list);
+\&
+\& int ENGINE_set_default(ENGINE *e, unsigned int flags);
+\&
+\& unsigned int ENGINE_get_table_flags(void);
+\& void ENGINE_set_table_flags(unsigned int flags);
+\&
+\& int ENGINE_register_RSA(ENGINE *e);
+\& void ENGINE_unregister_RSA(ENGINE *e);
+\& void ENGINE_register_all_RSA(void);
+\& int ENGINE_register_DSA(ENGINE *e);
+\& void ENGINE_unregister_DSA(ENGINE *e);
+\& void ENGINE_register_all_DSA(void);
+\& int ENGINE_register_ECDH(ENGINE *e);
+\& void ENGINE_unregister_ECDH(ENGINE *e);
+\& void ENGINE_register_all_ECDH(void);
+\& int ENGINE_register_ECDSA(ENGINE *e);
+\& void ENGINE_unregister_ECDSA(ENGINE *e);
+\& void ENGINE_register_all_ECDSA(void);
+\& int ENGINE_register_DH(ENGINE *e);
+\& void ENGINE_unregister_DH(ENGINE *e);
+\& void ENGINE_register_all_DH(void);
+\& int ENGINE_register_RAND(ENGINE *e);
+\& void ENGINE_unregister_RAND(ENGINE *e);
+\& void ENGINE_register_all_RAND(void);
+\& int ENGINE_register_STORE(ENGINE *e);
+\& void ENGINE_unregister_STORE(ENGINE *e);
+\& void ENGINE_register_all_STORE(void);
+\& int ENGINE_register_ciphers(ENGINE *e);
+\& void ENGINE_unregister_ciphers(ENGINE *e);
+\& void ENGINE_register_all_ciphers(void);
+\& int ENGINE_register_digests(ENGINE *e);
+\& void ENGINE_unregister_digests(ENGINE *e);
+\& void ENGINE_register_all_digests(void);
+\& int ENGINE_register_complete(ENGINE *e);
+\& int ENGINE_register_all_complete(void);
+\&
+\& int ENGINE_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void));
+\& int ENGINE_cmd_is_executable(ENGINE *e, int cmd);
+\& int ENGINE_ctrl_cmd(ENGINE *e, const char *cmd_name,
+\& long i, void *p, void (*f)(void), int cmd_optional);
+\& int ENGINE_ctrl_cmd_string(ENGINE *e, const char *cmd_name, const char *arg,
+\& int cmd_optional);
+\&
+\& int ENGINE_set_ex_data(ENGINE *e, int idx, void *arg);
+\& void *ENGINE_get_ex_data(const ENGINE *e, int idx);
+\&
+\& int ENGINE_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
+\& CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
+\&
+\& ENGINE *ENGINE_new(void);
+\& int ENGINE_free(ENGINE *e);
+\& int ENGINE_up_ref(ENGINE *e);
+\&
+\& int ENGINE_set_id(ENGINE *e, const char *id);
+\& int ENGINE_set_name(ENGINE *e, const char *name);
+\& int ENGINE_set_RSA(ENGINE *e, const RSA_METHOD *rsa_meth);
+\& int ENGINE_set_DSA(ENGINE *e, const DSA_METHOD *dsa_meth);
+\& int ENGINE_set_ECDH(ENGINE *e, const ECDH_METHOD *dh_meth);
+\& int ENGINE_set_ECDSA(ENGINE *e, const ECDSA_METHOD *dh_meth);
+\& int ENGINE_set_DH(ENGINE *e, const DH_METHOD *dh_meth);
+\& int ENGINE_set_RAND(ENGINE *e, const RAND_METHOD *rand_meth);
+\& int ENGINE_set_STORE(ENGINE *e, const STORE_METHOD *rand_meth);
+\& int ENGINE_set_destroy_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR destroy_f);
+\& int ENGINE_set_init_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR init_f);
+\& int ENGINE_set_finish_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR finish_f);
+\& int ENGINE_set_ctrl_function(ENGINE *e, ENGINE_CTRL_FUNC_PTR ctrl_f);
+\& int ENGINE_set_load_privkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpriv_f);
+\& int ENGINE_set_load_pubkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpub_f);
+\& int ENGINE_set_ciphers(ENGINE *e, ENGINE_CIPHERS_PTR f);
+\& int ENGINE_set_digests(ENGINE *e, ENGINE_DIGESTS_PTR f);
+\& int ENGINE_set_flags(ENGINE *e, int flags);
+\& int ENGINE_set_cmd_defns(ENGINE *e, const ENGINE_CMD_DEFN *defns);
+\&
+\& const char *ENGINE_get_id(const ENGINE *e);
+\& const char *ENGINE_get_name(const ENGINE *e);
+\& const RSA_METHOD *ENGINE_get_RSA(const ENGINE *e);
+\& const DSA_METHOD *ENGINE_get_DSA(const ENGINE *e);
+\& const ECDH_METHOD *ENGINE_get_ECDH(const ENGINE *e);
+\& const ECDSA_METHOD *ENGINE_get_ECDSA(const ENGINE *e);
+\& const DH_METHOD *ENGINE_get_DH(const ENGINE *e);
+\& const RAND_METHOD *ENGINE_get_RAND(const ENGINE *e);
+\& const STORE_METHOD *ENGINE_get_STORE(const ENGINE *e);
+\& ENGINE_GEN_INT_FUNC_PTR ENGINE_get_destroy_function(const ENGINE *e);
+\& ENGINE_GEN_INT_FUNC_PTR ENGINE_get_init_function(const ENGINE *e);
+\& ENGINE_GEN_INT_FUNC_PTR ENGINE_get_finish_function(const ENGINE *e);
+\& ENGINE_CTRL_FUNC_PTR ENGINE_get_ctrl_function(const ENGINE *e);
+\& ENGINE_LOAD_KEY_PTR ENGINE_get_load_privkey_function(const ENGINE *e);
+\& ENGINE_LOAD_KEY_PTR ENGINE_get_load_pubkey_function(const ENGINE *e);
+\& ENGINE_CIPHERS_PTR ENGINE_get_ciphers(const ENGINE *e);
+\& ENGINE_DIGESTS_PTR ENGINE_get_digests(const ENGINE *e);
+\& const EVP_CIPHER *ENGINE_get_cipher(ENGINE *e, int nid);
+\& const EVP_MD *ENGINE_get_digest(ENGINE *e, int nid);
+\& int ENGINE_get_flags(const ENGINE *e);
+\& const ENGINE_CMD_DEFN *ENGINE_get_cmd_defns(const ENGINE *e);
+\&
+\& EVP_PKEY *ENGINE_load_private_key(ENGINE *e, const char *key_id,
+\& UI_METHOD *ui_method, void *callback_data);
+\& EVP_PKEY *ENGINE_load_public_key(ENGINE *e, const char *key_id,
+\& UI_METHOD *ui_method, void *callback_data);
+\&
+\& void ENGINE_add_conf_module(void);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+These functions create, manipulate, and use cryptographic modules in the
+form of \fB\s-1ENGINE\s0\fR objects. These objects act as containers for
+implementations of cryptographic algorithms, and support a
+reference-counted mechanism to allow them to be dynamically loaded in and
+out of the running application.
+.PP
+The cryptographic functionality that can be provided by an \fB\s-1ENGINE\s0\fR
+implementation includes the following abstractions;
+.PP
+.Vb 6
+\& RSA_METHOD \- for providing alternative RSA implementations
+\& DSA_METHOD, DH_METHOD, RAND_METHOD, ECDH_METHOD, ECDSA_METHOD,
+\& STORE_METHOD \- similarly for other OpenSSL APIs
+\& EVP_CIPHER \- potentially multiple cipher algorithms (indexed by \*(Aqnid\*(Aq)
+\& EVP_DIGEST \- potentially multiple hash algorithms (indexed by \*(Aqnid\*(Aq)
+\& key\-loading \- loading public and/or private EVP_PKEY keys
+.Ve
+.SS "Reference counting and handles"
+.IX Subsection "Reference counting and handles"
+Due to the modular nature of the \s-1ENGINE\s0 \s-1API\s0, pointers to ENGINEs need to be
+treated as handles \- ie. not only as pointers, but also as references to
+the underlying \s-1ENGINE\s0 object. Ie. one should obtain a new reference when
+making copies of an \s-1ENGINE\s0 pointer if the copies will be used (and
+released) independently.
+.PP
+\&\s-1ENGINE\s0 objects have two levels of reference-counting to match the way in
+which the objects are used. At the most basic level, each \s-1ENGINE\s0 pointer is
+inherently a \fBstructural\fR reference \- a structural reference is required
+to use the pointer value at all, as this kind of reference is a guarantee
+that the structure can not be deallocated until the reference is released.
+.PP
+However, a structural reference provides no guarantee that the \s-1ENGINE\s0 is
+initiliased and able to use any of its cryptographic
+implementations. Indeed it's quite possible that most ENGINEs will not
+initialise at all in typical environments, as ENGINEs are typically used to
+support specialised hardware. To use an \s-1ENGINE\s0's functionality, you need a
+\&\fBfunctional\fR reference. This kind of reference can be considered a
+specialised form of structural reference, because each functional reference
+implicitly contains a structural reference as well \- however to avoid
+difficult-to-find programming bugs, it is recommended to treat the two
+kinds of reference independently. If you have a functional reference to an
+\&\s-1ENGINE\s0, you have a guarantee that the \s-1ENGINE\s0 has been initialised ready to
+perform cryptographic operations and will remain uninitialised
+until after you have released your reference.
+.PP
+\&\fIStructural references\fR
+.PP
+This basic type of reference is used for instantiating new ENGINEs,
+iterating across OpenSSL's internal linked-list of loaded
+ENGINEs, reading information about an \s-1ENGINE\s0, etc. Essentially a structural
+reference is sufficient if you only need to query or manipulate the data of
+an \s-1ENGINE\s0 implementation rather than use its functionality.
+.PP
+The \fIENGINE_new()\fR function returns a structural reference to a new (empty)
+\&\s-1ENGINE\s0 object. There are other \s-1ENGINE\s0 \s-1API\s0 functions that return structural
+references such as; \fIENGINE_by_id()\fR, \fIENGINE_get_first()\fR, \fIENGINE_get_last()\fR,
+\&\fIENGINE_get_next()\fR, \fIENGINE_get_prev()\fR. All structural references should be
+released by a corresponding to call to the \fIENGINE_free()\fR function \- the
+\&\s-1ENGINE\s0 object itself will only actually be cleaned up and deallocated when
+the last structural reference is released.
+.PP
+It should also be noted that many \s-1ENGINE\s0 \s-1API\s0 function calls that accept a
+structural reference will internally obtain another reference \- typically
+this happens whenever the supplied \s-1ENGINE\s0 will be needed by OpenSSL after
+the function has returned. Eg. the function to add a new \s-1ENGINE\s0 to
+OpenSSL's internal list is \fIENGINE_add()\fR \- if this function returns success,
+then OpenSSL will have stored a new structural reference internally so the
+caller is still responsible for freeing their own reference with
+\&\fIENGINE_free()\fR when they are finished with it. In a similar way, some
+functions will automatically release the structural reference passed to it
+if part of the function's job is to do so. Eg. the \fIENGINE_get_next()\fR and
+\&\fIENGINE_get_prev()\fR functions are used for iterating across the internal
+\&\s-1ENGINE\s0 list \- they will return a new structural reference to the next (or
+previous) \s-1ENGINE\s0 in the list or \s-1NULL\s0 if at the end (or beginning) of the
+list, but in either case the structural reference passed to the function is
+released on behalf of the caller.
+.PP
+To clarify a particular function's handling of references, one should
+always consult that function's documentation \*(L"man\*(R" page, or failing that
+the openssl/engine.h header file includes some hints.
+.PP
+\&\fIFunctional references\fR
+.PP
+As mentioned, functional references exist when the cryptographic
+functionality of an \s-1ENGINE\s0 is required to be available. A functional
+reference can be obtained in one of two ways; from an existing structural
+reference to the required \s-1ENGINE\s0, or by asking OpenSSL for the default
+operational \s-1ENGINE\s0 for a given cryptographic purpose.
+.PP
+To obtain a functional reference from an existing structural reference,
+call the \fIENGINE_init()\fR function. This returns zero if the \s-1ENGINE\s0 was not
+already operational and couldn't be successfully initialised (eg. lack of
+system drivers, no special hardware attached, etc), otherwise it will
+return non-zero to indicate that the \s-1ENGINE\s0 is now operational and will
+have allocated a new \fBfunctional\fR reference to the \s-1ENGINE\s0. All functional
+references are released by calling \fIENGINE_finish()\fR (which removes the
+implicit structural reference as well).
+.PP
+The second way to get a functional reference is by asking OpenSSL for a
+default implementation for a given task, eg. by \fIENGINE_get_default_RSA()\fR,
+\&\fIENGINE_get_default_cipher_engine()\fR, etc. These are discussed in the next
+section, though they are not usually required by application programmers as
+they are used automatically when creating and using the relevant
+algorithm-specific types in OpenSSL, such as \s-1RSA\s0, \s-1DSA\s0, \s-1EVP_CIPHER_CTX\s0, etc.
+.SS "Default implementations"
+.IX Subsection "Default implementations"
+For each supported abstraction, the \s-1ENGINE\s0 code maintains an internal table
+of state to control which implementations are available for a given
+abstraction and which should be used by default. These implementations are
+registered in the tables and indexed by an 'nid' value, because
+abstractions like \s-1EVP_CIPHER\s0 and \s-1EVP_DIGEST\s0 support many distinct
+algorithms and modes, and ENGINEs can support arbitrarily many of them.
+In the case of other abstractions like \s-1RSA\s0, \s-1DSA\s0, etc, there is only one
+\&\*(L"algorithm\*(R" so all implementations implicitly register using the same 'nid'
+index.
+.PP
+When a default \s-1ENGINE\s0 is requested for a given abstraction/algorithm/mode, (eg.
+when calling RSA_new_method(\s-1NULL\s0)), a \*(L"get_default\*(R" call will be made to the
+\&\s-1ENGINE\s0 subsystem to process the corresponding state table and return a
+functional reference to an initialised \s-1ENGINE\s0 whose implementation should be
+used. If no \s-1ENGINE\s0 should (or can) be used, it will return \s-1NULL\s0 and the caller
+will operate with a \s-1NULL\s0 \s-1ENGINE\s0 handle \- this usually equates to using the
+conventional software implementation. In the latter case, OpenSSL will from
+then on behave the way it used to before the \s-1ENGINE\s0 \s-1API\s0 existed.
+.PP
+Each state table has a flag to note whether it has processed this
+\&\*(L"get_default\*(R" query since the table was last modified, because to process
+this question it must iterate across all the registered ENGINEs in the
+table trying to initialise each of them in turn, in case one of them is
+operational. If it returns a functional reference to an \s-1ENGINE\s0, it will
+also cache another reference to speed up processing future queries (without
+needing to iterate across the table). Likewise, it will cache a \s-1NULL\s0
+response if no \s-1ENGINE\s0 was available so that future queries won't repeat the
+same iteration unless the state table changes. This behaviour can also be
+changed; if the \s-1ENGINE_TABLE_FLAG_NOINIT\s0 flag is set (using
+\&\fIENGINE_set_table_flags()\fR), no attempted initialisations will take place,
+instead the only way for the state table to return a non-NULL \s-1ENGINE\s0 to the
+\&\*(L"get_default\*(R" query will be if one is expressly set in the table. Eg.
+\&\fIENGINE_set_default_RSA()\fR does the same job as \fIENGINE_register_RSA()\fR except
+that it also sets the state table's cached response for the \*(L"get_default\*(R"
+query. In the case of abstractions like \s-1EVP_CIPHER\s0, where implementations are
+indexed by 'nid', these flags and cached-responses are distinct for each 'nid'
+value.
+.SS "Application requirements"
+.IX Subsection "Application requirements"
+This section will explain the basic things an application programmer should
+support to make the most useful elements of the \s-1ENGINE\s0 functionality
+available to the user. The first thing to consider is whether the
+programmer wishes to make alternative \s-1ENGINE\s0 modules available to the
+application and user. OpenSSL maintains an internal linked list of
+\&\*(L"visible\*(R" ENGINEs from which it has to operate \- at start-up, this list is
+empty and in fact if an application does not call any \s-1ENGINE\s0 \s-1API\s0 calls and
+it uses static linking against openssl, then the resulting application
+binary will not contain any alternative \s-1ENGINE\s0 code at all. So the first
+consideration is whether any/all available \s-1ENGINE\s0 implementations should be
+made visible to OpenSSL \- this is controlled by calling the various \*(L"load\*(R"
+functions, eg.
+.PP
+.Vb 9
+\& /* Make the "dynamic" ENGINE available */
+\& void ENGINE_load_dynamic(void);
+\& /* Make the CryptoSwift hardware acceleration support available */
+\& void ENGINE_load_cswift(void);
+\& /* Make support for nCipher\*(Aqs "CHIL" hardware available */
+\& void ENGINE_load_chil(void);
+\& ...
+\& /* Make ALL ENGINE implementations bundled with OpenSSL available */
+\& void ENGINE_load_builtin_engines(void);
+.Ve
+.PP
+Having called any of these functions, \s-1ENGINE\s0 objects would have been
+dynamically allocated and populated with these implementations and linked
+into OpenSSL's internal linked list. At this point it is important to
+mention an important \s-1API\s0 function;
+.PP
+.Vb 1
+\& void ENGINE_cleanup(void);
+.Ve
+.PP
+If no \s-1ENGINE\s0 \s-1API\s0 functions are called at all in an application, then there
+are no inherent memory leaks to worry about from the \s-1ENGINE\s0 functionality,
+however if any ENGINEs are loaded, even if they are never registered or
+used, it is necessary to use the \fIENGINE_cleanup()\fR function to
+correspondingly cleanup before program exit, if the caller wishes to avoid
+memory leaks. This mechanism uses an internal callback registration table
+so that any \s-1ENGINE\s0 \s-1API\s0 functionality that knows it requires cleanup can
+register its cleanup details to be called during \fIENGINE_cleanup()\fR. This
+approach allows \fIENGINE_cleanup()\fR to clean up after any \s-1ENGINE\s0 functionality
+at all that your program uses, yet doesn't automatically create linker
+dependencies to all possible \s-1ENGINE\s0 functionality \- only the cleanup
+callbacks required by the functionality you do use will be required by the
+linker.
+.PP
+The fact that ENGINEs are made visible to OpenSSL (and thus are linked into
+the program and loaded into memory at run-time) does not mean they are
+\&\*(L"registered\*(R" or called into use by OpenSSL automatically \- that behaviour
+is something for the application to control. Some applications
+will want to allow the user to specify exactly which \s-1ENGINE\s0 they want used
+if any is to be used at all. Others may prefer to load all support and have
+OpenSSL automatically use at run-time any \s-1ENGINE\s0 that is able to
+successfully initialise \- ie. to assume that this corresponds to
+acceleration hardware attached to the machine or some such thing. There are
+probably numerous other ways in which applications may prefer to handle
+things, so we will simply illustrate the consequences as they apply to a
+couple of simple cases and leave developers to consider these and the
+source code to openssl's builtin utilities as guides.
+.PP
+\&\fIUsing a specific \s-1ENGINE\s0 implementation\fR
+.PP
+Here we'll assume an application has been configured by its user or admin
+to want to use the \*(L"\s-1ACME\s0\*(R" \s-1ENGINE\s0 if it is available in the version of
+OpenSSL the application was compiled with. If it is available, it should be
+used by default for all \s-1RSA\s0, \s-1DSA\s0, and symmetric cipher operation, otherwise
+OpenSSL should use its builtin software as per usual. The following code
+illustrates how to approach this;
+.PP
+.Vb 10
+\& ENGINE *e;
+\& const char *engine_id = "ACME";
+\& ENGINE_load_builtin_engines();
+\& e = ENGINE_by_id(engine_id);
+\& if(!e)
+\& /* the engine isn\*(Aqt available */
+\& return;
+\& if(!ENGINE_init(e)) {
+\& /* the engine couldn\*(Aqt initialise, release \*(Aqe\*(Aq */
+\& ENGINE_free(e);
+\& return;
+\& }
+\& if(!ENGINE_set_default_RSA(e))
+\& /* This should only happen when \*(Aqe\*(Aq can\*(Aqt initialise, but the previous
+\& * statement suggests it did. */
+\& abort();
+\& ENGINE_set_default_DSA(e);
+\& ENGINE_set_default_ciphers(e);
+\& /* Release the functional reference from ENGINE_init() */
+\& ENGINE_finish(e);
+\& /* Release the structural reference from ENGINE_by_id() */
+\& ENGINE_free(e);
+.Ve
+.PP
+\&\fIAutomatically using builtin \s-1ENGINE\s0 implementations\fR
+.PP
+Here we'll assume we want to load and register all \s-1ENGINE\s0 implementations
+bundled with OpenSSL, such that for any cryptographic algorithm required by
+OpenSSL \- if there is an \s-1ENGINE\s0 that implements it and can be initialise,
+it should be used. The following code illustrates how this can work;
+.PP
+.Vb 4
+\& /* Load all bundled ENGINEs into memory and make them visible */
+\& ENGINE_load_builtin_engines();
+\& /* Register all of them for every algorithm they collectively implement */
+\& ENGINE_register_all_complete();
+.Ve
+.PP
+That's all that's required. Eg. the next time OpenSSL tries to set up an
+\&\s-1RSA\s0 key, any bundled ENGINEs that implement \s-1RSA_METHOD\s0 will be passed to
+\&\fIENGINE_init()\fR and if any of those succeed, that \s-1ENGINE\s0 will be set as the
+default for \s-1RSA\s0 use from then on.
+.SS "Advanced configuration support"
+.IX Subsection "Advanced configuration support"
+There is a mechanism supported by the \s-1ENGINE\s0 framework that allows each
+\&\s-1ENGINE\s0 implementation to define an arbitrary set of configuration
+\&\*(L"commands\*(R" and expose them to OpenSSL and any applications based on
+OpenSSL. This mechanism is entirely based on the use of name-value pairs
+and assumes \s-1ASCII\s0 input (no unicode or \s-1UTF\s0 for now!), so it is ideal if
+applications want to provide a transparent way for users to provide
+arbitrary configuration \*(L"directives\*(R" directly to such ENGINEs. It is also
+possible for the application to dynamically interrogate the loaded \s-1ENGINE\s0
+implementations for the names, descriptions, and input flags of their
+available \*(L"control commands\*(R", providing a more flexible configuration
+scheme. However, if the user is expected to know which \s-1ENGINE\s0 device he/she
+is using (in the case of specialised hardware, this goes without saying)
+then applications may not need to concern themselves with discovering the
+supported control commands and simply prefer to pass settings into ENGINEs
+exactly as they are provided by the user.
+.PP
+Before illustrating how control commands work, it is worth mentioning what
+they are typically used for. Broadly speaking there are two uses for
+control commands; the first is to provide the necessary details to the
+implementation (which may know nothing at all specific to the host system)
+so that it can be initialised for use. This could include the path to any
+driver or config files it needs to load, required network addresses,
+smart-card identifiers, passwords to initialise protected devices,
+logging information, etc etc. This class of commands typically needs to be
+passed to an \s-1ENGINE\s0 \fBbefore\fR attempting to initialise it, ie. before
+calling \fIENGINE_init()\fR. The other class of commands consist of settings or
+operations that tweak certain behaviour or cause certain operations to take
+place, and these commands may work either before or after \fIENGINE_init()\fR, or
+in some cases both. \s-1ENGINE\s0 implementations should provide indications of
+this in the descriptions attached to builtin control commands and/or in
+external product documentation.
+.PP
+\&\fIIssuing control commands to an \s-1ENGINE\s0\fR
+.PP
+Let's illustrate by example; a function for which the caller supplies the
+name of the \s-1ENGINE\s0 it wishes to use, a table of string-pairs for use before
+initialisation, and another table for use after initialisation. Note that
+the string-pairs used for control commands consist of a command \*(L"name\*(R"
+followed by the command \*(L"parameter\*(R" \- the parameter could be \s-1NULL\s0 in some
+cases but the name can not. This function should initialise the \s-1ENGINE\s0
+(issuing the \*(L"pre\*(R" commands beforehand and the \*(L"post\*(R" commands afterwards)
+and set it as the default for everything except \s-1RAND\s0 and then return a
+boolean success or failure.
+.PP
+.Vb 10
+\& int generic_load_engine_fn(const char *engine_id,
+\& const char **pre_cmds, int pre_num,
+\& const char **post_cmds, int post_num)
+\& {
+\& ENGINE *e = ENGINE_by_id(engine_id);
+\& if(!e) return 0;
+\& while(pre_num\-\-) {
+\& if(!ENGINE_ctrl_cmd_string(e, pre_cmds[0], pre_cmds[1], 0)) {
+\& fprintf(stderr, "Failed command (%s \- %s:%s)\en", engine_id,
+\& pre_cmds[0], pre_cmds[1] ? pre_cmds[1] : "(NULL)");
+\& ENGINE_free(e);
+\& return 0;
+\& }
+\& pre_cmds += 2;
+\& }
+\& if(!ENGINE_init(e)) {
+\& fprintf(stderr, "Failed initialisation\en");
+\& ENGINE_free(e);
+\& return 0;
+\& }
+\& /* ENGINE_init() returned a functional reference, so free the structural
+\& * reference from ENGINE_by_id(). */
+\& ENGINE_free(e);
+\& while(post_num\-\-) {
+\& if(!ENGINE_ctrl_cmd_string(e, post_cmds[0], post_cmds[1], 0)) {
+\& fprintf(stderr, "Failed command (%s \- %s:%s)\en", engine_id,
+\& post_cmds[0], post_cmds[1] ? post_cmds[1] : "(NULL)");
+\& ENGINE_finish(e);
+\& return 0;
+\& }
+\& post_cmds += 2;
+\& }
+\& ENGINE_set_default(e, ENGINE_METHOD_ALL & ~ENGINE_METHOD_RAND);
+\& /* Success */
+\& return 1;
+\& }
+.Ve
+.PP
+Note that \fIENGINE_ctrl_cmd_string()\fR accepts a boolean argument that can
+relax the semantics of the function \- if set non-zero it will only return
+failure if the \s-1ENGINE\s0 supported the given command name but failed while
+executing it, if the \s-1ENGINE\s0 doesn't support the command name it will simply
+return success without doing anything. In this case we assume the user is
+only supplying commands specific to the given \s-1ENGINE\s0 so we set this to
+\&\s-1FALSE\s0.
+.PP
+\&\fIDiscovering supported control commands\fR
+.PP
+It is possible to discover at run-time the names, numerical-ids, descriptions
+and input parameters of the control commands supported by an \s-1ENGINE\s0 using a
+structural reference. Note that some control commands are defined by OpenSSL
+itself and it will intercept and handle these control commands on behalf of the
+\&\s-1ENGINE\s0, ie. the \s-1ENGINE\s0's \fIctrl()\fR handler is not used for the control command.
+openssl/engine.h defines an index, \s-1ENGINE_CMD_BASE\s0, that all control commands
+implemented by ENGINEs should be numbered from. Any command value lower than
+this symbol is considered a \*(L"generic\*(R" command is handled directly by the
+OpenSSL core routines.
+.PP
+It is using these \*(L"core\*(R" control commands that one can discover the the control
+commands implemented by a given \s-1ENGINE\s0, specifically the commands;
+.PP
+.Vb 9
+\& #define ENGINE_HAS_CTRL_FUNCTION 10
+\& #define ENGINE_CTRL_GET_FIRST_CMD_TYPE 11
+\& #define ENGINE_CTRL_GET_NEXT_CMD_TYPE 12
+\& #define ENGINE_CTRL_GET_CMD_FROM_NAME 13
+\& #define ENGINE_CTRL_GET_NAME_LEN_FROM_CMD 14
+\& #define ENGINE_CTRL_GET_NAME_FROM_CMD 15
+\& #define ENGINE_CTRL_GET_DESC_LEN_FROM_CMD 16
+\& #define ENGINE_CTRL_GET_DESC_FROM_CMD 17
+\& #define ENGINE_CTRL_GET_CMD_FLAGS 18
+.Ve
+.PP
+Whilst these commands are automatically processed by the OpenSSL framework code,
+they use various properties exposed by each \s-1ENGINE\s0 to process these
+queries. An \s-1ENGINE\s0 has 3 properties it exposes that can affect how this behaves;
+it can supply a \fIctrl()\fR handler, it can specify \s-1ENGINE_FLAGS_MANUAL_CMD_CTRL\s0 in
+the \s-1ENGINE\s0's flags, and it can expose an array of control command descriptions.
+If an \s-1ENGINE\s0 specifies the \s-1ENGINE_FLAGS_MANUAL_CMD_CTRL\s0 flag, then it will
+simply pass all these \*(L"core\*(R" control commands directly to the \s-1ENGINE\s0's \fIctrl()\fR
+handler (and thus, it must have supplied one), so it is up to the \s-1ENGINE\s0 to
+reply to these \*(L"discovery\*(R" commands itself. If that flag is not set, then the
+OpenSSL framework code will work with the following rules;
+.PP
+.Vb 9
+\& if no ctrl() handler supplied;
+\& ENGINE_HAS_CTRL_FUNCTION returns FALSE (zero),
+\& all other commands fail.
+\& if a ctrl() handler was supplied but no array of control commands;
+\& ENGINE_HAS_CTRL_FUNCTION returns TRUE,
+\& all other commands fail.
+\& if a ctrl() handler and array of control commands was supplied;
+\& ENGINE_HAS_CTRL_FUNCTION returns TRUE,
+\& all other commands proceed processing ...
+.Ve
+.PP
+If the \s-1ENGINE\s0's array of control commands is empty then all other commands will
+fail, otherwise; \s-1ENGINE_CTRL_GET_FIRST_CMD_TYPE\s0 returns the identifier of
+the first command supported by the \s-1ENGINE\s0, \s-1ENGINE_GET_NEXT_CMD_TYPE\s0 takes the
+identifier of a command supported by the \s-1ENGINE\s0 and returns the next command
+identifier or fails if there are no more, \s-1ENGINE_CMD_FROM_NAME\s0 takes a string
+name for a command and returns the corresponding identifier or fails if no such
+command name exists, and the remaining commands take a command identifier and
+return properties of the corresponding commands. All except
+\&\s-1ENGINE_CTRL_GET_FLAGS\s0 return the string length of a command name or description,
+or populate a supplied character buffer with a copy of the command name or
+description. \s-1ENGINE_CTRL_GET_FLAGS\s0 returns a bitwise-OR'd mask of the following
+possible values;
+.PP
+.Vb 4
+\& #define ENGINE_CMD_FLAG_NUMERIC (unsigned int)0x0001
+\& #define ENGINE_CMD_FLAG_STRING (unsigned int)0x0002
+\& #define ENGINE_CMD_FLAG_NO_INPUT (unsigned int)0x0004
+\& #define ENGINE_CMD_FLAG_INTERNAL (unsigned int)0x0008
+.Ve
+.PP
+If the \s-1ENGINE_CMD_FLAG_INTERNAL\s0 flag is set, then any other flags are purely
+informational to the caller \- this flag will prevent the command being usable
+for any higher-level \s-1ENGINE\s0 functions such as \fIENGINE_ctrl_cmd_string()\fR.
+\&\*(L"\s-1INTERNAL\s0\*(R" commands are not intended to be exposed to text-based configuration
+by applications, administrations, users, etc. These can support arbitrary
+operations via \fIENGINE_ctrl()\fR, including passing to and/or from the control
+commands data of any arbitrary type. These commands are supported in the
+discovery mechanisms simply to allow applications determinie if an \s-1ENGINE\s0
+supports certain specific commands it might want to use (eg. application \*(L"foo\*(R"
+might query various ENGINEs to see if they implement \*(L"\s-1FOO_GET_VENDOR_LOGO_GIF\s0\*(R" \-
+and \s-1ENGINE\s0 could therefore decide whether or not to support this \*(L"foo\*(R"\-specific
+extension).
+.SS "Future developments"
+.IX Subsection "Future developments"
+The \s-1ENGINE\s0 \s-1API\s0 and internal architecture is currently being reviewed. Slated for
+possible release in 0.9.8 is support for transparent loading of \*(L"dynamic\*(R"
+ENGINEs (built as self-contained shared-libraries). This would allow \s-1ENGINE\s0
+implementations to be provided independently of OpenSSL libraries and/or
+OpenSSL-based applications, and would also remove any requirement for
+applications to explicitly use the \*(L"dynamic\*(R" \s-1ENGINE\s0 to bind to shared-library
+implementations.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIrsa\fR\|(3), \fIdsa\fR\|(3), \fIdh\fR\|(3), \fIrand\fR\|(3)
diff --git a/secure/lib/libcrypto/man/err.3 b/secure/lib/libcrypto/man/err.3
new file mode 100644
index 0000000..5e2fc04
--- /dev/null
+++ b/secure/lib/libcrypto/man/err.3
@@ -0,0 +1,313 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "err 3"
+.TH err 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+err \- error codes
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/err.h>
+\&
+\& unsigned long ERR_get_error(void);
+\& unsigned long ERR_peek_error(void);
+\& unsigned long ERR_get_error_line(const char **file, int *line);
+\& unsigned long ERR_peek_error_line(const char **file, int *line);
+\& unsigned long ERR_get_error_line_data(const char **file, int *line,
+\& const char **data, int *flags);
+\& unsigned long ERR_peek_error_line_data(const char **file, int *line,
+\& const char **data, int *flags);
+\&
+\& int ERR_GET_LIB(unsigned long e);
+\& int ERR_GET_FUNC(unsigned long e);
+\& int ERR_GET_REASON(unsigned long e);
+\&
+\& void ERR_clear_error(void);
+\&
+\& char *ERR_error_string(unsigned long e, char *buf);
+\& const char *ERR_lib_error_string(unsigned long e);
+\& const char *ERR_func_error_string(unsigned long e);
+\& const char *ERR_reason_error_string(unsigned long e);
+\&
+\& void ERR_print_errors(BIO *bp);
+\& void ERR_print_errors_fp(FILE *fp);
+\&
+\& void ERR_load_crypto_strings(void);
+\& void ERR_free_strings(void);
+\&
+\& void ERR_remove_state(unsigned long pid);
+\&
+\& void ERR_put_error(int lib, int func, int reason, const char *file,
+\& int line);
+\& void ERR_add_error_data(int num, ...);
+\&
+\& void ERR_load_strings(int lib,ERR_STRING_DATA str[]);
+\& unsigned long ERR_PACK(int lib, int func, int reason);
+\& int ERR_get_next_error_library(void);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+When a call to the OpenSSL library fails, this is usually signalled
+by the return value, and an error code is stored in an error queue
+associated with the current thread. The \fBerr\fR library provides
+functions to obtain these error codes and textual error messages.
+.PP
+The \fIERR_get_error\fR\|(3) manpage describes how to
+access error codes.
+.PP
+Error codes contain information about where the error occurred, and
+what went wrong. \s-1\fIERR_GET_LIB\s0\fR\|(3) describes how to
+extract this information. A method to obtain human-readable error
+messages is described in \fIERR_error_string\fR\|(3).
+.PP
+\&\fIERR_clear_error\fR\|(3) can be used to clear the
+error queue.
+.PP
+Note that \fIERR_remove_state\fR\|(3) should be used to
+avoid memory leaks when threads are terminated.
+.SH "ADDING NEW ERROR CODES TO OPENSSL"
+.IX Header "ADDING NEW ERROR CODES TO OPENSSL"
+See \fIERR_put_error\fR\|(3) if you want to record error codes in the
+OpenSSL error system from within your application.
+.PP
+The remainder of this section is of interest only if you want to add
+new error codes to OpenSSL or add error codes from external libraries.
+.SS "Reporting errors"
+.IX Subsection "Reporting errors"
+Each sub-library has a specific macro \fIXXXerr()\fR that is used to report
+errors. Its first argument is a function code \fB\s-1XXX_F_\s0...\fR, the second
+argument is a reason code \fB\s-1XXX_R_\s0...\fR. Function codes are derived
+from the function names; reason codes consist of textual error
+descriptions. For example, the function \fIssl23_read()\fR reports a
+\&\*(L"handshake failure\*(R" as follows:
+.PP
+.Vb 1
+\& SSLerr(SSL_F_SSL23_READ, SSL_R_SSL_HANDSHAKE_FAILURE);
+.Ve
+.PP
+Function and reason codes should consist of upper case characters,
+numbers and underscores only. The error file generation script translates
+function codes into function names by looking in the header files
+for an appropriate function name, if none is found it just uses
+the capitalized form such as \*(L"\s-1SSL23_READ\s0\*(R" in the above example.
+.PP
+The trailing section of a reason code (after the \*(L"_R_\*(R") is translated
+into lower case and underscores changed to spaces.
+.PP
+When you are using new function or reason codes, run \fBmake errors\fR.
+The necessary \fB#define\fRs will then automatically be added to the
+sub-library's header file.
+.PP
+Although a library will normally report errors using its own specific
+XXXerr macro, another library's macro can be used. This is normally
+only done when a library wants to include \s-1ASN1\s0 code which must use
+the \fIASN1err()\fR macro.
+.SS "Adding new libraries"
+.IX Subsection "Adding new libraries"
+When adding a new sub-library to OpenSSL, assign it a library number
+\&\fB\s-1ERR_LIB_XXX\s0\fR, define a macro \fIXXXerr()\fR (both in \fBerr.h\fR), add its
+name to \fBERR_str_libraries[]\fR (in \fBcrypto/err/err.c\fR), and add
+\&\f(CW\*(C`ERR_load_XXX_strings()\*(C'\fR to the \fIERR_load_crypto_strings()\fR function
+(in \fBcrypto/err/err_all.c\fR). Finally, add an entry
+.PP
+.Vb 1
+\& L XXX xxx.h xxx_err.c
+.Ve
+.PP
+to \fBcrypto/err/openssl.ec\fR, and add \fBxxx_err.c\fR to the Makefile.
+Running \fBmake errors\fR will then generate a file \fBxxx_err.c\fR, and
+add all error codes used in the library to \fBxxx.h\fR.
+.PP
+Additionally the library include file must have a certain form.
+Typically it will initially look like this:
+.PP
+.Vb 2
+\& #ifndef HEADER_XXX_H
+\& #define HEADER_XXX_H
+\&
+\& #ifdef _\|_cplusplus
+\& extern "C" {
+\& #endif
+\&
+\& /* Include files */
+\&
+\& #include <openssl/bio.h>
+\& #include <openssl/x509.h>
+\&
+\& /* Macros, structures and function prototypes */
+\&
+\&
+\& /* BEGIN ERROR CODES */
+.Ve
+.PP
+The \fB\s-1BEGIN\s0 \s-1ERROR\s0 \s-1CODES\s0\fR sequence is used by the error code
+generation script as the point to place new error codes, any text
+after this point will be overwritten when \fBmake errors\fR is run.
+The closing #endif etc will be automatically added by the script.
+.PP
+The generated C error code file \fBxxx_err.c\fR will load the header
+files \fBstdio.h\fR, \fBopenssl/err.h\fR and \fBopenssl/xxx.h\fR so the
+header file must load any additional header files containing any
+definitions it uses.
+.SH "USING ERROR CODES IN EXTERNAL LIBRARIES"
+.IX Header "USING ERROR CODES IN EXTERNAL LIBRARIES"
+It is also possible to use OpenSSL's error code scheme in external
+libraries. The library needs to load its own codes and call the OpenSSL
+error code insertion script \fBmkerr.pl\fR explicitly to add codes to
+the header file and generate the C error code file. This will normally
+be done if the external library needs to generate new \s-1ASN1\s0 structures
+but it can also be used to add more general purpose error code handling.
+.PP
+\&\s-1TBA\s0 more details
+.SH "INTERNALS"
+.IX Header "INTERNALS"
+The error queues are stored in a hash table with one \fB\s-1ERR_STATE\s0\fR
+entry for each pid. \fIERR_get_state()\fR returns the current thread's
+\&\fB\s-1ERR_STATE\s0\fR. An \fB\s-1ERR_STATE\s0\fR can hold up to \fB\s-1ERR_NUM_ERRORS\s0\fR error
+codes. When more error codes are added, the old ones are overwritten,
+on the assumption that the most recent errors are most important.
+.PP
+Error strings are also stored in hash table. The hash tables can
+be obtained by calling ERR_get_err_state_table(void) and
+ERR_get_string_table(void) respectively.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fICRYPTO_set_id_callback\fR\|(3),
+\&\fICRYPTO_set_locking_callback\fR\|(3),
+\&\fIERR_get_error\fR\|(3),
+\&\s-1\fIERR_GET_LIB\s0\fR\|(3),
+\&\fIERR_clear_error\fR\|(3),
+\&\fIERR_error_string\fR\|(3),
+\&\fIERR_print_errors\fR\|(3),
+\&\fIERR_load_crypto_strings\fR\|(3),
+\&\fIERR_remove_state\fR\|(3),
+\&\fIERR_put_error\fR\|(3),
+\&\fIERR_load_strings\fR\|(3),
+\&\fISSL_get_error\fR\|(3)
diff --git a/secure/lib/libcrypto/man/evp.3 b/secure/lib/libcrypto/man/evp.3
new file mode 100644
index 0000000..d7a40f5
--- /dev/null
+++ b/secure/lib/libcrypto/man/evp.3
@@ -0,0 +1,170 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "evp 3"
+.TH evp 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+evp \- high\-level cryptographic functions
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/evp.h>
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+The \s-1EVP\s0 library provides a high-level interface to cryptographic
+functions.
+.PP
+\&\fBEVP_Seal\fR\fI...\fR and \fBEVP_Open\fR\fI...\fR provide public key encryption
+and decryption to implement digital \*(L"envelopes\*(R".
+.PP
+The \fBEVP_Sign\fR\fI...\fR and \fBEVP_Verify\fR\fI...\fR functions implement
+digital signatures.
+.PP
+Symmetric encryption is available with the \fBEVP_Encrypt\fR\fI...\fR
+functions. The \fBEVP_Digest\fR\fI...\fR functions provide message digests.
+.PP
+Algorithms are loaded with \fIOpenSSL_add_all_algorithms\fR\|(3).
+.PP
+All the symmetric algorithms (ciphers) and digests can be replaced by \s-1ENGINE\s0
+modules providing alternative implementations. If \s-1ENGINE\s0 implementations of
+ciphers or digests are registered as defaults, then the various \s-1EVP\s0 functions
+will automatically use those implementations automatically in preference to
+built in software implementations. For more information, consult the \fIengine\fR\|(3)
+man page.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIEVP_DigestInit\fR\|(3),
+\&\fIEVP_EncryptInit\fR\|(3),
+\&\fIEVP_OpenInit\fR\|(3),
+\&\fIEVP_SealInit\fR\|(3),
+\&\fIEVP_SignInit\fR\|(3),
+\&\fIEVP_VerifyInit\fR\|(3),
+\&\fIOpenSSL_add_all_algorithms\fR\|(3),
+\&\fIengine\fR\|(3)
diff --git a/secure/lib/libcrypto/man/hmac.3 b/secure/lib/libcrypto/man/hmac.3
new file mode 100644
index 0000000..7b90627
--- /dev/null
+++ b/secure/lib/libcrypto/man/hmac.3
@@ -0,0 +1,222 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "hmac 3"
+.TH hmac 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+HMAC, HMAC_Init, HMAC_Update, HMAC_Final, HMAC_cleanup \- HMAC message
+authentication code
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/hmac.h>
+\&
+\& unsigned char *HMAC(const EVP_MD *evp_md, const void *key,
+\& int key_len, const unsigned char *d, int n,
+\& unsigned char *md, unsigned int *md_len);
+\&
+\& void HMAC_CTX_init(HMAC_CTX *ctx);
+\&
+\& void HMAC_Init(HMAC_CTX *ctx, const void *key, int key_len,
+\& const EVP_MD *md);
+\& void HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int key_len,
+\& const EVP_MD *md, ENGINE *impl);
+\& void HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, int len);
+\& void HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len);
+\&
+\& void HMAC_CTX_cleanup(HMAC_CTX *ctx);
+\& void HMAC_cleanup(HMAC_CTX *ctx);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\s-1HMAC\s0 is a \s-1MAC\s0 (message authentication code), i.e. a keyed hash
+function used for message authentication, which is based on a hash
+function.
+.PP
+\&\s-1\fIHMAC\s0()\fR computes the message authentication code of the \fBn\fR bytes at
+\&\fBd\fR using the hash function \fBevp_md\fR and the key \fBkey\fR which is
+\&\fBkey_len\fR bytes long.
+.PP
+It places the result in \fBmd\fR (which must have space for the output of
+the hash function, which is no more than \fB\s-1EVP_MAX_MD_SIZE\s0\fR bytes).
+If \fBmd\fR is \s-1NULL\s0, the digest is placed in a static array. The size of
+the output is placed in \fBmd_len\fR, unless it is \fB\s-1NULL\s0\fR.
+.PP
+\&\fBevp_md\fR can be \fIEVP_sha1()\fR, \fIEVP_ripemd160()\fR etc.
+.PP
+\&\fIHMAC_CTX_init()\fR initialises a \fB\s-1HMAC_CTX\s0\fR before first use. It must be
+called.
+.PP
+\&\fIHMAC_CTX_cleanup()\fR erases the key and other data from the \fB\s-1HMAC_CTX\s0\fR
+and releases any associated resources. It must be called when an
+\&\fB\s-1HMAC_CTX\s0\fR is no longer required.
+.PP
+\&\fIHMAC_cleanup()\fR is an alias for \fIHMAC_CTX_cleanup()\fR included for back
+compatibility with 0.9.6b, it is deprecated.
+.PP
+The following functions may be used if the message is not completely
+stored in memory:
+.PP
+\&\fIHMAC_Init()\fR initializes a \fB\s-1HMAC_CTX\s0\fR structure to use the hash
+function \fBevp_md\fR and the key \fBkey\fR which is \fBkey_len\fR bytes
+long. It is deprecated and only included for backward compatibility
+with OpenSSL 0.9.6b.
+.PP
+\&\fIHMAC_Init_ex()\fR initializes or reuses a \fB\s-1HMAC_CTX\s0\fR structure to use
+the function \fBevp_md\fR and key \fBkey\fR. Either can be \s-1NULL\s0, in which
+case the existing one will be reused. \fIHMAC_CTX_init()\fR must have been
+called before the first use of an \fB\s-1HMAC_CTX\s0\fR in this
+function. \fBN.B. \f(BIHMAC_Init()\fB had this undocumented behaviour in
+previous versions of OpenSSL \- failure to switch to \f(BIHMAC_Init_ex()\fB in
+programs that expect it will cause them to stop working\fR.
+.PP
+\&\fIHMAC_Update()\fR can be called repeatedly with chunks of the message to
+be authenticated (\fBlen\fR bytes at \fBdata\fR).
+.PP
+\&\fIHMAC_Final()\fR places the message authentication code in \fBmd\fR, which
+must have space for the hash function output.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+\&\s-1\fIHMAC\s0()\fR returns a pointer to the message authentication code.
+.PP
+\&\fIHMAC_CTX_init()\fR, \fIHMAC_Init_ex()\fR, \fIHMAC_Update()\fR, \fIHMAC_Final()\fR and
+\&\fIHMAC_CTX_cleanup()\fR do not return values.
+.SH "CONFORMING TO"
+.IX Header "CONFORMING TO"
+\&\s-1RFC\s0 2104
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIsha\fR\|(3), \fIevp\fR\|(3)
+.SH "HISTORY"
+.IX Header "HISTORY"
+\&\s-1\fIHMAC\s0()\fR, \fIHMAC_Init()\fR, \fIHMAC_Update()\fR, \fIHMAC_Final()\fR and \fIHMAC_cleanup()\fR
+are available since SSLeay 0.9.0.
+.PP
+\&\fIHMAC_CTX_init()\fR, \fIHMAC_Init_ex()\fR and \fIHMAC_CTX_cleanup()\fR are available
+since OpenSSL 0.9.7.
diff --git a/secure/lib/libcrypto/man/lh_stats.3 b/secure/lib/libcrypto/man/lh_stats.3
new file mode 100644
index 0000000..aeefa31
--- /dev/null
+++ b/secure/lib/libcrypto/man/lh_stats.3
@@ -0,0 +1,183 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "lh_stats 3"
+.TH lh_stats 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+lh_stats, lh_node_stats, lh_node_usage_stats, lh_stats_bio,
+lh_node_stats_bio, lh_node_usage_stats_bio \- LHASH statistics
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/lhash.h>
+\&
+\& void lh_stats(LHASH *table, FILE *out);
+\& void lh_node_stats(LHASH *table, FILE *out);
+\& void lh_node_usage_stats(LHASH *table, FILE *out);
+\&
+\& void lh_stats_bio(LHASH *table, BIO *out);
+\& void lh_node_stats_bio(LHASH *table, BIO *out);
+\& void lh_node_usage_stats_bio(LHASH *table, BIO *out);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+The \fB\s-1LHASH\s0\fR structure records statistics about most aspects of
+accessing the hash table. This is mostly a legacy of Eric Young
+writing this library for the reasons of implementing what looked like
+a nice algorithm rather than for a particular software product.
+.PP
+\&\fIlh_stats()\fR prints out statistics on the size of the hash table, how
+many entries are in it, and the number and result of calls to the
+routines in this library.
+.PP
+\&\fIlh_node_stats()\fR prints the number of entries for each 'bucket' in the
+hash table.
+.PP
+\&\fIlh_node_usage_stats()\fR prints out a short summary of the state of the
+hash table. It prints the 'load' and the 'actual load'. The load is
+the average number of data items per 'bucket' in the hash table. The
+\&'actual load' is the average number of items per 'bucket', but only
+for buckets which contain entries. So the 'actual load' is the
+average number of searches that will need to find an item in the hash
+table, while the 'load' is the average number that will be done to
+record a miss.
+.PP
+\&\fIlh_stats_bio()\fR, \fIlh_node_stats_bio()\fR and \fIlh_node_usage_stats_bio()\fR
+are the same as the above, except that the output goes to a \fB\s-1BIO\s0\fR.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+These functions do not return values.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIbio\fR\|(3), \fIlhash\fR\|(3)
+.SH "HISTORY"
+.IX Header "HISTORY"
+These functions are available in all versions of SSLeay and OpenSSL.
+.PP
+This manpage is derived from the SSLeay documentation.
diff --git a/secure/lib/libcrypto/man/lhash.3 b/secure/lib/libcrypto/man/lhash.3
new file mode 100644
index 0000000..bec634f
--- /dev/null
+++ b/secure/lib/libcrypto/man/lhash.3
@@ -0,0 +1,424 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "lhash 3"
+.TH lhash 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+lh_new, lh_free, lh_insert, lh_delete, lh_retrieve, lh_doall, lh_doall_arg, lh_error \- dynamic hash table
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/lhash.h>
+\&
+\& LHASH *lh_new(LHASH_HASH_FN_TYPE hash, LHASH_COMP_FN_TYPE compare);
+\& void lh_free(LHASH *table);
+\&
+\& void *lh_insert(LHASH *table, void *data);
+\& void *lh_delete(LHASH *table, void *data);
+\& void *lh_retrieve(LHASH *table, void *data);
+\&
+\& void lh_doall(LHASH *table, LHASH_DOALL_FN_TYPE func);
+\& void lh_doall_arg(LHASH *table, LHASH_DOALL_ARG_FN_TYPE func,
+\& void *arg);
+\&
+\& int lh_error(LHASH *table);
+\&
+\& typedef int (*LHASH_COMP_FN_TYPE)(const void *, const void *);
+\& typedef unsigned long (*LHASH_HASH_FN_TYPE)(const void *);
+\& typedef void (*LHASH_DOALL_FN_TYPE)(const void *);
+\& typedef void (*LHASH_DOALL_ARG_FN_TYPE)(const void *, const void *);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+This library implements dynamic hash tables. The hash table entries
+can be arbitrary structures. Usually they consist of key and value
+fields.
+.PP
+\&\fIlh_new()\fR creates a new \fB\s-1LHASH\s0\fR structure to store arbitrary data
+entries, and provides the 'hash' and 'compare' callbacks to be used in
+organising the table's entries. The \fBhash\fR callback takes a pointer
+to a table entry as its argument and returns an unsigned long hash
+value for its key field. The hash value is normally truncated to a
+power of 2, so make sure that your hash function returns well mixed
+low order bits. The \fBcompare\fR callback takes two arguments (pointers
+to two hash table entries), and returns 0 if their keys are equal,
+non-zero otherwise. If your hash table will contain items of some
+particular type and the \fBhash\fR and \fBcompare\fR callbacks hash/compare
+these types, then the \fB\s-1DECLARE_LHASH_HASH_FN\s0\fR and
+\&\fB\s-1IMPLEMENT_LHASH_COMP_FN\s0\fR macros can be used to create callback
+wrappers of the prototypes required by \fIlh_new()\fR. These provide
+per-variable casts before calling the type-specific callbacks written
+by the application author. These macros, as well as those used for
+the \*(L"doall\*(R" callbacks, are defined as;
+.PP
+.Vb 7
+\& #define DECLARE_LHASH_HASH_FN(f_name,o_type) \e
+\& unsigned long f_name##_LHASH_HASH(const void *);
+\& #define IMPLEMENT_LHASH_HASH_FN(f_name,o_type) \e
+\& unsigned long f_name##_LHASH_HASH(const void *arg) { \e
+\& o_type a = (o_type)arg; \e
+\& return f_name(a); }
+\& #define LHASH_HASH_FN(f_name) f_name##_LHASH_HASH
+\&
+\& #define DECLARE_LHASH_COMP_FN(f_name,o_type) \e
+\& int f_name##_LHASH_COMP(const void *, const void *);
+\& #define IMPLEMENT_LHASH_COMP_FN(f_name,o_type) \e
+\& int f_name##_LHASH_COMP(const void *arg1, const void *arg2) { \e
+\& o_type a = (o_type)arg1; \e
+\& o_type b = (o_type)arg2; \e
+\& return f_name(a,b); }
+\& #define LHASH_COMP_FN(f_name) f_name##_LHASH_COMP
+\&
+\& #define DECLARE_LHASH_DOALL_FN(f_name,o_type) \e
+\& void f_name##_LHASH_DOALL(const void *);
+\& #define IMPLEMENT_LHASH_DOALL_FN(f_name,o_type) \e
+\& void f_name##_LHASH_DOALL(const void *arg) { \e
+\& o_type a = (o_type)arg; \e
+\& f_name(a); }
+\& #define LHASH_DOALL_FN(f_name) f_name##_LHASH_DOALL
+\&
+\& #define DECLARE_LHASH_DOALL_ARG_FN(f_name,o_type,a_type) \e
+\& void f_name##_LHASH_DOALL_ARG(const void *, const void *);
+\& #define IMPLEMENT_LHASH_DOALL_ARG_FN(f_name,o_type,a_type) \e
+\& void f_name##_LHASH_DOALL_ARG(const void *arg1, const void *arg2) { \e
+\& o_type a = (o_type)arg1; \e
+\& a_type b = (a_type)arg2; \e
+\& f_name(a,b); }
+\& #define LHASH_DOALL_ARG_FN(f_name) f_name##_LHASH_DOALL_ARG
+.Ve
+.PP
+An example of a hash table storing (pointers to) structures of type '\s-1STUFF\s0'
+could be defined as follows;
+.PP
+.Vb 10
+\& /* Calculates the hash value of \*(Aqtohash\*(Aq (implemented elsewhere) */
+\& unsigned long STUFF_hash(const STUFF *tohash);
+\& /* Orders \*(Aqarg1\*(Aq and \*(Aqarg2\*(Aq (implemented elsewhere) */
+\& int STUFF_cmp(const STUFF *arg1, const STUFF *arg2);
+\& /* Create the type\-safe wrapper functions for use in the LHASH internals */
+\& static IMPLEMENT_LHASH_HASH_FN(STUFF_hash, const STUFF *)
+\& static IMPLEMENT_LHASH_COMP_FN(STUFF_cmp, const STUFF *);
+\& /* ... */
+\& int main(int argc, char *argv[]) {
+\& /* Create the new hash table using the hash/compare wrappers */
+\& LHASH *hashtable = lh_new(LHASH_HASH_FN(STUFF_hash),
+\& LHASH_COMP_FN(STUFF_cmp));
+\& /* ... */
+\& }
+.Ve
+.PP
+\&\fIlh_free()\fR frees the \fB\s-1LHASH\s0\fR structure \fBtable\fR. Allocated hash table
+entries will not be freed; consider using \fIlh_doall()\fR to deallocate any
+remaining entries in the hash table (see below).
+.PP
+\&\fIlh_insert()\fR inserts the structure pointed to by \fBdata\fR into \fBtable\fR.
+If there already is an entry with the same key, the old value is
+replaced. Note that \fIlh_insert()\fR stores pointers, the data are not
+copied.
+.PP
+\&\fIlh_delete()\fR deletes an entry from \fBtable\fR.
+.PP
+\&\fIlh_retrieve()\fR looks up an entry in \fBtable\fR. Normally, \fBdata\fR is
+a structure with the key field(s) set; the function will return a
+pointer to a fully populated structure.
+.PP
+\&\fIlh_doall()\fR will, for every entry in the hash table, call \fBfunc\fR with
+the data item as its parameter. For \fIlh_doall()\fR and \fIlh_doall_arg()\fR,
+function pointer casting should be avoided in the callbacks (see
+\&\fB\s-1NOTE\s0\fR) \- instead, either declare the callbacks to match the
+prototype required in \fIlh_new()\fR or use the declare/implement macros to
+create type-safe wrappers that cast variables prior to calling your
+type-specific callbacks. An example of this is illustrated here where
+the callback is used to cleanup resources for items in the hash table
+prior to the hashtable itself being deallocated:
+.PP
+.Vb 9
+\& /* Cleans up resources belonging to \*(Aqa\*(Aq (this is implemented elsewhere) */
+\& void STUFF_cleanup(STUFF *a);
+\& /* Implement a prototype\-compatible wrapper for "STUFF_cleanup" */
+\& IMPLEMENT_LHASH_DOALL_FN(STUFF_cleanup, STUFF *)
+\& /* ... then later in the code ... */
+\& /* So to run "STUFF_cleanup" against all items in a hash table ... */
+\& lh_doall(hashtable, LHASH_DOALL_FN(STUFF_cleanup));
+\& /* Then the hash table itself can be deallocated */
+\& lh_free(hashtable);
+.Ve
+.PP
+When doing this, be careful if you delete entries from the hash table
+in your callbacks: the table may decrease in size, moving the item
+that you are currently on down lower in the hash table \- this could
+cause some entries to be skipped during the iteration. The second
+best solution to this problem is to set hash\->down_load=0 before
+you start (which will stop the hash table ever decreasing in size).
+The best solution is probably to avoid deleting items from the hash
+table inside a \*(L"doall\*(R" callback!
+.PP
+\&\fIlh_doall_arg()\fR is the same as \fIlh_doall()\fR except that \fBfunc\fR will be
+called with \fBarg\fR as the second argument and \fBfunc\fR should be of
+type \fB\s-1LHASH_DOALL_ARG_FN_TYPE\s0\fR (a callback prototype that is passed
+both the table entry and an extra argument). As with \fIlh_doall()\fR, you
+can instead choose to declare your callback with a prototype matching
+the types you are dealing with and use the declare/implement macros to
+create compatible wrappers that cast variables before calling your
+type-specific callbacks. An example of this is demonstrated here
+(printing all hash table entries to a \s-1BIO\s0 that is provided by the
+caller):
+.PP
+.Vb 7
+\& /* Prints item \*(Aqa\*(Aq to \*(Aqoutput_bio\*(Aq (this is implemented elsewhere) */
+\& void STUFF_print(const STUFF *a, BIO *output_bio);
+\& /* Implement a prototype\-compatible wrapper for "STUFF_print" */
+\& static IMPLEMENT_LHASH_DOALL_ARG_FN(STUFF_print, const STUFF *, BIO *)
+\& /* ... then later in the code ... */
+\& /* Print out the entire hashtable to a particular BIO */
+\& lh_doall_arg(hashtable, LHASH_DOALL_ARG_FN(STUFF_print), logging_bio);
+.Ve
+.PP
+\&\fIlh_error()\fR can be used to determine if an error occurred in the last
+operation. \fIlh_error()\fR is a macro.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+\&\fIlh_new()\fR returns \fB\s-1NULL\s0\fR on error, otherwise a pointer to the new
+\&\fB\s-1LHASH\s0\fR structure.
+.PP
+When a hash table entry is replaced, \fIlh_insert()\fR returns the value
+being replaced. \fB\s-1NULL\s0\fR is returned on normal operation and on error.
+.PP
+\&\fIlh_delete()\fR returns the entry being deleted. \fB\s-1NULL\s0\fR is returned if
+there is no such value in the hash table.
+.PP
+\&\fIlh_retrieve()\fR returns the hash table entry if it has been found,
+\&\fB\s-1NULL\s0\fR otherwise.
+.PP
+\&\fIlh_error()\fR returns 1 if an error occurred in the last operation, 0
+otherwise.
+.PP
+\&\fIlh_free()\fR, \fIlh_doall()\fR and \fIlh_doall_arg()\fR return no values.
+.SH "NOTE"
+.IX Header "NOTE"
+The various \s-1LHASH\s0 macros and callback types exist to make it possible
+to write type-safe code without resorting to function-prototype
+casting \- an evil that makes application code much harder to
+audit/verify and also opens the window of opportunity for stack
+corruption and other hard-to-find bugs. It also, apparently, violates
+ANSI-C.
+.PP
+The \s-1LHASH\s0 code regards table entries as constant data. As such, it
+internally represents \fIlh_insert()\fR'd items with a \*(L"const void *\*(R"
+pointer type. This is why callbacks such as those used by \fIlh_doall()\fR
+and \fIlh_doall_arg()\fR declare their prototypes with \*(L"const\*(R", even for the
+parameters that pass back the table items' data pointers \- for
+consistency, user-provided data is \*(L"const\*(R" at all times as far as the
+\&\s-1LHASH\s0 code is concerned. However, as callers are themselves providing
+these pointers, they can choose whether they too should be treating
+all such parameters as constant.
+.PP
+As an example, a hash table may be maintained by code that, for
+reasons of encapsulation, has only \*(L"const\*(R" access to the data being
+indexed in the hash table (ie. it is returned as \*(L"const\*(R" from
+elsewhere in their code) \- in this case the \s-1LHASH\s0 prototypes are
+appropriate as-is. Conversely, if the caller is responsible for the
+life-time of the data in question, then they may well wish to make
+modifications to table item passed back in the \fIlh_doall()\fR or
+\&\fIlh_doall_arg()\fR callbacks (see the \*(L"STUFF_cleanup\*(R" example above). If
+so, the caller can either cast the \*(L"const\*(R" away (if they're providing
+the raw callbacks themselves) or use the macros to declare/implement
+the wrapper functions without \*(L"const\*(R" types.
+.PP
+Callers that only have \*(L"const\*(R" access to data they're indexing in a
+table, yet declare callbacks without constant types (or cast the
+\&\*(L"const\*(R" away themselves), are therefore creating their own risks/bugs
+without being encouraged to do so by the \s-1API\s0. On a related note,
+those auditing code should pay special attention to any instances of
+DECLARE/IMPLEMENT_LHASH_DOALL_[\s-1ARG_\s0]_FN macros that provide types
+without any \*(L"const\*(R" qualifiers.
+.SH "BUGS"
+.IX Header "BUGS"
+\&\fIlh_insert()\fR returns \fB\s-1NULL\s0\fR both for success and error.
+.SH "INTERNALS"
+.IX Header "INTERNALS"
+The following description is based on the SSLeay documentation:
+.PP
+The \fBlhash\fR library implements a hash table described in the
+\&\fICommunications of the \s-1ACM\s0\fR in 1991. What makes this hash table
+different is that as the table fills, the hash table is increased (or
+decreased) in size via \fIOPENSSL_realloc()\fR. When a 'resize' is done, instead of
+all hashes being redistributed over twice as many 'buckets', one
+bucket is split. So when an 'expand' is done, there is only a minimal
+cost to redistribute some values. Subsequent inserts will cause more
+single 'bucket' redistributions but there will never be a sudden large
+cost due to redistributing all the 'buckets'.
+.PP
+The state for a particular hash table is kept in the \fB\s-1LHASH\s0\fR structure.
+The decision to increase or decrease the hash table size is made
+depending on the 'load' of the hash table. The load is the number of
+items in the hash table divided by the size of the hash table. The
+default values are as follows. If (hash\->up_load < load) =>
+expand. if (hash\->down_load > load) => contract. The
+\&\fBup_load\fR has a default value of 1 and \fBdown_load\fR has a default value
+of 2. These numbers can be modified by the application by just
+playing with the \fBup_load\fR and \fBdown_load\fR variables. The 'load' is
+kept in a form which is multiplied by 256. So
+hash\->up_load=8*256; will cause a load of 8 to be set.
+.PP
+If you are interested in performance the field to watch is
+num_comp_calls. The hash library keeps track of the 'hash' value for
+each item so when a lookup is done, the 'hashes' are compared, if
+there is a match, then a full compare is done, and
+hash\->num_comp_calls is incremented. If num_comp_calls is not equal
+to num_delete plus num_retrieve it means that your hash function is
+generating hashes that are the same for different values. It is
+probably worth changing your hash function if this is the case because
+even if your hash table has 10 items in a 'bucket', it can be searched
+with 10 \fBunsigned long\fR compares and 10 linked list traverses. This
+will be much less expensive that 10 calls to your compare function.
+.PP
+\&\fIlh_strhash()\fR is a demo string hashing function:
+.PP
+.Vb 1
+\& unsigned long lh_strhash(const char *c);
+.Ve
+.PP
+Since the \fB\s-1LHASH\s0\fR routines would normally be passed structures, this
+routine would not normally be passed to \fIlh_new()\fR, rather it would be
+used in the function passed to \fIlh_new()\fR.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIlh_stats\fR\|(3)
+.SH "HISTORY"
+.IX Header "HISTORY"
+The \fBlhash\fR library is available in all versions of SSLeay and OpenSSL.
+\&\fIlh_error()\fR was added in SSLeay 0.9.1b.
+.PP
+This manpage is derived from the SSLeay documentation.
+.PP
+In OpenSSL 0.9.7, all lhash functions that were passed function pointers
+were changed for better type safety, and the function types \s-1LHASH_COMP_FN_TYPE\s0,
+\&\s-1LHASH_HASH_FN_TYPE\s0, \s-1LHASH_DOALL_FN_TYPE\s0 and \s-1LHASH_DOALL_ARG_FN_TYPE\s0
+became available.
diff --git a/secure/lib/libcrypto/man/md5.3 b/secure/lib/libcrypto/man/md5.3
new file mode 100644
index 0000000..c80bcef
--- /dev/null
+++ b/secure/lib/libcrypto/man/md5.3
@@ -0,0 +1,222 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "md5 3"
+.TH md5 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+MD2, MD4, MD5, MD2_Init, MD2_Update, MD2_Final, MD4_Init, MD4_Update,
+MD4_Final, MD5_Init, MD5_Update, MD5_Final \- MD2, MD4, and MD5 hash functions
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/md2.h>
+\&
+\& unsigned char *MD2(const unsigned char *d, unsigned long n,
+\& unsigned char *md);
+\&
+\& int MD2_Init(MD2_CTX *c);
+\& int MD2_Update(MD2_CTX *c, const unsigned char *data,
+\& unsigned long len);
+\& int MD2_Final(unsigned char *md, MD2_CTX *c);
+\&
+\&
+\& #include <openssl/md4.h>
+\&
+\& unsigned char *MD4(const unsigned char *d, unsigned long n,
+\& unsigned char *md);
+\&
+\& int MD4_Init(MD4_CTX *c);
+\& int MD4_Update(MD4_CTX *c, const void *data,
+\& unsigned long len);
+\& int MD4_Final(unsigned char *md, MD4_CTX *c);
+\&
+\&
+\& #include <openssl/md5.h>
+\&
+\& unsigned char *MD5(const unsigned char *d, unsigned long n,
+\& unsigned char *md);
+\&
+\& int MD5_Init(MD5_CTX *c);
+\& int MD5_Update(MD5_CTX *c, const void *data,
+\& unsigned long len);
+\& int MD5_Final(unsigned char *md, MD5_CTX *c);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\s-1MD2\s0, \s-1MD4\s0, and \s-1MD5\s0 are cryptographic hash functions with a 128 bit output.
+.PP
+\&\s-1\fIMD2\s0()\fR, \s-1\fIMD4\s0()\fR, and \s-1\fIMD5\s0()\fR compute the \s-1MD2\s0, \s-1MD4\s0, and \s-1MD5\s0 message digest
+of the \fBn\fR bytes at \fBd\fR and place it in \fBmd\fR (which must have space
+for \s-1MD2_DIGEST_LENGTH\s0 == \s-1MD4_DIGEST_LENGTH\s0 == \s-1MD5_DIGEST_LENGTH\s0 == 16
+bytes of output). If \fBmd\fR is \s-1NULL\s0, the digest is placed in a static
+array.
+.PP
+The following functions may be used if the message is not completely
+stored in memory:
+.PP
+\&\fIMD2_Init()\fR initializes a \fB\s-1MD2_CTX\s0\fR structure.
+.PP
+\&\fIMD2_Update()\fR can be called repeatedly with chunks of the message to
+be hashed (\fBlen\fR bytes at \fBdata\fR).
+.PP
+\&\fIMD2_Final()\fR places the message digest in \fBmd\fR, which must have space
+for \s-1MD2_DIGEST_LENGTH\s0 == 16 bytes of output, and erases the \fB\s-1MD2_CTX\s0\fR.
+.PP
+\&\fIMD4_Init()\fR, \fIMD4_Update()\fR, \fIMD4_Final()\fR, \fIMD5_Init()\fR, \fIMD5_Update()\fR, and
+\&\fIMD5_Final()\fR are analogous using an \fB\s-1MD4_CTX\s0\fR and \fB\s-1MD5_CTX\s0\fR structure.
+.PP
+Applications should use the higher level functions
+\&\fIEVP_DigestInit\fR\|(3)
+etc. instead of calling the hash functions directly.
+.SH "NOTE"
+.IX Header "NOTE"
+\&\s-1MD2\s0, \s-1MD4\s0, and \s-1MD5\s0 are recommended only for compatibility with existing
+applications. In new applications, \s-1SHA\-1\s0 or \s-1RIPEMD\-160\s0 should be
+preferred.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+\&\s-1\fIMD2\s0()\fR, \s-1\fIMD4\s0()\fR, and \s-1\fIMD5\s0()\fR return pointers to the hash value.
+.PP
+\&\fIMD2_Init()\fR, \fIMD2_Update()\fR, \fIMD2_Final()\fR, \fIMD4_Init()\fR, \fIMD4_Update()\fR,
+\&\fIMD4_Final()\fR, \fIMD5_Init()\fR, \fIMD5_Update()\fR, and \fIMD5_Final()\fR return 1 for
+success, 0 otherwise.
+.SH "CONFORMING TO"
+.IX Header "CONFORMING TO"
+\&\s-1RFC\s0 1319, \s-1RFC\s0 1320, \s-1RFC\s0 1321
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIsha\fR\|(3), \fIripemd\fR\|(3), \fIEVP_DigestInit\fR\|(3)
+.SH "HISTORY"
+.IX Header "HISTORY"
+\&\s-1\fIMD2\s0()\fR, \fIMD2_Init()\fR, \fIMD2_Update()\fR \fIMD2_Final()\fR, \s-1\fIMD5\s0()\fR, \fIMD5_Init()\fR,
+\&\fIMD5_Update()\fR and \fIMD5_Final()\fR are available in all versions of SSLeay
+and OpenSSL.
+.PP
+\&\s-1\fIMD4\s0()\fR, \fIMD4_Init()\fR, and \fIMD4_Update()\fR are available in OpenSSL 0.9.6 and
+above.
diff --git a/secure/lib/libcrypto/man/mdc2.3 b/secure/lib/libcrypto/man/mdc2.3
new file mode 100644
index 0000000..13f03fd
--- /dev/null
+++ b/secure/lib/libcrypto/man/mdc2.3
@@ -0,0 +1,186 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "mdc2 3"
+.TH mdc2 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+MDC2, MDC2_Init, MDC2_Update, MDC2_Final \- MDC2 hash function
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/mdc2.h>
+\&
+\& unsigned char *MDC2(const unsigned char *d, unsigned long n,
+\& unsigned char *md);
+\&
+\& int MDC2_Init(MDC2_CTX *c);
+\& int MDC2_Update(MDC2_CTX *c, const unsigned char *data,
+\& unsigned long len);
+\& int MDC2_Final(unsigned char *md, MDC2_CTX *c);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\s-1MDC2\s0 is a method to construct hash functions with 128 bit output from
+block ciphers. These functions are an implementation of \s-1MDC2\s0 with
+\&\s-1DES\s0.
+.PP
+\&\s-1\fIMDC2\s0()\fR computes the \s-1MDC2\s0 message digest of the \fBn\fR
+bytes at \fBd\fR and places it in \fBmd\fR (which must have space for
+\&\s-1MDC2_DIGEST_LENGTH\s0 == 16 bytes of output). If \fBmd\fR is \s-1NULL\s0, the digest
+is placed in a static array.
+.PP
+The following functions may be used if the message is not completely
+stored in memory:
+.PP
+\&\fIMDC2_Init()\fR initializes a \fB\s-1MDC2_CTX\s0\fR structure.
+.PP
+\&\fIMDC2_Update()\fR can be called repeatedly with chunks of the message to
+be hashed (\fBlen\fR bytes at \fBdata\fR).
+.PP
+\&\fIMDC2_Final()\fR places the message digest in \fBmd\fR, which must have space
+for \s-1MDC2_DIGEST_LENGTH\s0 == 16 bytes of output, and erases the \fB\s-1MDC2_CTX\s0\fR.
+.PP
+Applications should use the higher level functions
+\&\fIEVP_DigestInit\fR\|(3) etc. instead of calling the
+hash functions directly.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+\&\s-1\fIMDC2\s0()\fR returns a pointer to the hash value.
+.PP
+\&\fIMDC2_Init()\fR, \fIMDC2_Update()\fR and \fIMDC2_Final()\fR return 1 for success, 0 otherwise.
+.SH "CONFORMING TO"
+.IX Header "CONFORMING TO"
+\&\s-1ISO/IEC\s0 10118\-2, with \s-1DES\s0
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIsha\fR\|(3), \fIEVP_DigestInit\fR\|(3)
+.SH "HISTORY"
+.IX Header "HISTORY"
+\&\s-1\fIMDC2\s0()\fR, \fIMDC2_Init()\fR, \fIMDC2_Update()\fR and \fIMDC2_Final()\fR are available since
+SSLeay 0.8.
diff --git a/secure/lib/libcrypto/man/pem.3 b/secure/lib/libcrypto/man/pem.3
new file mode 100644
index 0000000..470a74f
--- /dev/null
+++ b/secure/lib/libcrypto/man/pem.3
@@ -0,0 +1,626 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "pem 3"
+.TH pem 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+PEM, PEM_read_bio_PrivateKey, PEM_read_PrivateKey, PEM_write_bio_PrivateKey, PEM_write_PrivateKey, PEM_write_bio_PKCS8PrivateKey, PEM_write_PKCS8PrivateKey, PEM_write_bio_PKCS8PrivateKey_nid, PEM_write_PKCS8PrivateKey_nid, PEM_read_bio_PUBKEY, PEM_read_PUBKEY, PEM_write_bio_PUBKEY, PEM_write_PUBKEY, PEM_read_bio_RSAPrivateKey, PEM_read_RSAPrivateKey, PEM_write_bio_RSAPrivateKey, PEM_write_RSAPrivateKey, PEM_read_bio_RSAPublicKey, PEM_read_RSAPublicKey, PEM_write_bio_RSAPublicKey, PEM_write_RSAPublicKey, PEM_read_bio_RSA_PUBKEY, PEM_read_RSA_PUBKEY, PEM_write_bio_RSA_PUBKEY, PEM_write_RSA_PUBKEY, PEM_read_bio_DSAPrivateKey, PEM_read_DSAPrivateKey, PEM_write_bio_DSAPrivateKey, PEM_write_DSAPrivateKey, PEM_read_bio_DSA_PUBKEY, PEM_read_DSA_PUBKEY, PEM_write_bio_DSA_PUBKEY, PEM_write_DSA_PUBKEY, PEM_read_bio_DSAparams, PEM_read_DSAparams, PEM_write_bio_DSAparams, PEM_write_DSAparams, PEM_read_bio_DHparams, PEM_read_DHparams, PEM_write_bio_DHparams, PEM_write_DHparams, PEM_read_bio_X509, PEM_read_X509, PEM_write_bio_X509, PEM_write_X509, PEM_read_bio_X509_AUX, PEM_read_X509_AUX, PEM_write_bio_X509_AUX, PEM_write_X509_AUX, PEM_read_bio_X509_REQ, PEM_read_X509_REQ, PEM_write_bio_X509_REQ, PEM_write_X509_REQ, PEM_write_bio_X509_REQ_NEW, PEM_write_X509_REQ_NEW, PEM_read_bio_X509_CRL, PEM_read_X509_CRL, PEM_write_bio_X509_CRL, PEM_write_X509_CRL, PEM_read_bio_PKCS7, PEM_read_PKCS7, PEM_write_bio_PKCS7, PEM_write_PKCS7, PEM_read_bio_NETSCAPE_CERT_SEQUENCE, PEM_read_NETSCAPE_CERT_SEQUENCE, PEM_write_bio_NETSCAPE_CERT_SEQUENCE, PEM_write_NETSCAPE_CERT_SEQUENCE \- PEM routines
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/pem.h>
+\&
+\& EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x,
+\& pem_password_cb *cb, void *u);
+\&
+\& EVP_PKEY *PEM_read_PrivateKey(FILE *fp, EVP_PKEY **x,
+\& pem_password_cb *cb, void *u);
+\&
+\& int PEM_write_bio_PrivateKey(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc,
+\& unsigned char *kstr, int klen,
+\& pem_password_cb *cb, void *u);
+\&
+\& int PEM_write_PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,
+\& unsigned char *kstr, int klen,
+\& pem_password_cb *cb, void *u);
+\&
+\& int PEM_write_bio_PKCS8PrivateKey(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc,
+\& char *kstr, int klen,
+\& pem_password_cb *cb, void *u);
+\&
+\& int PEM_write_PKCS8PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,
+\& char *kstr, int klen,
+\& pem_password_cb *cb, void *u);
+\&
+\& int PEM_write_bio_PKCS8PrivateKey_nid(BIO *bp, EVP_PKEY *x, int nid,
+\& char *kstr, int klen,
+\& pem_password_cb *cb, void *u);
+\&
+\& int PEM_write_PKCS8PrivateKey_nid(FILE *fp, EVP_PKEY *x, int nid,
+\& char *kstr, int klen,
+\& pem_password_cb *cb, void *u);
+\&
+\& EVP_PKEY *PEM_read_bio_PUBKEY(BIO *bp, EVP_PKEY **x,
+\& pem_password_cb *cb, void *u);
+\&
+\& EVP_PKEY *PEM_read_PUBKEY(FILE *fp, EVP_PKEY **x,
+\& pem_password_cb *cb, void *u);
+\&
+\& int PEM_write_bio_PUBKEY(BIO *bp, EVP_PKEY *x);
+\& int PEM_write_PUBKEY(FILE *fp, EVP_PKEY *x);
+\&
+\& RSA *PEM_read_bio_RSAPrivateKey(BIO *bp, RSA **x,
+\& pem_password_cb *cb, void *u);
+\&
+\& RSA *PEM_read_RSAPrivateKey(FILE *fp, RSA **x,
+\& pem_password_cb *cb, void *u);
+\&
+\& int PEM_write_bio_RSAPrivateKey(BIO *bp, RSA *x, const EVP_CIPHER *enc,
+\& unsigned char *kstr, int klen,
+\& pem_password_cb *cb, void *u);
+\&
+\& int PEM_write_RSAPrivateKey(FILE *fp, RSA *x, const EVP_CIPHER *enc,
+\& unsigned char *kstr, int klen,
+\& pem_password_cb *cb, void *u);
+\&
+\& RSA *PEM_read_bio_RSAPublicKey(BIO *bp, RSA **x,
+\& pem_password_cb *cb, void *u);
+\&
+\& RSA *PEM_read_RSAPublicKey(FILE *fp, RSA **x,
+\& pem_password_cb *cb, void *u);
+\&
+\& int PEM_write_bio_RSAPublicKey(BIO *bp, RSA *x);
+\&
+\& int PEM_write_RSAPublicKey(FILE *fp, RSA *x);
+\&
+\& RSA *PEM_read_bio_RSA_PUBKEY(BIO *bp, RSA **x,
+\& pem_password_cb *cb, void *u);
+\&
+\& RSA *PEM_read_RSA_PUBKEY(FILE *fp, RSA **x,
+\& pem_password_cb *cb, void *u);
+\&
+\& int PEM_write_bio_RSA_PUBKEY(BIO *bp, RSA *x);
+\&
+\& int PEM_write_RSA_PUBKEY(FILE *fp, RSA *x);
+\&
+\& DSA *PEM_read_bio_DSAPrivateKey(BIO *bp, DSA **x,
+\& pem_password_cb *cb, void *u);
+\&
+\& DSA *PEM_read_DSAPrivateKey(FILE *fp, DSA **x,
+\& pem_password_cb *cb, void *u);
+\&
+\& int PEM_write_bio_DSAPrivateKey(BIO *bp, DSA *x, const EVP_CIPHER *enc,
+\& unsigned char *kstr, int klen,
+\& pem_password_cb *cb, void *u);
+\&
+\& int PEM_write_DSAPrivateKey(FILE *fp, DSA *x, const EVP_CIPHER *enc,
+\& unsigned char *kstr, int klen,
+\& pem_password_cb *cb, void *u);
+\&
+\& DSA *PEM_read_bio_DSA_PUBKEY(BIO *bp, DSA **x,
+\& pem_password_cb *cb, void *u);
+\&
+\& DSA *PEM_read_DSA_PUBKEY(FILE *fp, DSA **x,
+\& pem_password_cb *cb, void *u);
+\&
+\& int PEM_write_bio_DSA_PUBKEY(BIO *bp, DSA *x);
+\&
+\& int PEM_write_DSA_PUBKEY(FILE *fp, DSA *x);
+\&
+\& DSA *PEM_read_bio_DSAparams(BIO *bp, DSA **x, pem_password_cb *cb, void *u);
+\&
+\& DSA *PEM_read_DSAparams(FILE *fp, DSA **x, pem_password_cb *cb, void *u);
+\&
+\& int PEM_write_bio_DSAparams(BIO *bp, DSA *x);
+\&
+\& int PEM_write_DSAparams(FILE *fp, DSA *x);
+\&
+\& DH *PEM_read_bio_DHparams(BIO *bp, DH **x, pem_password_cb *cb, void *u);
+\&
+\& DH *PEM_read_DHparams(FILE *fp, DH **x, pem_password_cb *cb, void *u);
+\&
+\& int PEM_write_bio_DHparams(BIO *bp, DH *x);
+\&
+\& int PEM_write_DHparams(FILE *fp, DH *x);
+\&
+\& X509 *PEM_read_bio_X509(BIO *bp, X509 **x, pem_password_cb *cb, void *u);
+\&
+\& X509 *PEM_read_X509(FILE *fp, X509 **x, pem_password_cb *cb, void *u);
+\&
+\& int PEM_write_bio_X509(BIO *bp, X509 *x);
+\&
+\& int PEM_write_X509(FILE *fp, X509 *x);
+\&
+\& X509 *PEM_read_bio_X509_AUX(BIO *bp, X509 **x, pem_password_cb *cb, void *u);
+\&
+\& X509 *PEM_read_X509_AUX(FILE *fp, X509 **x, pem_password_cb *cb, void *u);
+\&
+\& int PEM_write_bio_X509_AUX(BIO *bp, X509 *x);
+\&
+\& int PEM_write_X509_AUX(FILE *fp, X509 *x);
+\&
+\& X509_REQ *PEM_read_bio_X509_REQ(BIO *bp, X509_REQ **x,
+\& pem_password_cb *cb, void *u);
+\&
+\& X509_REQ *PEM_read_X509_REQ(FILE *fp, X509_REQ **x,
+\& pem_password_cb *cb, void *u);
+\&
+\& int PEM_write_bio_X509_REQ(BIO *bp, X509_REQ *x);
+\&
+\& int PEM_write_X509_REQ(FILE *fp, X509_REQ *x);
+\&
+\& int PEM_write_bio_X509_REQ_NEW(BIO *bp, X509_REQ *x);
+\&
+\& int PEM_write_X509_REQ_NEW(FILE *fp, X509_REQ *x);
+\&
+\& X509_CRL *PEM_read_bio_X509_CRL(BIO *bp, X509_CRL **x,
+\& pem_password_cb *cb, void *u);
+\& X509_CRL *PEM_read_X509_CRL(FILE *fp, X509_CRL **x,
+\& pem_password_cb *cb, void *u);
+\& int PEM_write_bio_X509_CRL(BIO *bp, X509_CRL *x);
+\& int PEM_write_X509_CRL(FILE *fp, X509_CRL *x);
+\&
+\& PKCS7 *PEM_read_bio_PKCS7(BIO *bp, PKCS7 **x, pem_password_cb *cb, void *u);
+\&
+\& PKCS7 *PEM_read_PKCS7(FILE *fp, PKCS7 **x, pem_password_cb *cb, void *u);
+\&
+\& int PEM_write_bio_PKCS7(BIO *bp, PKCS7 *x);
+\&
+\& int PEM_write_PKCS7(FILE *fp, PKCS7 *x);
+\&
+\& NETSCAPE_CERT_SEQUENCE *PEM_read_bio_NETSCAPE_CERT_SEQUENCE(BIO *bp,
+\& NETSCAPE_CERT_SEQUENCE **x,
+\& pem_password_cb *cb, void *u);
+\&
+\& NETSCAPE_CERT_SEQUENCE *PEM_read_NETSCAPE_CERT_SEQUENCE(FILE *fp,
+\& NETSCAPE_CERT_SEQUENCE **x,
+\& pem_password_cb *cb, void *u);
+\&
+\& int PEM_write_bio_NETSCAPE_CERT_SEQUENCE(BIO *bp, NETSCAPE_CERT_SEQUENCE *x);
+\&
+\& int PEM_write_NETSCAPE_CERT_SEQUENCE(FILE *fp, NETSCAPE_CERT_SEQUENCE *x);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+The \s-1PEM\s0 functions read or write structures in \s-1PEM\s0 format. In
+this sense \s-1PEM\s0 format is simply base64 encoded data surrounded
+by header lines.
+.PP
+For more details about the meaning of arguments see the
+\&\fB\s-1PEM\s0 \s-1FUNCTION\s0 \s-1ARGUMENTS\s0\fR section.
+.PP
+Each operation has four functions associated with it. For
+clarity the term "\fBfoobar\fR functions" will be used to collectively
+refer to the \fIPEM_read_bio_foobar()\fR, \fIPEM_read_foobar()\fR,
+\&\fIPEM_write_bio_foobar()\fR and \fIPEM_write_foobar()\fR functions.
+.PP
+The \fBPrivateKey\fR functions read or write a private key in
+\&\s-1PEM\s0 format using an \s-1EVP_PKEY\s0 structure. The write routines use
+\&\*(L"traditional\*(R" private key format and can handle both \s-1RSA\s0 and \s-1DSA\s0
+private keys. The read functions can additionally transparently
+handle PKCS#8 format encrypted and unencrypted keys too.
+.PP
+\&\fIPEM_write_bio_PKCS8PrivateKey()\fR and \fIPEM_write_PKCS8PrivateKey()\fR
+write a private key in an \s-1EVP_PKEY\s0 structure in PKCS#8
+EncryptedPrivateKeyInfo format using PKCS#5 v2.0 password based encryption
+algorithms. The \fBcipher\fR argument specifies the encryption algoritm to
+use: unlike all other \s-1PEM\s0 routines the encryption is applied at the
+PKCS#8 level and not in the \s-1PEM\s0 headers. If \fBcipher\fR is \s-1NULL\s0 then no
+encryption is used and a PKCS#8 PrivateKeyInfo structure is used instead.
+.PP
+\&\fIPEM_write_bio_PKCS8PrivateKey_nid()\fR and \fIPEM_write_PKCS8PrivateKey_nid()\fR
+also write out a private key as a PKCS#8 EncryptedPrivateKeyInfo however
+it uses PKCS#5 v1.5 or PKCS#12 encryption algorithms instead. The algorithm
+to use is specified in the \fBnid\fR parameter and should be the \s-1NID\s0 of the
+corresponding \s-1OBJECT\s0 \s-1IDENTIFIER\s0 (see \s-1NOTES\s0 section).
+.PP
+The \fB\s-1PUBKEY\s0\fR functions process a public key using an \s-1EVP_PKEY\s0
+structure. The public key is encoded as a SubjectPublicKeyInfo
+structure.
+.PP
+The \fBRSAPrivateKey\fR functions process an \s-1RSA\s0 private key using an
+\&\s-1RSA\s0 structure. It handles the same formats as the \fBPrivateKey\fR
+functions but an error occurs if the private key is not \s-1RSA\s0.
+.PP
+The \fBRSAPublicKey\fR functions process an \s-1RSA\s0 public key using an
+\&\s-1RSA\s0 structure. The public key is encoded using a PKCS#1 RSAPublicKey
+structure.
+.PP
+The \fB\s-1RSA_PUBKEY\s0\fR functions also process an \s-1RSA\s0 public key using
+an \s-1RSA\s0 structure. However the public key is encoded using a
+SubjectPublicKeyInfo structure and an error occurs if the public
+key is not \s-1RSA\s0.
+.PP
+The \fBDSAPrivateKey\fR functions process a \s-1DSA\s0 private key using a
+\&\s-1DSA\s0 structure. It handles the same formats as the \fBPrivateKey\fR
+functions but an error occurs if the private key is not \s-1DSA\s0.
+.PP
+The \fB\s-1DSA_PUBKEY\s0\fR functions process a \s-1DSA\s0 public key using
+a \s-1DSA\s0 structure. The public key is encoded using a
+SubjectPublicKeyInfo structure and an error occurs if the public
+key is not \s-1DSA\s0.
+.PP
+The \fBDSAparams\fR functions process \s-1DSA\s0 parameters using a \s-1DSA\s0
+structure. The parameters are encoded using a foobar structure.
+.PP
+The \fBDHparams\fR functions process \s-1DH\s0 parameters using a \s-1DH\s0
+structure. The parameters are encoded using a PKCS#3 DHparameter
+structure.
+.PP
+The \fBX509\fR functions process an X509 certificate using an X509
+structure. They will also process a trusted X509 certificate but
+any trust settings are discarded.
+.PP
+The \fBX509_AUX\fR functions process a trusted X509 certificate using
+an X509 structure.
+.PP
+The \fBX509_REQ\fR and \fBX509_REQ_NEW\fR functions process a PKCS#10
+certificate request using an X509_REQ structure. The \fBX509_REQ\fR
+write functions use \fB\s-1CERTIFICATE\s0 \s-1REQUEST\s0\fR in the header whereas
+the \fBX509_REQ_NEW\fR functions use \fB\s-1NEW\s0 \s-1CERTIFICATE\s0 \s-1REQUEST\s0\fR
+(as required by some CAs). The \fBX509_REQ\fR read functions will
+handle either form so there are no \fBX509_REQ_NEW\fR read functions.
+.PP
+The \fBX509_CRL\fR functions process an X509 \s-1CRL\s0 using an X509_CRL
+structure.
+.PP
+The \fB\s-1PKCS7\s0\fR functions process a PKCS#7 ContentInfo using a \s-1PKCS7\s0
+structure.
+.PP
+The \fB\s-1NETSCAPE_CERT_SEQUENCE\s0\fR functions process a Netscape Certificate
+Sequence using a \s-1NETSCAPE_CERT_SEQUENCE\s0 structure.
+.SH "PEM FUNCTION ARGUMENTS"
+.IX Header "PEM FUNCTION ARGUMENTS"
+The \s-1PEM\s0 functions have many common arguments.
+.PP
+The \fBbp\fR \s-1BIO\s0 parameter (if present) specifies the \s-1BIO\s0 to read from
+or write to.
+.PP
+The \fBfp\fR \s-1FILE\s0 parameter (if present) specifies the \s-1FILE\s0 pointer to
+read from or write to.
+.PP
+The \s-1PEM\s0 read functions all take an argument \fB\s-1TYPE\s0 **x\fR and return
+a \fB\s-1TYPE\s0 *\fR pointer. Where \fB\s-1TYPE\s0\fR is whatever structure the function
+uses. If \fBx\fR is \s-1NULL\s0 then the parameter is ignored. If \fBx\fR is not
+\&\s-1NULL\s0 but \fB*x\fR is \s-1NULL\s0 then the structure returned will be written
+to \fB*x\fR. If neither \fBx\fR nor \fB*x\fR is \s-1NULL\s0 then an attempt is made
+to reuse the structure at \fB*x\fR (but see \s-1BUGS\s0 and \s-1EXAMPLES\s0 sections).
+Irrespective of the value of \fBx\fR a pointer to the structure is always
+returned (or \s-1NULL\s0 if an error occurred).
+.PP
+The \s-1PEM\s0 functions which write private keys take an \fBenc\fR parameter
+which specifies the encryption algorithm to use, encryption is done
+at the \s-1PEM\s0 level. If this parameter is set to \s-1NULL\s0 then the private
+key is written in unencrypted form.
+.PP
+The \fBcb\fR argument is the callback to use when querying for the pass
+phrase used for encrypted \s-1PEM\s0 structures (normally only private keys).
+.PP
+For the \s-1PEM\s0 write routines if the \fBkstr\fR parameter is not \s-1NULL\s0 then
+\&\fBklen\fR bytes at \fBkstr\fR are used as the passphrase and \fBcb\fR is
+ignored.
+.PP
+If the \fBcb\fR parameters is set to \s-1NULL\s0 and the \fBu\fR parameter is not
+\&\s-1NULL\s0 then the \fBu\fR parameter is interpreted as a null terminated string
+to use as the passphrase. If both \fBcb\fR and \fBu\fR are \s-1NULL\s0 then the
+default callback routine is used which will typically prompt for the
+passphrase on the current terminal with echoing turned off.
+.PP
+The default passphrase callback is sometimes inappropriate (for example
+in a \s-1GUI\s0 application) so an alternative can be supplied. The callback
+routine has the following form:
+.PP
+.Vb 1
+\& int cb(char *buf, int size, int rwflag, void *u);
+.Ve
+.PP
+\&\fBbuf\fR is the buffer to write the passphrase to. \fBsize\fR is the maximum
+length of the passphrase (i.e. the size of buf). \fBrwflag\fR is a flag
+which is set to 0 when reading and 1 when writing. A typical routine
+will ask the user to verify the passphrase (for example by prompting
+for it twice) if \fBrwflag\fR is 1. The \fBu\fR parameter has the same
+value as the \fBu\fR parameter passed to the \s-1PEM\s0 routine. It allows
+arbitrary data to be passed to the callback by the application
+(for example a window handle in a \s-1GUI\s0 application). The callback
+\&\fBmust\fR return the number of characters in the passphrase or 0 if
+an error occurred.
+.SH "EXAMPLES"
+.IX Header "EXAMPLES"
+Although the \s-1PEM\s0 routines take several arguments in almost all applications
+most of them are set to 0 or \s-1NULL\s0.
+.PP
+Read a certificate in \s-1PEM\s0 format from a \s-1BIO:\s0
+.PP
+.Vb 6
+\& X509 *x;
+\& x = PEM_read_bio_X509(bp, NULL, 0, NULL);
+\& if (x == NULL)
+\& {
+\& /* Error */
+\& }
+.Ve
+.PP
+Alternative method:
+.PP
+.Vb 5
+\& X509 *x = NULL;
+\& if (!PEM_read_bio_X509(bp, &x, 0, NULL))
+\& {
+\& /* Error */
+\& }
+.Ve
+.PP
+Write a certificate to a \s-1BIO:\s0
+.PP
+.Vb 4
+\& if (!PEM_write_bio_X509(bp, x))
+\& {
+\& /* Error */
+\& }
+.Ve
+.PP
+Write an unencrypted private key to a \s-1FILE\s0 pointer:
+.PP
+.Vb 4
+\& if (!PEM_write_PrivateKey(fp, key, NULL, NULL, 0, 0, NULL))
+\& {
+\& /* Error */
+\& }
+.Ve
+.PP
+Write a private key (using traditional format) to a \s-1BIO\s0 using
+triple \s-1DES\s0 encryption, the pass phrase is prompted for:
+.PP
+.Vb 4
+\& if (!PEM_write_bio_PrivateKey(bp, key, EVP_des_ede3_cbc(), NULL, 0, 0, NULL))
+\& {
+\& /* Error */
+\& }
+.Ve
+.PP
+Write a private key (using PKCS#8 format) to a \s-1BIO\s0 using triple
+\&\s-1DES\s0 encryption, using the pass phrase \*(L"hello\*(R":
+.PP
+.Vb 4
+\& if (!PEM_write_bio_PKCS8PrivateKey(bp, key, EVP_des_ede3_cbc(), NULL, 0, 0, "hello"))
+\& {
+\& /* Error */
+\& }
+.Ve
+.PP
+Read a private key from a \s-1BIO\s0 using the pass phrase \*(L"hello\*(R":
+.PP
+.Vb 5
+\& key = PEM_read_bio_PrivateKey(bp, NULL, 0, "hello");
+\& if (key == NULL)
+\& {
+\& /* Error */
+\& }
+.Ve
+.PP
+Read a private key from a \s-1BIO\s0 using a pass phrase callback:
+.PP
+.Vb 5
+\& key = PEM_read_bio_PrivateKey(bp, NULL, pass_cb, "My Private Key");
+\& if (key == NULL)
+\& {
+\& /* Error */
+\& }
+.Ve
+.PP
+Skeleton pass phrase callback:
+.PP
+.Vb 6
+\& int pass_cb(char *buf, int size, int rwflag, void *u);
+\& {
+\& int len;
+\& char *tmp;
+\& /* We\*(Aqd probably do something else if \*(Aqrwflag\*(Aq is 1 */
+\& printf("Enter pass phrase for \e"%s\e"\en", u);
+\&
+\& /* get pass phrase, length \*(Aqlen\*(Aq into \*(Aqtmp\*(Aq */
+\& tmp = "hello";
+\& len = strlen(tmp);
+\&
+\& if (len <= 0) return 0;
+\& /* if too long, truncate */
+\& if (len > size) len = size;
+\& memcpy(buf, tmp, len);
+\& return len;
+\& }
+.Ve
+.SH "NOTES"
+.IX Header "NOTES"
+The old \fBPrivateKey\fR write routines are retained for compatibility.
+New applications should write private keys using the
+\&\fIPEM_write_bio_PKCS8PrivateKey()\fR or \fIPEM_write_PKCS8PrivateKey()\fR routines
+because they are more secure (they use an iteration count of 2048 whereas
+the traditional routines use a count of 1) unless compatibility with older
+versions of OpenSSL is important.
+.PP
+The \fBPrivateKey\fR read routines can be used in all applications because
+they handle all formats transparently.
+.PP
+A frequent cause of problems is attempting to use the \s-1PEM\s0 routines like
+this:
+.PP
+.Vb 2
+\& X509 *x;
+\& PEM_read_bio_X509(bp, &x, 0, NULL);
+.Ve
+.PP
+this is a bug because an attempt will be made to reuse the data at \fBx\fR
+which is an uninitialised pointer.
+.SH "PEM ENCRYPTION FORMAT"
+.IX Header "PEM ENCRYPTION FORMAT"
+This old \fBPrivateKey\fR routines use a non standard technique for encryption.
+.PP
+The private key (or other data) takes the following form:
+.PP
+.Vb 3
+\& \-\-\-\-\-BEGIN RSA PRIVATE KEY\-\-\-\-\-
+\& Proc\-Type: 4,ENCRYPTED
+\& DEK\-Info: DES\-EDE3\-CBC,3F17F5316E2BAC89
+\&
+\& ...base64 encoded data...
+\& \-\-\-\-\-END RSA PRIVATE KEY\-\-\-\-\-
+.Ve
+.PP
+The line beginning DEK-Info contains two comma separated pieces of information:
+the encryption algorithm name as used by \fIEVP_get_cipherbyname()\fR and an 8
+byte \fBsalt\fR encoded as a set of hexadecimal digits.
+.PP
+After this is the base64 encoded encrypted data.
+.PP
+The encryption key is determined using \fIEVP_bytestokey()\fR, using \fBsalt\fR and an
+iteration count of 1. The \s-1IV\s0 used is the value of \fBsalt\fR and *not* the \s-1IV\s0
+returned by \fIEVP_bytestokey()\fR.
+.SH "BUGS"
+.IX Header "BUGS"
+The \s-1PEM\s0 read routines in some versions of OpenSSL will not correctly reuse
+an existing structure. Therefore the following:
+.PP
+.Vb 1
+\& PEM_read_bio_X509(bp, &x, 0, NULL);
+.Ve
+.PP
+where \fBx\fR already contains a valid certificate, may not work, whereas:
+.PP
+.Vb 2
+\& X509_free(x);
+\& x = PEM_read_bio_X509(bp, NULL, 0, NULL);
+.Ve
+.PP
+is guaranteed to work.
+.SH "RETURN CODES"
+.IX Header "RETURN CODES"
+The read routines return either a pointer to the structure read or \s-1NULL\s0
+if an error occurred.
+.PP
+The write routines return 1 for success or 0 for failure.
diff --git a/secure/lib/libcrypto/man/rand.3 b/secure/lib/libcrypto/man/rand.3
new file mode 100644
index 0000000..c5f654d
--- /dev/null
+++ b/secure/lib/libcrypto/man/rand.3
@@ -0,0 +1,281 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "rand 3"
+.TH rand 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+rand \- pseudo\-random number generator
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/rand.h>
+\&
+\& int RAND_set_rand_engine(ENGINE *engine);
+\&
+\& int RAND_bytes(unsigned char *buf, int num);
+\& int RAND_pseudo_bytes(unsigned char *buf, int num);
+\&
+\& void RAND_seed(const void *buf, int num);
+\& void RAND_add(const void *buf, int num, int entropy);
+\& int RAND_status(void);
+\&
+\& int RAND_load_file(const char *file, long max_bytes);
+\& int RAND_write_file(const char *file);
+\& const char *RAND_file_name(char *file, size_t num);
+\&
+\& int RAND_egd(const char *path);
+\&
+\& void RAND_set_rand_method(const RAND_METHOD *meth);
+\& const RAND_METHOD *RAND_get_rand_method(void);
+\& RAND_METHOD *RAND_SSLeay(void);
+\&
+\& void RAND_cleanup(void);
+\&
+\& /* For Win32 only */
+\& void RAND_screen(void);
+\& int RAND_event(UINT, WPARAM, LPARAM);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+Since the introduction of the \s-1ENGINE\s0 \s-1API\s0, the recommended way of controlling
+default implementations is by using the \s-1ENGINE\s0 \s-1API\s0 functions. The default
+\&\fB\s-1RAND_METHOD\s0\fR, as set by \fIRAND_set_rand_method()\fR and returned by
+\&\fIRAND_get_rand_method()\fR, is only used if no \s-1ENGINE\s0 has been set as the default
+\&\*(L"rand\*(R" implementation. Hence, these two functions are no longer the recommened
+way to control defaults.
+.PP
+If an alternative \fB\s-1RAND_METHOD\s0\fR implementation is being used (either set
+directly or as provided by an \s-1ENGINE\s0 module), then it is entirely responsible
+for the generation and management of a cryptographically secure \s-1PRNG\s0 stream. The
+mechanisms described below relate solely to the software \s-1PRNG\s0 implementation
+built in to OpenSSL and used by default.
+.PP
+These functions implement a cryptographically secure pseudo-random
+number generator (\s-1PRNG\s0). It is used by other library functions for
+example to generate random keys, and applications can use it when they
+need randomness.
+.PP
+A cryptographic \s-1PRNG\s0 must be seeded with unpredictable data such as
+mouse movements or keys pressed at random by the user. This is
+described in \fIRAND_add\fR\|(3). Its state can be saved in a seed file
+(see \fIRAND_load_file\fR\|(3)) to avoid having to go through the
+seeding process whenever the application is started.
+.PP
+\&\fIRAND_bytes\fR\|(3) describes how to obtain random data from the
+\&\s-1PRNG\s0.
+.SH "INTERNALS"
+.IX Header "INTERNALS"
+The \fIRAND_SSLeay()\fR method implements a \s-1PRNG\s0 based on a cryptographic
+hash function.
+.PP
+The following description of its design is based on the SSLeay
+documentation:
+.PP
+First up I will state the things I believe I need for a good \s-1RNG\s0.
+.IP "1." 4
+A good hashing algorithm to mix things up and to convert the \s-1RNG\s0 'state'
+to random numbers.
+.IP "2." 4
+An initial source of random 'state'.
+.IP "3." 4
+The state should be very large. If the \s-1RNG\s0 is being used to generate
+4096 bit \s-1RSA\s0 keys, 2 2048 bit random strings are required (at a minimum).
+If your \s-1RNG\s0 state only has 128 bits, you are obviously limiting the
+search space to 128 bits, not 2048. I'm probably getting a little
+carried away on this last point but it does indicate that it may not be
+a bad idea to keep quite a lot of \s-1RNG\s0 state. It should be easier to
+break a cipher than guess the \s-1RNG\s0 seed data.
+.IP "4." 4
+Any \s-1RNG\s0 seed data should influence all subsequent random numbers
+generated. This implies that any random seed data entered will have
+an influence on all subsequent random numbers generated.
+.IP "5." 4
+When using data to seed the \s-1RNG\s0 state, the data used should not be
+extractable from the \s-1RNG\s0 state. I believe this should be a
+requirement because one possible source of 'secret' semi random
+data would be a private key or a password. This data must
+not be disclosed by either subsequent random numbers or a
+\&'core' dump left by a program crash.
+.IP "6." 4
+Given the same initial 'state', 2 systems should deviate in their \s-1RNG\s0 state
+(and hence the random numbers generated) over time if at all possible.
+.IP "7." 4
+Given the random number output stream, it should not be possible to determine
+the \s-1RNG\s0 state or the next random number.
+.PP
+The algorithm is as follows.
+.PP
+There is global state made up of a 1023 byte buffer (the 'state'), a
+working hash value ('md'), and a counter ('count').
+.PP
+Whenever seed data is added, it is inserted into the 'state' as
+follows.
+.PP
+The input is chopped up into units of 20 bytes (or less for
+the last block). Each of these blocks is run through the hash
+function as follows: The data passed to the hash function
+is the current 'md', the same number of bytes from the 'state'
+(the location determined by in incremented looping index) as
+the current 'block', the new key data 'block', and 'count'
+(which is incremented after each use).
+The result of this is kept in 'md' and also xored into the
+\&'state' at the same locations that were used as input into the
+hash function. I
+believe this system addresses points 1 (hash function; currently
+\&\s-1SHA\-1\s0), 3 (the 'state'), 4 (via the 'md'), 5 (by the use of a hash
+function and xor).
+.PP
+When bytes are extracted from the \s-1RNG\s0, the following process is used.
+For each group of 10 bytes (or less), we do the following:
+.PP
+Input into the hash function the local 'md' (which is initialized from
+the global 'md' before any bytes are generated), the bytes that are to
+be overwritten by the random bytes, and bytes from the 'state'
+(incrementing looping index). From this digest output (which is kept
+in 'md'), the top (up to) 10 bytes are returned to the caller and the
+bottom 10 bytes are xored into the 'state'.
+.PP
+Finally, after we have finished 'num' random bytes for the caller,
+\&'count' (which is incremented) and the local and global 'md' are fed
+into the hash function and the results are kept in the global 'md'.
+.PP
+I believe the above addressed points 1 (use of \s-1SHA\-1\s0), 6 (by hashing
+into the 'state' the 'old' data from the caller that is about to be
+overwritten) and 7 (by not using the 10 bytes given to the caller to
+update the 'state', but they are used to update 'md').
+.PP
+So of the points raised, only 2 is not addressed (but see
+\&\fIRAND_add\fR\|(3)).
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIBN_rand\fR\|(3), \fIRAND_add\fR\|(3),
+\&\fIRAND_load_file\fR\|(3), \fIRAND_egd\fR\|(3),
+\&\fIRAND_bytes\fR\|(3),
+\&\fIRAND_set_rand_method\fR\|(3),
+\&\fIRAND_cleanup\fR\|(3)
diff --git a/secure/lib/libcrypto/man/rc4.3 b/secure/lib/libcrypto/man/rc4.3
new file mode 100644
index 0000000..fbcbf3c
--- /dev/null
+++ b/secure/lib/libcrypto/man/rc4.3
@@ -0,0 +1,184 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "rc4 3"
+.TH rc4 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+RC4_set_key, RC4 \- RC4 encryption
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/rc4.h>
+\&
+\& void RC4_set_key(RC4_KEY *key, int len, const unsigned char *data);
+\&
+\& void RC4(RC4_KEY *key, unsigned long len, const unsigned char *indata,
+\& unsigned char *outdata);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+This library implements the Alleged \s-1RC4\s0 cipher, which is described for
+example in \fIApplied Cryptography\fR. It is believed to be compatible
+with RC4[\s-1TM\s0], a proprietary cipher of \s-1RSA\s0 Security Inc.
+.PP
+\&\s-1RC4\s0 is a stream cipher with variable key length. Typically, 128 bit
+(16 byte) keys are used for strong encryption, but shorter insecure
+key sizes have been widely used due to export restrictions.
+.PP
+\&\s-1RC4\s0 consists of a key setup phase and the actual encryption or
+decryption phase.
+.PP
+\&\fIRC4_set_key()\fR sets up the \fB\s-1RC4_KEY\s0\fR \fBkey\fR using the \fBlen\fR bytes long
+key at \fBdata\fR.
+.PP
+\&\s-1\fIRC4\s0()\fR encrypts or decrypts the \fBlen\fR bytes of data at \fBindata\fR using
+\&\fBkey\fR and places the result at \fBoutdata\fR. Repeated \s-1\fIRC4\s0()\fR calls with
+the same \fBkey\fR yield a continuous key stream.
+.PP
+Since \s-1RC4\s0 is a stream cipher (the input is XORed with a pseudo-random
+key stream to produce the output), decryption uses the same function
+calls as encryption.
+.PP
+Applications should use the higher level functions
+\&\fIEVP_EncryptInit\fR\|(3)
+etc. instead of calling the \s-1RC4\s0 functions directly.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+\&\fIRC4_set_key()\fR and \s-1\fIRC4\s0()\fR do not return values.
+.SH "NOTE"
+.IX Header "NOTE"
+Certain conditions have to be observed to securely use stream ciphers.
+It is not permissible to perform multiple encryptions using the same
+key stream.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIblowfish\fR\|(3), \fIdes\fR\|(3), \fIrc2\fR\|(3)
+.SH "HISTORY"
+.IX Header "HISTORY"
+\&\fIRC4_set_key()\fR and \s-1\fIRC4\s0()\fR are available in all versions of SSLeay and OpenSSL.
diff --git a/secure/lib/libcrypto/man/ripemd.3 b/secure/lib/libcrypto/man/ripemd.3
new file mode 100644
index 0000000..abde3f8
--- /dev/null
+++ b/secure/lib/libcrypto/man/ripemd.3
@@ -0,0 +1,188 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "ripemd 3"
+.TH ripemd 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+RIPEMD160, RIPEMD160_Init, RIPEMD160_Update, RIPEMD160_Final \-
+RIPEMD\-160 hash function
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/ripemd.h>
+\&
+\& unsigned char *RIPEMD160(const unsigned char *d, unsigned long n,
+\& unsigned char *md);
+\&
+\& int RIPEMD160_Init(RIPEMD160_CTX *c);
+\& int RIPEMD160_Update(RIPEMD_CTX *c, const void *data,
+\& unsigned long len);
+\& int RIPEMD160_Final(unsigned char *md, RIPEMD160_CTX *c);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\s-1RIPEMD\-160\s0 is a cryptographic hash function with a
+160 bit output.
+.PP
+\&\s-1\fIRIPEMD160\s0()\fR computes the \s-1RIPEMD\-160\s0 message digest of the \fBn\fR
+bytes at \fBd\fR and places it in \fBmd\fR (which must have space for
+\&\s-1RIPEMD160_DIGEST_LENGTH\s0 == 20 bytes of output). If \fBmd\fR is \s-1NULL\s0, the digest
+is placed in a static array.
+.PP
+The following functions may be used if the message is not completely
+stored in memory:
+.PP
+\&\fIRIPEMD160_Init()\fR initializes a \fB\s-1RIPEMD160_CTX\s0\fR structure.
+.PP
+\&\fIRIPEMD160_Update()\fR can be called repeatedly with chunks of the message to
+be hashed (\fBlen\fR bytes at \fBdata\fR).
+.PP
+\&\fIRIPEMD160_Final()\fR places the message digest in \fBmd\fR, which must have
+space for \s-1RIPEMD160_DIGEST_LENGTH\s0 == 20 bytes of output, and erases
+the \fB\s-1RIPEMD160_CTX\s0\fR.
+.PP
+Applications should use the higher level functions
+\&\fIEVP_DigestInit\fR\|(3) etc. instead of calling the
+hash functions directly.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+\&\s-1\fIRIPEMD160\s0()\fR returns a pointer to the hash value.
+.PP
+\&\fIRIPEMD160_Init()\fR, \fIRIPEMD160_Update()\fR and \fIRIPEMD160_Final()\fR return 1 for
+success, 0 otherwise.
+.SH "CONFORMING TO"
+.IX Header "CONFORMING TO"
+\&\s-1ISO/IEC\s0 10118\-3 (draft) (??)
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIsha\fR\|(3), \fIhmac\fR\|(3), \fIEVP_DigestInit\fR\|(3)
+.SH "HISTORY"
+.IX Header "HISTORY"
+\&\s-1\fIRIPEMD160\s0()\fR, \fIRIPEMD160_Init()\fR, \fIRIPEMD160_Update()\fR and
+\&\fIRIPEMD160_Final()\fR are available since SSLeay 0.9.0.
diff --git a/secure/lib/libcrypto/man/rsa.3 b/secure/lib/libcrypto/man/rsa.3
new file mode 100644
index 0000000..6bc5672
--- /dev/null
+++ b/secure/lib/libcrypto/man/rsa.3
@@ -0,0 +1,248 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "rsa 3"
+.TH rsa 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+rsa \- RSA public key cryptosystem
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 2
+\& #include <openssl/rsa.h>
+\& #include <openssl/engine.h>
+\&
+\& RSA * RSA_new(void);
+\& void RSA_free(RSA *rsa);
+\&
+\& int RSA_public_encrypt(int flen, unsigned char *from,
+\& unsigned char *to, RSA *rsa, int padding);
+\& int RSA_private_decrypt(int flen, unsigned char *from,
+\& unsigned char *to, RSA *rsa, int padding);
+\& int RSA_private_encrypt(int flen, unsigned char *from,
+\& unsigned char *to, RSA *rsa,int padding);
+\& int RSA_public_decrypt(int flen, unsigned char *from,
+\& unsigned char *to, RSA *rsa,int padding);
+\&
+\& int RSA_sign(int type, unsigned char *m, unsigned int m_len,
+\& unsigned char *sigret, unsigned int *siglen, RSA *rsa);
+\& int RSA_verify(int type, unsigned char *m, unsigned int m_len,
+\& unsigned char *sigbuf, unsigned int siglen, RSA *rsa);
+\&
+\& int RSA_size(const RSA *rsa);
+\&
+\& RSA *RSA_generate_key(int num, unsigned long e,
+\& void (*callback)(int,int,void *), void *cb_arg);
+\&
+\& int RSA_check_key(RSA *rsa);
+\&
+\& int RSA_blinding_on(RSA *rsa, BN_CTX *ctx);
+\& void RSA_blinding_off(RSA *rsa);
+\&
+\& void RSA_set_default_method(const RSA_METHOD *meth);
+\& const RSA_METHOD *RSA_get_default_method(void);
+\& int RSA_set_method(RSA *rsa, const RSA_METHOD *meth);
+\& const RSA_METHOD *RSA_get_method(const RSA *rsa);
+\& RSA_METHOD *RSA_PKCS1_SSLeay(void);
+\& RSA_METHOD *RSA_null_method(void);
+\& int RSA_flags(const RSA *rsa);
+\& RSA *RSA_new_method(ENGINE *engine);
+\&
+\& int RSA_print(BIO *bp, RSA *x, int offset);
+\& int RSA_print_fp(FILE *fp, RSA *x, int offset);
+\&
+\& int RSA_get_ex_new_index(long argl, char *argp, int (*new_func)(),
+\& int (*dup_func)(), void (*free_func)());
+\& int RSA_set_ex_data(RSA *r,int idx,char *arg);
+\& char *RSA_get_ex_data(RSA *r, int idx);
+\&
+\& int RSA_sign_ASN1_OCTET_STRING(int dummy, unsigned char *m,
+\& unsigned int m_len, unsigned char *sigret, unsigned int *siglen,
+\& RSA *rsa);
+\& int RSA_verify_ASN1_OCTET_STRING(int dummy, unsigned char *m,
+\& unsigned int m_len, unsigned char *sigbuf, unsigned int siglen,
+\& RSA *rsa);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+These functions implement \s-1RSA\s0 public key encryption and signatures
+as defined in \s-1PKCS\s0 #1 v2.0 [\s-1RFC\s0 2437].
+.PP
+The \fB\s-1RSA\s0\fR structure consists of several \s-1BIGNUM\s0 components. It can
+contain public as well as private \s-1RSA\s0 keys:
+.PP
+.Vb 10
+\& struct
+\& {
+\& BIGNUM *n; // public modulus
+\& BIGNUM *e; // public exponent
+\& BIGNUM *d; // private exponent
+\& BIGNUM *p; // secret prime factor
+\& BIGNUM *q; // secret prime factor
+\& BIGNUM *dmp1; // d mod (p\-1)
+\& BIGNUM *dmq1; // d mod (q\-1)
+\& BIGNUM *iqmp; // q^\-1 mod p
+\& // ...
+\& };
+\& RSA
+.Ve
+.PP
+In public keys, the private exponent and the related secret values are
+\&\fB\s-1NULL\s0\fR.
+.PP
+\&\fBp\fR, \fBq\fR, \fBdmp1\fR, \fBdmq1\fR and \fBiqmp\fR may be \fB\s-1NULL\s0\fR in private
+keys, but the \s-1RSA\s0 operations are much faster when these values are
+available.
+.PP
+Note that \s-1RSA\s0 keys may use non-standard \fB\s-1RSA_METHOD\s0\fR implementations,
+either directly or by the use of \fB\s-1ENGINE\s0\fR modules. In some cases (eg. an
+\&\s-1ENGINE\s0 providing support for hardware-embedded keys), these \s-1BIGNUM\s0 values
+will not be used by the implementation or may be used for alternative data
+storage. For this reason, applications should generally avoid using \s-1RSA\s0
+structure elements directly and instead use \s-1API\s0 functions to query or
+modify keys.
+.SH "CONFORMING TO"
+.IX Header "CONFORMING TO"
+\&\s-1SSL\s0, \s-1PKCS\s0 #1 v2.0
+.SH "PATENTS"
+.IX Header "PATENTS"
+\&\s-1RSA\s0 was covered by a \s-1US\s0 patent which expired in September 2000.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIrsa\fR\|(1), \fIbn\fR\|(3), \fIdsa\fR\|(3), \fIdh\fR\|(3),
+\&\fIrand\fR\|(3), \fIengine\fR\|(3), \fIRSA_new\fR\|(3),
+\&\fIRSA_public_encrypt\fR\|(3),
+\&\fIRSA_sign\fR\|(3), \fIRSA_size\fR\|(3),
+\&\fIRSA_generate_key\fR\|(3),
+\&\fIRSA_check_key\fR\|(3),
+\&\fIRSA_blinding_on\fR\|(3),
+\&\fIRSA_set_method\fR\|(3), \fIRSA_print\fR\|(3),
+\&\fIRSA_get_ex_new_index\fR\|(3),
+\&\fIRSA_private_encrypt\fR\|(3),
+\&\fIRSA_sign_ASN1_OCTET_STRING\fR\|(3),
+\&\fIRSA_padding_add_PKCS1_type_1\fR\|(3)
diff --git a/secure/lib/libcrypto/man/sha.3 b/secure/lib/libcrypto/man/sha.3
new file mode 100644
index 0000000..b9120fa
--- /dev/null
+++ b/secure/lib/libcrypto/man/sha.3
@@ -0,0 +1,192 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "sha 3"
+.TH sha 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+SHA1, SHA1_Init, SHA1_Update, SHA1_Final \- Secure Hash Algorithm
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/sha.h>
+\&
+\& unsigned char *SHA1(const unsigned char *d, unsigned long n,
+\& unsigned char *md);
+\&
+\& int SHA1_Init(SHA_CTX *c);
+\& int SHA1_Update(SHA_CTX *c, const void *data,
+\& unsigned long len);
+\& int SHA1_Final(unsigned char *md, SHA_CTX *c);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\s-1SHA\-1\s0 (Secure Hash Algorithm) is a cryptographic hash function with a
+160 bit output.
+.PP
+\&\s-1\fISHA1\s0()\fR computes the \s-1SHA\-1\s0 message digest of the \fBn\fR
+bytes at \fBd\fR and places it in \fBmd\fR (which must have space for
+\&\s-1SHA_DIGEST_LENGTH\s0 == 20 bytes of output). If \fBmd\fR is \s-1NULL\s0, the digest
+is placed in a static array.
+.PP
+The following functions may be used if the message is not completely
+stored in memory:
+.PP
+\&\fISHA1_Init()\fR initializes a \fB\s-1SHA_CTX\s0\fR structure.
+.PP
+\&\fISHA1_Update()\fR can be called repeatedly with chunks of the message to
+be hashed (\fBlen\fR bytes at \fBdata\fR).
+.PP
+\&\fISHA1_Final()\fR places the message digest in \fBmd\fR, which must have space
+for \s-1SHA_DIGEST_LENGTH\s0 == 20 bytes of output, and erases the \fB\s-1SHA_CTX\s0\fR.
+.PP
+Applications should use the higher level functions
+\&\fIEVP_DigestInit\fR\|(3)
+etc. instead of calling the hash functions directly.
+.PP
+The predecessor of \s-1SHA\-1\s0, \s-1SHA\s0, is also implemented, but it should be
+used only when backward compatibility is required.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+\&\s-1\fISHA1\s0()\fR returns a pointer to the hash value.
+.PP
+\&\fISHA1_Init()\fR, \fISHA1_Update()\fR and \fISHA1_Final()\fR return 1 for success, 0 otherwise.
+.SH "CONFORMING TO"
+.IX Header "CONFORMING TO"
+\&\s-1SHA:\s0 \s-1US\s0 Federal Information Processing Standard \s-1FIPS\s0 \s-1PUB\s0 180 (Secure Hash
+Standard),
+\&\s-1SHA\-1:\s0 \s-1US\s0 Federal Information Processing Standard \s-1FIPS\s0 \s-1PUB\s0 180\-1 (Secure Hash
+Standard),
+\&\s-1ANSI\s0 X9.30
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIripemd\fR\|(3), \fIhmac\fR\|(3), \fIEVP_DigestInit\fR\|(3)
+.SH "HISTORY"
+.IX Header "HISTORY"
+\&\s-1\fISHA1\s0()\fR, \fISHA1_Init()\fR, \fISHA1_Update()\fR and \fISHA1_Final()\fR are available in all
+versions of SSLeay and OpenSSL.
diff --git a/secure/lib/libcrypto/man/threads.3 b/secure/lib/libcrypto/man/threads.3
new file mode 100644
index 0000000..5907668
--- /dev/null
+++ b/secure/lib/libcrypto/man/threads.3
@@ -0,0 +1,294 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "threads 3"
+.TH threads 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+CRYPTO_set_locking_callback, CRYPTO_set_id_callback, CRYPTO_num_locks,
+CRYPTO_set_dynlock_create_callback, CRYPTO_set_dynlock_lock_callback,
+CRYPTO_set_dynlock_destroy_callback, CRYPTO_get_new_dynlockid,
+CRYPTO_destroy_dynlockid, CRYPTO_lock \- OpenSSL thread support
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/crypto.h>
+\&
+\& void CRYPTO_set_locking_callback(void (*locking_function)(int mode,
+\& int n, const char *file, int line));
+\&
+\& void CRYPTO_set_id_callback(unsigned long (*id_function)(void));
+\&
+\& int CRYPTO_num_locks(void);
+\&
+\&
+\& /* struct CRYPTO_dynlock_value needs to be defined by the user */
+\& struct CRYPTO_dynlock_value;
+\&
+\& void CRYPTO_set_dynlock_create_callback(struct CRYPTO_dynlock_value *
+\& (*dyn_create_function)(char *file, int line));
+\& void CRYPTO_set_dynlock_lock_callback(void (*dyn_lock_function)
+\& (int mode, struct CRYPTO_dynlock_value *l,
+\& const char *file, int line));
+\& void CRYPTO_set_dynlock_destroy_callback(void (*dyn_destroy_function)
+\& (struct CRYPTO_dynlock_value *l, const char *file, int line));
+\&
+\& int CRYPTO_get_new_dynlockid(void);
+\&
+\& void CRYPTO_destroy_dynlockid(int i);
+\&
+\& void CRYPTO_lock(int mode, int n, const char *file, int line);
+\&
+\& #define CRYPTO_w_lock(type) \e
+\& CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,_\|_FILE_\|_,_\|_LINE_\|_)
+\& #define CRYPTO_w_unlock(type) \e
+\& CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,_\|_FILE_\|_,_\|_LINE_\|_)
+\& #define CRYPTO_r_lock(type) \e
+\& CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ,type,_\|_FILE_\|_,_\|_LINE_\|_)
+\& #define CRYPTO_r_unlock(type) \e
+\& CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,_\|_FILE_\|_,_\|_LINE_\|_)
+\& #define CRYPTO_add(addr,amount,type) \e
+\& CRYPTO_add_lock(addr,amount,type,_\|_FILE_\|_,_\|_LINE_\|_)
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+OpenSSL can safely be used in multi-threaded applications provided
+that at least two callback functions are set.
+.PP
+locking_function(int mode, int n, const char *file, int line) is
+needed to perform locking on shared data structures.
+(Note that OpenSSL uses a number of global data structures that
+will be implicitly shared whenever multiple threads use OpenSSL.)
+Multi-threaded applications will crash at random if it is not set.
+.PP
+\&\fIlocking_function()\fR must be able to handle up to \fICRYPTO_num_locks()\fR
+different mutex locks. It sets the \fBn\fR\-th lock if \fBmode\fR &
+\&\fB\s-1CRYPTO_LOCK\s0\fR, and releases it otherwise.
+.PP
+\&\fBfile\fR and \fBline\fR are the file number of the function setting the
+lock. They can be useful for debugging.
+.PP
+id_function(void) is a function that returns a thread \s-1ID\s0, for example
+\&\fIpthread_self()\fR if it returns an integer (see \s-1NOTES\s0 below). It isn't
+needed on Windows nor on platforms where \fIgetpid()\fR returns a different
+\&\s-1ID\s0 for each thread (see \s-1NOTES\s0 below).
+.PP
+Additionally, OpenSSL supports dynamic locks, and sometimes, some parts
+of OpenSSL need it for better performance. To enable this, the following
+is required:
+.IP "\(bu" 4
+Three additional callback function, dyn_create_function, dyn_lock_function
+and dyn_destroy_function.
+.IP "\(bu" 4
+A structure defined with the data that each lock needs to handle.
+.PP
+struct CRYPTO_dynlock_value has to be defined to contain whatever structure
+is needed to handle locks.
+.PP
+dyn_create_function(const char *file, int line) is needed to create a
+lock. Multi-threaded applications might crash at random if it is not set.
+.PP
+dyn_lock_function(int mode, CRYPTO_dynlock *l, const char *file, int line)
+is needed to perform locking off dynamic lock numbered n. Multi-threaded
+applications might crash at random if it is not set.
+.PP
+dyn_destroy_function(CRYPTO_dynlock *l, const char *file, int line) is
+needed to destroy the lock l. Multi-threaded applications might crash at
+random if it is not set.
+.PP
+\&\fICRYPTO_get_new_dynlockid()\fR is used to create locks. It will call
+dyn_create_function for the actual creation.
+.PP
+\&\fICRYPTO_destroy_dynlockid()\fR is used to destroy locks. It will call
+dyn_destroy_function for the actual destruction.
+.PP
+\&\fICRYPTO_lock()\fR is used to lock and unlock the locks. mode is a bitfield
+describing what should be done with the lock. n is the number of the
+lock as returned from \fICRYPTO_get_new_dynlockid()\fR. mode can be combined
+from the following values. These values are pairwise exclusive, with
+undefined behaviour if misused (for example, \s-1CRYPTO_READ\s0 and \s-1CRYPTO_WRITE\s0
+should not be used together):
+.PP
+.Vb 4
+\& CRYPTO_LOCK 0x01
+\& CRYPTO_UNLOCK 0x02
+\& CRYPTO_READ 0x04
+\& CRYPTO_WRITE 0x08
+.Ve
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+\&\fICRYPTO_num_locks()\fR returns the required number of locks.
+.PP
+\&\fICRYPTO_get_new_dynlockid()\fR returns the index to the newly created lock.
+.PP
+The other functions return no values.
+.SH "NOTES"
+.IX Header "NOTES"
+You can find out if OpenSSL was configured with thread support:
+.PP
+.Vb 7
+\& #define OPENSSL_THREAD_DEFINES
+\& #include <openssl/opensslconf.h>
+\& #if defined(OPENSSL_THREADS)
+\& // thread support enabled
+\& #else
+\& // no thread support
+\& #endif
+.Ve
+.PP
+Also, dynamic locks are currently not used internally by OpenSSL, but
+may do so in the future.
+.PP
+Defining id_function(void) has it's own issues. Generally speaking,
+\&\fIpthread_self()\fR should be used, even on platforms where \fIgetpid()\fR gives
+different answers in each thread, since that may depend on the machine
+the program is run on, not the machine where the program is being
+compiled. For instance, Red Hat 8 Linux and earlier used
+LinuxThreads, whose \fIgetpid()\fR returns a different value for each
+thread. Red Hat 9 Linux and later use \s-1NPTL\s0, which is
+Posix-conformant, and has a \fIgetpid()\fR that returns the same value for
+all threads in a process. A program compiled on Red Hat 8 and run on
+Red Hat 9 will therefore see \fIgetpid()\fR returning the same value for
+all threads.
+.PP
+There is still the issue of platforms where \fIpthread_self()\fR returns
+something other than an integer. This is a bit unusual, and this
+manual has no cookbook solution for that case.
+.SH "EXAMPLES"
+.IX Header "EXAMPLES"
+\&\fBcrypto/threads/mttest.c\fR shows examples of the callback functions on
+Solaris, Irix and Win32.
+.SH "HISTORY"
+.IX Header "HISTORY"
+\&\fICRYPTO_set_locking_callback()\fR and \fICRYPTO_set_id_callback()\fR are
+available in all versions of SSLeay and OpenSSL.
+\&\fICRYPTO_num_locks()\fR was added in OpenSSL 0.9.4.
+All functions dealing with dynamic locks were added in OpenSSL 0.9.5b\-dev.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIcrypto\fR\|(3)
diff --git a/secure/lib/libcrypto/man/ui.3 b/secure/lib/libcrypto/man/ui.3
new file mode 100644
index 0000000..a009b9e
--- /dev/null
+++ b/secure/lib/libcrypto/man/ui.3
@@ -0,0 +1,317 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "ui 3"
+.TH ui 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+UI_new, UI_new_method, UI_free, UI_add_input_string, UI_dup_input_string,
+UI_add_verify_string, UI_dup_verify_string, UI_add_input_boolean,
+UI_dup_input_boolean, UI_add_info_string, UI_dup_info_string,
+UI_add_error_string, UI_dup_error_string, UI_construct_prompt,
+UI_add_user_data, UI_get0_user_data, UI_get0_result, UI_process,
+UI_ctrl, UI_set_default_method, UI_get_default_method, UI_get_method,
+UI_set_method, UI_OpenSSL, ERR_load_UI_strings \- New User Interface
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/ui.h>
+\&
+\& typedef struct ui_st UI;
+\& typedef struct ui_method_st UI_METHOD;
+\&
+\& UI *UI_new(void);
+\& UI *UI_new_method(const UI_METHOD *method);
+\& void UI_free(UI *ui);
+\&
+\& int UI_add_input_string(UI *ui, const char *prompt, int flags,
+\& char *result_buf, int minsize, int maxsize);
+\& int UI_dup_input_string(UI *ui, const char *prompt, int flags,
+\& char *result_buf, int minsize, int maxsize);
+\& int UI_add_verify_string(UI *ui, const char *prompt, int flags,
+\& char *result_buf, int minsize, int maxsize, const char *test_buf);
+\& int UI_dup_verify_string(UI *ui, const char *prompt, int flags,
+\& char *result_buf, int minsize, int maxsize, const char *test_buf);
+\& int UI_add_input_boolean(UI *ui, const char *prompt, const char *action_desc,
+\& const char *ok_chars, const char *cancel_chars,
+\& int flags, char *result_buf);
+\& int UI_dup_input_boolean(UI *ui, const char *prompt, const char *action_desc,
+\& const char *ok_chars, const char *cancel_chars,
+\& int flags, char *result_buf);
+\& int UI_add_info_string(UI *ui, const char *text);
+\& int UI_dup_info_string(UI *ui, const char *text);
+\& int UI_add_error_string(UI *ui, const char *text);
+\& int UI_dup_error_string(UI *ui, const char *text);
+\&
+\& /* These are the possible flags. They can be or\*(Aqed together. */
+\& #define UI_INPUT_FLAG_ECHO 0x01
+\& #define UI_INPUT_FLAG_DEFAULT_PWD 0x02
+\&
+\& char *UI_construct_prompt(UI *ui_method,
+\& const char *object_desc, const char *object_name);
+\&
+\& void *UI_add_user_data(UI *ui, void *user_data);
+\& void *UI_get0_user_data(UI *ui);
+\&
+\& const char *UI_get0_result(UI *ui, int i);
+\&
+\& int UI_process(UI *ui);
+\&
+\& int UI_ctrl(UI *ui, int cmd, long i, void *p, void (*f)());
+\& #define UI_CTRL_PRINT_ERRORS 1
+\& #define UI_CTRL_IS_REDOABLE 2
+\&
+\& void UI_set_default_method(const UI_METHOD *meth);
+\& const UI_METHOD *UI_get_default_method(void);
+\& const UI_METHOD *UI_get_method(UI *ui);
+\& const UI_METHOD *UI_set_method(UI *ui, const UI_METHOD *meth);
+\&
+\& UI_METHOD *UI_OpenSSL(void);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\s-1UI\s0 stands for User Interface, and is general purpose set of routines to
+prompt the user for text-based information. Through user-written methods
+(see \fIui_create\fR\|(3)), prompting can be done in any way
+imaginable, be it plain text prompting, through dialog boxes or from a
+cell phone.
+.PP
+All the functions work through a context of the type \s-1UI\s0. This context
+contains all the information needed to prompt correctly as well as a
+reference to a \s-1UI_METHOD\s0, which is an ordered vector of functions that
+carry out the actual prompting.
+.PP
+The first thing to do is to create a \s-1UI\s0 with \fIUI_new()\fR or \fIUI_new_method()\fR,
+then add information to it with the UI_add or UI_dup functions. Also,
+user-defined random data can be passed down to the underlying method
+through calls to UI_add_user_data. The default \s-1UI\s0 method doesn't care
+about these data, but other methods might. Finally, use \fIUI_process()\fR
+to actually perform the prompting and \fIUI_get0_result()\fR to find the result
+to the prompt.
+.PP
+A \s-1UI\s0 can contain more than one prompt, which are performed in the given
+sequence. Each prompt gets an index number which is returned by the
+UI_add and UI_dup functions, and has to be used to get the corresponding
+result with \fIUI_get0_result()\fR.
+.PP
+The functions are as follows:
+.PP
+\&\fIUI_new()\fR creates a new \s-1UI\s0 using the default \s-1UI\s0 method. When done with
+this \s-1UI\s0, it should be freed using \fIUI_free()\fR.
+.PP
+\&\fIUI_new_method()\fR creates a new \s-1UI\s0 using the given \s-1UI\s0 method. When done with
+this \s-1UI\s0, it should be freed using \fIUI_free()\fR.
+.PP
+\&\fIUI_OpenSSL()\fR returns the built-in \s-1UI\s0 method (note: not the default one,
+since the default can be changed. See further on). This method is the
+most machine/OS dependent part of OpenSSL and normally generates the
+most problems when porting.
+.PP
+\&\fIUI_free()\fR removes a \s-1UI\s0 from memory, along with all other pieces of memory
+that's connected to it, like duplicated input strings, results and others.
+.PP
+\&\fIUI_add_input_string()\fR and \fIUI_add_verify_string()\fR add a prompt to the \s-1UI\s0,
+as well as flags and a result buffer and the desired minimum and maximum
+sizes of the result. The given information is used to prompt for
+information, for example a password, and to verify a password (i.e. having
+the user enter it twice and check that the same string was entered twice).
+\&\fIUI_add_verify_string()\fR takes and extra argument that should be a pointer
+to the result buffer of the input string that it's supposed to verify, or
+verification will fail.
+.PP
+\&\fIUI_add_input_boolean()\fR adds a prompt to the \s-1UI\s0 that's supposed to be answered
+in a boolean way, with a single character for yes and a different character
+for no. A set of characters that can be used to cancel the prompt is given
+as well. The prompt itself is really divided in two, one part being the
+descriptive text (given through the \fIprompt\fR argument) and one describing
+the possible answers (given through the \fIaction_desc\fR argument).
+.PP
+\&\fIUI_add_info_string()\fR and \fIUI_add_error_string()\fR add strings that are shown at
+the same time as the prompt for extra information or to show an error string.
+The difference between the two is only conceptual. With the builtin method,
+there's no technical difference between them. Other methods may make a
+difference between them, however.
+.PP
+The flags currently supported are \s-1UI_INPUT_FLAG_ECHO\s0, which is relevant for
+\&\fIUI_add_input_string()\fR and will have the users response be echoed (when
+prompting for a password, this flag should obviously not be used, and
+\&\s-1UI_INPUT_FLAG_DEFAULT_PWD\s0, which means that a default password of some
+sort will be used (completely depending on the application and the \s-1UI\s0
+method).
+.PP
+\&\fIUI_dup_input_string()\fR, \fIUI_dup_verify_string()\fR, \fIUI_dup_input_boolean()\fR,
+\&\fIUI_dup_info_string()\fR and \fIUI_dup_error_string()\fR are basically the same
+as their UI_add counterparts, except that they make their own copies
+of all strings.
+.PP
+\&\fIUI_construct_prompt()\fR is a helper function that can be used to create
+a prompt from two pieces of information: an description and a name.
+The default constructor (if there is none provided by the method used)
+creates a string "Enter \fIdescription\fR for \fIname\fR:\*(L". With the
+description \*(R"pass phrase\*(L" and the file name \*(R"foo.key\*(L", that becomes
+\&\*(R"Enter pass phrase for foo.key:". Other methods may create whatever
+string and may include encodings that will be processed by the other
+method functions.
+.PP
+\&\fIUI_add_user_data()\fR adds a piece of memory for the method to use at any
+time. The builtin \s-1UI\s0 method doesn't care about this info. Note that several
+calls to this function doesn't add data, it replaces the previous blob
+with the one given as argument.
+.PP
+\&\fIUI_get0_user_data()\fR retrieves the data that has last been given to the
+\&\s-1UI\s0 with \fIUI_add_user_data()\fR.
+.PP
+\&\fIUI_get0_result()\fR returns a pointer to the result buffer associated with
+the information indexed by \fIi\fR.
+.PP
+\&\fIUI_process()\fR goes through the information given so far, does all the printing
+and prompting and returns.
+.PP
+\&\fIUI_ctrl()\fR adds extra control for the application author. For now, it
+understands two commands: \s-1UI_CTRL_PRINT_ERRORS\s0, which makes \fIUI_process()\fR
+print the OpenSSL error stack as part of processing the \s-1UI\s0, and
+\&\s-1UI_CTRL_IS_REDOABLE\s0, which returns a flag saying if the used \s-1UI\s0 can
+be used again or not.
+.PP
+\&\fIUI_set_default_method()\fR changes the default \s-1UI\s0 method to the one given.
+.PP
+\&\fIUI_get_default_method()\fR returns a pointer to the current default \s-1UI\s0 method.
+.PP
+\&\fIUI_get_method()\fR returns the \s-1UI\s0 method associated with a given \s-1UI\s0.
+.PP
+\&\fIUI_set_method()\fR changes the \s-1UI\s0 method associated with a given \s-1UI\s0.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIui_create\fR\|(3), \fIui_compat\fR\|(3)
+.SH "HISTORY"
+.IX Header "HISTORY"
+The \s-1UI\s0 section was first introduced in OpenSSL 0.9.7.
+.SH "AUTHOR"
+.IX Header "AUTHOR"
+Richard Levitte (richard@levitte.org) for the OpenSSL project
+(http://www.openssl.org).
diff --git a/secure/lib/libcrypto/man/ui_compat.3 b/secure/lib/libcrypto/man/ui_compat.3
new file mode 100644
index 0000000..5251803
--- /dev/null
+++ b/secure/lib/libcrypto/man/ui_compat.3
@@ -0,0 +1,180 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "ui_compat 3"
+.TH ui_compat 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+des_read_password, des_read_2passwords, des_read_pw_string, des_read_pw \-
+Compatibility user interface functions
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/des_old.h>
+\&
+\& int des_read_password(DES_cblock *key,const char *prompt,int verify);
+\& int des_read_2passwords(DES_cblock *key1,DES_cblock *key2,
+\& const char *prompt,int verify);
+\&
+\& int des_read_pw_string(char *buf,int length,const char *prompt,int verify);
+\& int des_read_pw(char *buf,char *buff,int size,const char *prompt,int verify);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+The \s-1DES\s0 library contained a few routines to prompt for passwords. These
+aren't necessarely dependent on \s-1DES\s0, and have therefore become part of the
+\&\s-1UI\s0 compatibility library.
+.PP
+\&\fIdes_read_pw()\fR writes the string specified by \fIprompt\fR to standard output
+turns echo off and reads an input string from the terminal. The string is
+returned in \fIbuf\fR, which must have spac for at least \fIsize\fR bytes.
+If \fIverify\fR is set, the user is asked for the password twice and unless
+the two copies match, an error is returned. The second password is stored
+in \fIbuff\fR, which must therefore also be at least \fIsize\fR bytes. A return
+code of \-1 indicates a system error, 1 failure due to use interaction, and
+0 is success. All other functions described here use \fIdes_read_pw()\fR to do
+the work.
+.PP
+\&\fIdes_read_pw_string()\fR is a variant of \fIdes_read_pw()\fR that provides a buffer
+for you if \fIverify\fR is set.
+.PP
+\&\fIdes_read_password()\fR calls \fIdes_read_pw()\fR and converts the password to a
+\&\s-1DES\s0 key by calling \fIDES_string_to_key()\fR; \fIdes_read_2password()\fR operates in
+the same way as \fIdes_read_password()\fR except that it generates two keys
+by using the \fIDES_string_to_2key()\fR function.
+.SH "NOTES"
+.IX Header "NOTES"
+\&\fIdes_read_pw_string()\fR is available in the \s-1MIT\s0 Kerberos library as well, and
+is also available under the name \fIEVP_read_pw_string()\fR.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIui\fR\|(3), \fIui_create\fR\|(3)
+.SH "AUTHOR"
+.IX Header "AUTHOR"
+Richard Levitte (richard@levitte.org) for the OpenSSL project
+(http://www.openssl.org).
diff --git a/secure/lib/libcrypto/man/x509.3 b/secure/lib/libcrypto/man/x509.3
new file mode 100644
index 0000000..fc20561
--- /dev/null
+++ b/secure/lib/libcrypto/man/x509.3
@@ -0,0 +1,189 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "x509 3"
+.TH x509 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+x509 \- X.509 certificate handling
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/x509.h>
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+A X.509 certificate is a structured grouping of information about
+an individual, a device, or anything one can imagine. A X.509 \s-1CRL\s0
+(certificate revocation list) is a tool to help determine if a
+certificate is still valid. The exact definition of those can be
+found in the X.509 document from ITU-T, or in \s-1RFC3280\s0 from \s-1PKIX\s0.
+In OpenSSL, the type X509 is used to express such a certificate, and
+the type X509_CRL is used to express a \s-1CRL\s0.
+.PP
+A related structure is a certificate request, defined in PKCS#10 from
+\&\s-1RSA\s0 Security, Inc, also reflected in \s-1RFC2896\s0. In OpenSSL, the type
+X509_REQ is used to express such a certificate request.
+.PP
+To handle some complex parts of a certificate, there are the types
+X509_NAME (to express a certificate name), X509_ATTRIBUTE (to express
+a certificate attributes), X509_EXTENSION (to express a certificate
+extension) and a few more.
+.PP
+Finally, there's the supertype X509_INFO, which can contain a \s-1CRL\s0, a
+certificate and a corresponding private key.
+.PP
+\&\fBX509_\fR\fI...\fR, \fBd2i_X509_\fR\fI...\fR and \fBi2d_X509_\fR\fI...\fR handle X.509
+certificates, with some exceptions, shown below.
+.PP
+\&\fBX509_CRL_\fR\fI...\fR, \fBd2i_X509_CRL_\fR\fI...\fR and \fBi2d_X509_CRL_\fR\fI...\fR
+handle X.509 CRLs.
+.PP
+\&\fBX509_REQ_\fR\fI...\fR, \fBd2i_X509_REQ_\fR\fI...\fR and \fBi2d_X509_REQ_\fR\fI...\fR
+handle PKCS#10 certificate requests.
+.PP
+\&\fBX509_NAME_\fR\fI...\fR handle certificate names.
+.PP
+\&\fBX509_ATTRIBUTE_\fR\fI...\fR handle certificate attributes.
+.PP
+\&\fBX509_EXTENSION_\fR\fI...\fR handle certificate extensions.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIX509_NAME_ENTRY_get_object\fR\|(3),
+\&\fIX509_NAME_add_entry_by_txt\fR\|(3),
+\&\fIX509_NAME_add_entry_by_NID\fR\|(3),
+\&\fIX509_NAME_print_ex\fR\|(3),
+\&\fIX509_NAME_new\fR\|(3),
+\&\fId2i_X509\fR\|(3),
+\&\fId2i_X509_ALGOR\fR\|(3),
+\&\fId2i_X509_CRL\fR\|(3),
+\&\fId2i_X509_NAME\fR\|(3),
+\&\fId2i_X509_REQ\fR\|(3),
+\&\fId2i_X509_SIG\fR\|(3),
+\&\fIcrypto\fR\|(3),
+\&\fIx509v3\fR\|(3)
diff --git a/secure/lib/libcrypto/opensslconf-amd64.h b/secure/lib/libcrypto/opensslconf-amd64.h
new file mode 100644
index 0000000..b40e28f
--- /dev/null
+++ b/secure/lib/libcrypto/opensslconf-amd64.h
@@ -0,0 +1,213 @@
+/* $FreeBSD$ */
+/* opensslconf.h */
+/* WARNING: Generated automatically from opensslconf.h.in by Configure. */
+
+/* OpenSSL was configured with the following options: */
+#ifndef OPENSSL_DOING_MAKEDEPEND
+
+/* Disabled by default in OpenSSL 0.9.8. */
+#ifndef OPENSSL_NO_CMS
+# define OPENSSL_NO_CMS
+#endif
+/* Disabled by default in OpenSSL 0.9.8. */
+#ifndef OPENSSL_NO_SEED
+# define OPENSSL_NO_SEED
+#endif
+/* libgmp is not in the FreeBSD base system. */
+#ifndef OPENSSL_NO_GMP
+# define OPENSSL_NO_GMP
+#endif
+/* jpake is marked experimental in OpenSSL 0.9.8. */
+#ifndef OPENSSL_NO_JPAKE
+# define OPENSSL_NO_JPAKE
+#endif
+/* The Kerberos 5 support is MIT-specific. */
+#ifndef OPENSSL_NO_KRB5
+# define OPENSSL_NO_KRB5
+#endif
+
+#endif /* OPENSSL_DOING_MAKEDEPEND */
+#ifndef OPENSSL_THREADS
+# define OPENSSL_THREADS
+#endif
+#ifndef OPENSSL_NO_STATIC_ENGINE
+# define OPENSSL_NO_STATIC_ENGINE
+#endif
+
+/* The OPENSSL_NO_* macros are also defined as NO_* if the application
+ asks for it. This is a transient feature that is provided for those
+ who haven't had the time to do the appropriate changes in their
+ applications. */
+#ifdef OPENSSL_ALGORITHM_DEFINES
+# if defined(OPENSSL_NO_GMP) && !defined(NO_GMP)
+# define NO_GMP
+# endif
+# if defined(OPENSSL_NO_KRB5) && !defined(NO_KRB5)
+# define NO_KRB5
+# endif
+# endif
+#ifdef OPENSSL_OTHER_DEFINES
+# ifndef NO_ASM
+# define NO_ASM
+# endif
+#endif
+
+/* crypto/opensslconf.h.in */
+
+/* Generate 80386 code? */
+#undef I386_ONLY
+
+#if !(defined(VMS) || defined(__VMS)) /* VMS uses logical names instead */
+#if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR)
+#define ENGINESDIR "/usr/lib/engines"
+#define OPENSSLDIR "/etc/ssl"
+#endif
+#endif
+
+#undef OPENSSL_UNISTD
+#define OPENSSL_UNISTD <unistd.h>
+
+#undef OPENSSL_EXPORT_VAR_AS_FUNCTION
+
+#if defined(HEADER_IDEA_H) && !defined(IDEA_INT)
+#define IDEA_INT unsigned int
+#endif
+
+#if defined(HEADER_MD2_H) && !defined(MD2_INT)
+#define MD2_INT unsigned int
+#endif
+
+#if defined(HEADER_RC2_H) && !defined(RC2_INT)
+/* I need to put in a mod for the alpha - eay */
+#define RC2_INT unsigned int
+#endif
+
+#if defined(HEADER_RC4_H)
+#if !defined(RC4_INT)
+/* using int types make the structure larger but make the code faster
+ * on most boxes I have tested - up to %20 faster. */
+/*
+ * I don't know what does "most" mean, but declaring "int" is a must on:
+ * - Intel P6 because partial register stalls are very expensive;
+ * - elder Alpha because it lacks byte load/store instructions;
+ */
+#define RC4_INT unsigned int
+#endif
+#if !defined(RC4_CHUNK)
+/*
+ * This enables code handling data aligned at natural CPU word
+ * boundary. See crypto/rc4/rc4_enc.c for further details.
+ */
+#define RC4_CHUNK unsigned long
+#endif
+#endif
+
+#if (defined(HEADER_NEW_DES_H) || defined(HEADER_DES_H)) && !defined(DES_LONG)
+/* If this is set to 'unsigned int' on a DEC Alpha, this gives about a
+ * %20 speed up (longs are 8 bytes, int's are 4). */
+#ifndef DES_LONG
+#define DES_LONG unsigned int
+#endif
+#endif
+
+#if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H)
+#define CONFIG_HEADER_BN_H
+#undef BN_LLONG
+
+/* Should we define BN_DIV2W here? */
+
+/* Only one for the following should be defined */
+/* The prime number generation stuff may not work when
+ * EIGHT_BIT but I don't care since I've only used this mode
+ * for debuging the bignum libraries */
+#define SIXTY_FOUR_BIT_LONG
+#undef SIXTY_FOUR_BIT
+#undef THIRTY_TWO_BIT
+#undef SIXTEEN_BIT
+#undef EIGHT_BIT
+#endif
+
+#if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H)
+#define CONFIG_HEADER_RC4_LOCL_H
+/* if this is defined data[i] is used instead of *data, this is a %20
+ * speedup on x86 */
+#undef RC4_INDEX
+#endif
+
+#if defined(HEADER_BF_LOCL_H) && !defined(CONFIG_HEADER_BF_LOCL_H)
+#define CONFIG_HEADER_BF_LOCL_H
+#undef BF_PTR
+#endif /* HEADER_BF_LOCL_H */
+
+#if defined(HEADER_DES_LOCL_H) && !defined(CONFIG_HEADER_DES_LOCL_H)
+#define CONFIG_HEADER_DES_LOCL_H
+#ifndef DES_DEFAULT_OPTIONS
+/* the following is tweaked from a config script, that is why it is a
+ * protected undef/define */
+#ifndef DES_PTR
+#undef DES_PTR
+#endif
+
+/* This helps C compiler generate the correct code for multiple functional
+ * units. It reduces register dependancies at the expense of 2 more
+ * registers */
+#ifndef DES_RISC1
+#undef DES_RISC1
+#endif
+
+#ifndef DES_RISC2
+#undef DES_RISC2
+#endif
+
+#if defined(DES_RISC1) && defined(DES_RISC2)
+YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!!
+#endif
+
+/* Unroll the inner loop, this sometimes helps, sometimes hinders.
+ * Very mucy CPU dependant */
+#ifndef DES_UNROLL
+#define DES_UNROLL
+#endif
+
+/* These default values were supplied by
+ * Peter Gutman <pgut001@cs.auckland.ac.nz>
+ * They are only used if nothing else has been defined */
+#if !defined(DES_PTR) && !defined(DES_RISC1) && !defined(DES_RISC2) && !defined(DES_UNROLL)
+/* Special defines which change the way the code is built depending on the
+ CPU and OS. For SGI machines you can use _MIPS_SZLONG (32 or 64) to find
+ even newer MIPS CPU's, but at the moment one size fits all for
+ optimization options. Older Sparc's work better with only UNROLL, but
+ there's no way to tell at compile time what it is you're running on */
+
+#if defined( sun ) /* Newer Sparc's */
+# define DES_PTR
+# define DES_RISC1
+# define DES_UNROLL
+#elif defined( __ultrix ) /* Older MIPS */
+# define DES_PTR
+# define DES_RISC2
+# define DES_UNROLL
+#elif defined( __osf1__ ) /* Alpha */
+# define DES_PTR
+# define DES_RISC2
+#elif defined ( _AIX ) /* RS6000 */
+ /* Unknown */
+#elif defined( __hpux ) /* HP-PA */
+ /* Unknown */
+#elif defined( __aux ) /* 68K */
+ /* Unknown */
+#elif defined( __dgux ) /* 88K (but P6 in latest boxes) */
+# define DES_UNROLL
+#elif defined( __sgi ) /* Newer MIPS */
+# define DES_PTR
+# define DES_RISC2
+# define DES_UNROLL
+#elif defined( i386 ) /* x86 boxes, should be gcc */
+# define DES_PTR
+# define DES_RISC1
+# define DES_UNROLL
+#endif /* Systems-specific speed defines */
+#endif
+
+#endif /* DES_DEFAULT_OPTIONS */
+#endif /* HEADER_DES_LOCL_H */
diff --git a/secure/lib/libcrypto/opensslconf-arm.h b/secure/lib/libcrypto/opensslconf-arm.h
new file mode 100644
index 0000000..36b23c9
--- /dev/null
+++ b/secure/lib/libcrypto/opensslconf-arm.h
@@ -0,0 +1,217 @@
+/* $FreeBSD$ */
+/* opensslconf.h */
+/* WARNING: Generated automatically from opensslconf.h.in by Configure. */
+
+/* OpenSSL was configured with the following options: */
+#ifndef OPENSSL_DOING_MAKEDEPEND
+
+/* Disabled by default in OpenSSL 0.9.8. */
+#ifndef OPENSSL_NO_CAMELLIA
+# define OPENSSL_NO_CAMELLIA
+#endif
+/* Disabled by default in OpenSSL 0.9.8. */
+#ifndef OPENSSL_NO_CMS
+# define OPENSSL_NO_CMS
+#endif
+/* Disabled by default in OpenSSL 0.9.8. */
+#ifndef OPENSSL_NO_SEED
+# define OPENSSL_NO_SEED
+#endif
+/* libgmp is not in the FreeBSD base system. */
+#ifndef OPENSSL_NO_GMP
+# define OPENSSL_NO_GMP
+#endif
+/* jpake is marked experimental in OpenSSL 0.9.8. */
+#ifndef OPENSSL_NO_JPAKE
+# define OPENSSL_NO_JPAKE
+#endif
+/* The Kerberos 5 support is MIT-specific. */
+#ifndef OPENSSL_NO_KRB5
+# define OPENSSL_NO_KRB5
+#endif
+
+#endif /* OPENSSL_DOING_MAKEDEPEND */
+#ifndef OPENSSL_THREADS
+# define OPENSSL_THREADS
+#endif
+#ifndef OPENSSL_NO_STATIC_ENGINE
+# define OPENSSL_NO_STATIC_ENGINE
+#endif
+
+/* The OPENSSL_NO_* macros are also defined as NO_* if the application
+ asks for it. This is a transient feature that is provided for those
+ who haven't had the time to do the appropriate changes in their
+ applications. */
+#ifdef OPENSSL_ALGORITHM_DEFINES
+# if defined(OPENSSL_NO_GMP) && !defined(NO_GMP)
+# define NO_GMP
+# endif
+# if defined(OPENSSL_NO_KRB5) && !defined(NO_KRB5)
+# define NO_KRB5
+# endif
+# endif
+#ifdef OPENSSL_OTHER_DEFINES
+# ifndef NO_ASM
+# define NO_ASM
+# endif
+#endif
+
+/* crypto/opensslconf.h.in */
+
+/* Generate 80386 code? */
+#undef I386_ONLY
+
+#if !(defined(VMS) || defined(__VMS)) /* VMS uses logical names instead */
+#if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR)
+#define ENGINESDIR "/usr/lib/engines"
+#define OPENSSLDIR "/etc/ssl"
+#endif
+#endif
+
+#undef OPENSSL_UNISTD
+#define OPENSSL_UNISTD <unistd.h>
+
+#undef OPENSSL_EXPORT_VAR_AS_FUNCTION
+
+#if defined(HEADER_IDEA_H) && !defined(IDEA_INT)
+#define IDEA_INT unsigned int
+#endif
+
+#if defined(HEADER_MD2_H) && !defined(MD2_INT)
+#define MD2_INT unsigned int
+#endif
+
+#if defined(HEADER_RC2_H) && !defined(RC2_INT)
+/* I need to put in a mod for the alpha - eay */
+#define RC2_INT unsigned int
+#endif
+
+#if defined(HEADER_RC4_H)
+#if !defined(RC4_INT)
+/* using int types make the structure larger but make the code faster
+ * on most boxes I have tested - up to %20 faster. */
+/*
+ * I don't know what does "most" mean, but declaring "int" is a must on:
+ * - Intel P6 because partial register stalls are very expensive;
+ * - elder Alpha because it lacks byte load/store instructions;
+ */
+#define RC4_INT unsigned int
+#endif
+#if !defined(RC4_CHUNK)
+/*
+ * This enables code handling data aligned at natural CPU word
+ * boundary. See crypto/rc4/rc4_enc.c for further details.
+ */
+#undef RC4_CHUNK
+#endif
+#endif
+
+#if (defined(HEADER_NEW_DES_H) || defined(HEADER_DES_H)) && !defined(DES_LONG)
+/* If this is set to 'unsigned int' on a DEC Alpha, this gives about a
+ * %20 speed up (longs are 8 bytes, int's are 4). */
+#ifndef DES_LONG
+#define DES_LONG unsigned long
+#endif
+#endif
+
+#if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H)
+#define CONFIG_HEADER_BN_H
+#define BN_LLONG
+
+/* Should we define BN_DIV2W here? */
+
+/* Only one for the following should be defined */
+/* The prime number generation stuff may not work when
+ * EIGHT_BIT but I don't care since I've only used this mode
+ * for debuging the bignum libraries */
+#undef SIXTY_FOUR_BIT_LONG
+#undef SIXTY_FOUR_BIT
+#define THIRTY_TWO_BIT
+#undef SIXTEEN_BIT
+#undef EIGHT_BIT
+#endif
+
+#if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H)
+#define CONFIG_HEADER_RC4_LOCL_H
+/* if this is defined data[i] is used instead of *data, this is a %20
+ * speedup on x86 */
+#define RC4_INDEX
+#endif
+
+#if defined(HEADER_BF_LOCL_H) && !defined(CONFIG_HEADER_BF_LOCL_H)
+#define CONFIG_HEADER_BF_LOCL_H
+#undef BF_PTR
+#endif /* HEADER_BF_LOCL_H */
+
+#if defined(HEADER_DES_LOCL_H) && !defined(CONFIG_HEADER_DES_LOCL_H)
+#define CONFIG_HEADER_DES_LOCL_H
+#ifndef DES_DEFAULT_OPTIONS
+/* the following is tweaked from a config script, that is why it is a
+ * protected undef/define */
+#ifndef DES_PTR
+#define DES_PTR
+#endif
+
+/* This helps C compiler generate the correct code for multiple functional
+ * units. It reduces register dependancies at the expense of 2 more
+ * registers */
+#ifndef DES_RISC1
+#define DES_RISC1
+#endif
+
+#ifndef DES_RISC2
+#undef DES_RISC2
+#endif
+
+#if defined(DES_RISC1) && defined(DES_RISC2)
+YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!!
+#endif
+
+/* Unroll the inner loop, this sometimes helps, sometimes hinders.
+ * Very mucy CPU dependant */
+#ifndef DES_UNROLL
+#define DES_UNROLL
+#endif
+
+/* These default values were supplied by
+ * Peter Gutman <pgut001@cs.auckland.ac.nz>
+ * They are only used if nothing else has been defined */
+#if !defined(DES_PTR) && !defined(DES_RISC1) && !defined(DES_RISC2) && !defined(DES_UNROLL)
+/* Special defines which change the way the code is built depending on the
+ CPU and OS. For SGI machines you can use _MIPS_SZLONG (32 or 64) to find
+ even newer MIPS CPU's, but at the moment one size fits all for
+ optimization options. Older Sparc's work better with only UNROLL, but
+ there's no way to tell at compile time what it is you're running on */
+
+#if defined( sun ) /* Newer Sparc's */
+# define DES_PTR
+# define DES_RISC1
+# define DES_UNROLL
+#elif defined( __ultrix ) /* Older MIPS */
+# define DES_PTR
+# define DES_RISC2
+# define DES_UNROLL
+#elif defined( __osf1__ ) /* Alpha */
+# define DES_PTR
+# define DES_RISC2
+#elif defined ( _AIX ) /* RS6000 */
+ /* Unknown */
+#elif defined( __hpux ) /* HP-PA */
+ /* Unknown */
+#elif defined( __aux ) /* 68K */
+ /* Unknown */
+#elif defined( __dgux ) /* 88K (but P6 in latest boxes) */
+# define DES_UNROLL
+#elif defined( __sgi ) /* Newer MIPS */
+# define DES_PTR
+# define DES_RISC2
+# define DES_UNROLL
+#elif defined( i386 ) /* x86 boxes, should be gcc */
+# define DES_PTR
+# define DES_RISC1
+# define DES_UNROLL
+#endif /* Systems-specific speed defines */
+#endif
+
+#endif /* DES_DEFAULT_OPTIONS */
+#endif /* HEADER_DES_LOCL_H */
diff --git a/secure/lib/libcrypto/opensslconf-i386.h b/secure/lib/libcrypto/opensslconf-i386.h
new file mode 100644
index 0000000..13d033d
--- /dev/null
+++ b/secure/lib/libcrypto/opensslconf-i386.h
@@ -0,0 +1,213 @@
+/* $FreeBSD$ */
+/* opensslconf.h */
+/* WARNING: Generated automatically from opensslconf.h.in by Configure. */
+
+/* OpenSSL was configured with the following options: */
+#ifndef OPENSSL_DOING_MAKEDEPEND
+
+/* Disabled by default in OpenSSL 0.9.8. */
+#ifndef OPENSSL_NO_CMS
+# define OPENSSL_NO_CMS
+#endif
+/* Disabled by default in OpenSSL 0.9.8. */
+#ifndef OPENSSL_NO_SEED
+# define OPENSSL_NO_SEED
+#endif
+/* libgmp is not in the FreeBSD base system. */
+#ifndef OPENSSL_NO_GMP
+# define OPENSSL_NO_GMP
+#endif
+/* jpake is marked experimental in OpenSSL 0.9.8. */
+#ifndef OPENSSL_NO_JPAKE
+# define OPENSSL_NO_JPAKE
+#endif
+/* The Kerberos 5 support is MIT-specific. */
+#ifndef OPENSSL_NO_KRB5
+# define OPENSSL_NO_KRB5
+#endif
+
+#endif /* OPENSSL_DOING_MAKEDEPEND */
+#ifndef OPENSSL_THREADS
+# define OPENSSL_THREADS
+#endif
+#ifndef OPENSSL_NO_STATIC_ENGINE
+# define OPENSSL_NO_STATIC_ENGINE
+#endif
+
+/* The OPENSSL_NO_* macros are also defined as NO_* if the application
+ asks for it. This is a transient feature that is provided for those
+ who haven't had the time to do the appropriate changes in their
+ applications. */
+#ifdef OPENSSL_ALGORITHM_DEFINES
+# if defined(OPENSSL_NO_GMP) && !defined(NO_GMP)
+# define NO_GMP
+# endif
+# if defined(OPENSSL_NO_KRB5) && !defined(NO_KRB5)
+# define NO_KRB5
+# endif
+# endif
+#ifdef OPENSSL_OTHER_DEFINES
+# ifndef NO_ASM
+# define NO_ASM
+# endif
+#endif
+
+/* crypto/opensslconf.h.in */
+
+/* Generate 80386 code? */
+#undef I386_ONLY
+
+#if !(defined(VMS) || defined(__VMS)) /* VMS uses logical names instead */
+#if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR)
+#define ENGINESDIR "/usr/lib/engines"
+#define OPENSSLDIR "/etc/ssl"
+#endif
+#endif
+
+#undef OPENSSL_UNISTD
+#define OPENSSL_UNISTD <unistd.h>
+
+#undef OPENSSL_EXPORT_VAR_AS_FUNCTION
+
+#if defined(HEADER_IDEA_H) && !defined(IDEA_INT)
+#define IDEA_INT unsigned int
+#endif
+
+#if defined(HEADER_MD2_H) && !defined(MD2_INT)
+#define MD2_INT unsigned int
+#endif
+
+#if defined(HEADER_RC2_H) && !defined(RC2_INT)
+/* I need to put in a mod for the alpha - eay */
+#define RC2_INT unsigned int
+#endif
+
+#if defined(HEADER_RC4_H)
+#if !defined(RC4_INT)
+/* using int types make the structure larger but make the code faster
+ * on most boxes I have tested - up to %20 faster. */
+/*
+ * I don't know what does "most" mean, but declaring "int" is a must on:
+ * - Intel P6 because partial register stalls are very expensive;
+ * - elder Alpha because it lacks byte load/store instructions;
+ */
+#define RC4_INT unsigned int
+#endif
+#if !defined(RC4_CHUNK)
+/*
+ * This enables code handling data aligned at natural CPU word
+ * boundary. See crypto/rc4/rc4_enc.c for further details.
+ */
+#undef RC4_CHUNK
+#endif
+#endif
+
+#if (defined(HEADER_NEW_DES_H) || defined(HEADER_DES_H)) && !defined(DES_LONG)
+/* If this is set to 'unsigned int' on a DEC Alpha, this gives about a
+ * %20 speed up (longs are 8 bytes, int's are 4). */
+#ifndef DES_LONG
+#define DES_LONG unsigned long
+#endif
+#endif
+
+#if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H)
+#define CONFIG_HEADER_BN_H
+#define BN_LLONG
+
+/* Should we define BN_DIV2W here? */
+
+/* Only one for the following should be defined */
+/* The prime number generation stuff may not work when
+ * EIGHT_BIT but I don't care since I've only used this mode
+ * for debuging the bignum libraries */
+#undef SIXTY_FOUR_BIT_LONG
+#undef SIXTY_FOUR_BIT
+#define THIRTY_TWO_BIT
+#undef SIXTEEN_BIT
+#undef EIGHT_BIT
+#endif
+
+#if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H)
+#define CONFIG_HEADER_RC4_LOCL_H
+/* if this is defined data[i] is used instead of *data, this is a %20
+ * speedup on x86 */
+#define RC4_INDEX
+#endif
+
+#if defined(HEADER_BF_LOCL_H) && !defined(CONFIG_HEADER_BF_LOCL_H)
+#define CONFIG_HEADER_BF_LOCL_H
+#undef BF_PTR
+#endif /* HEADER_BF_LOCL_H */
+
+#if defined(HEADER_DES_LOCL_H) && !defined(CONFIG_HEADER_DES_LOCL_H)
+#define CONFIG_HEADER_DES_LOCL_H
+#ifndef DES_DEFAULT_OPTIONS
+/* the following is tweaked from a config script, that is why it is a
+ * protected undef/define */
+#ifndef DES_PTR
+#define DES_PTR
+#endif
+
+/* This helps C compiler generate the correct code for multiple functional
+ * units. It reduces register dependancies at the expense of 2 more
+ * registers */
+#ifndef DES_RISC1
+#define DES_RISC1
+#endif
+
+#ifndef DES_RISC2
+#undef DES_RISC2
+#endif
+
+#if defined(DES_RISC1) && defined(DES_RISC2)
+YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!!
+#endif
+
+/* Unroll the inner loop, this sometimes helps, sometimes hinders.
+ * Very mucy CPU dependant */
+#ifndef DES_UNROLL
+#define DES_UNROLL
+#endif
+
+/* These default values were supplied by
+ * Peter Gutman <pgut001@cs.auckland.ac.nz>
+ * They are only used if nothing else has been defined */
+#if !defined(DES_PTR) && !defined(DES_RISC1) && !defined(DES_RISC2) && !defined(DES_UNROLL)
+/* Special defines which change the way the code is built depending on the
+ CPU and OS. For SGI machines you can use _MIPS_SZLONG (32 or 64) to find
+ even newer MIPS CPU's, but at the moment one size fits all for
+ optimization options. Older Sparc's work better with only UNROLL, but
+ there's no way to tell at compile time what it is you're running on */
+
+#if defined( sun ) /* Newer Sparc's */
+# define DES_PTR
+# define DES_RISC1
+# define DES_UNROLL
+#elif defined( __ultrix ) /* Older MIPS */
+# define DES_PTR
+# define DES_RISC2
+# define DES_UNROLL
+#elif defined( __osf1__ ) /* Alpha */
+# define DES_PTR
+# define DES_RISC2
+#elif defined ( _AIX ) /* RS6000 */
+ /* Unknown */
+#elif defined( __hpux ) /* HP-PA */
+ /* Unknown */
+#elif defined( __aux ) /* 68K */
+ /* Unknown */
+#elif defined( __dgux ) /* 88K (but P6 in latest boxes) */
+# define DES_UNROLL
+#elif defined( __sgi ) /* Newer MIPS */
+# define DES_PTR
+# define DES_RISC2
+# define DES_UNROLL
+#elif defined( i386 ) /* x86 boxes, should be gcc */
+# define DES_PTR
+# define DES_RISC1
+# define DES_UNROLL
+#endif /* Systems-specific speed defines */
+#endif
+
+#endif /* DES_DEFAULT_OPTIONS */
+#endif /* HEADER_DES_LOCL_H */
diff --git a/secure/lib/libcrypto/opensslconf-ia64.h b/secure/lib/libcrypto/opensslconf-ia64.h
new file mode 100644
index 0000000..ca7d682
--- /dev/null
+++ b/secure/lib/libcrypto/opensslconf-ia64.h
@@ -0,0 +1,217 @@
+/* $FreeBSD$ */
+/* opensslconf.h */
+/* WARNING: Generated automatically from opensslconf.h.in by Configure. */
+
+/* OpenSSL was configured with the following options: */
+#ifndef OPENSSL_DOING_MAKEDEPEND
+
+/* Disabled by default in OpenSSL 0.9.8. */
+#ifndef OPENSSL_NO_CAMELLIA
+# define OPENSSL_NO_CAMELLIA
+#endif
+/* Disabled by default in OpenSSL 0.9.8. */
+#ifndef OPENSSL_NO_CMS
+# define OPENSSL_NO_CMS
+#endif
+/* Disabled by default in OpenSSL 0.9.8. */
+#ifndef OPENSSL_NO_SEED
+# define OPENSSL_NO_SEED
+#endif
+/* jpake is marked experimental in OpenSSL 0.9.8. */
+#ifndef OPENSSL_NO_JPAKE
+# define OPENSSL_NO_JPAKE
+#endif
+/* libgmp is not in the FreeBSD base system. */
+#ifndef OPENSSL_NO_GMP
+# define OPENSSL_NO_GMP
+#endif
+/* The Kerberos 5 support is MIT-specific. */
+#ifndef OPENSSL_NO_KRB5
+# define OPENSSL_NO_KRB5
+#endif
+
+#endif /* OPENSSL_DOING_MAKEDEPEND */
+#ifndef OPENSSL_THREADS
+# define OPENSSL_THREADS
+#endif
+#ifndef OPENSSL_NO_STATIC_ENGINE
+# define OPENSSL_NO_STATIC_ENGINE
+#endif
+
+/* The OPENSSL_NO_* macros are also defined as NO_* if the application
+ asks for it. This is a transient feature that is provided for those
+ who haven't had the time to do the appropriate changes in their
+ applications. */
+#ifdef OPENSSL_ALGORITHM_DEFINES
+# if defined(OPENSSL_NO_GMP) && !defined(NO_GMP)
+# define NO_GMP
+# endif
+# if defined(OPENSSL_NO_KRB5) && !defined(NO_KRB5)
+# define NO_KRB5
+# endif
+# endif
+#ifdef OPENSSL_OTHER_DEFINES
+# ifndef NO_ASM
+# define NO_ASM
+# endif
+#endif
+
+/* crypto/opensslconf.h.in */
+
+/* Generate 80386 code? */
+#undef I386_ONLY
+
+#if !(defined(VMS) || defined(__VMS)) /* VMS uses logical names instead */
+#if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR)
+#define ENGINESDIR "/usr/lib/engines"
+#define OPENSSLDIR "/etc/ssl"
+#endif
+#endif
+
+#undef OPENSSL_UNISTD
+#define OPENSSL_UNISTD <unistd.h>
+
+#undef OPENSSL_EXPORT_VAR_AS_FUNCTION
+
+#if defined(HEADER_IDEA_H) && !defined(IDEA_INT)
+#define IDEA_INT unsigned int
+#endif
+
+#if defined(HEADER_MD2_H) && !defined(MD2_INT)
+#define MD2_INT unsigned int
+#endif
+
+#if defined(HEADER_RC2_H) && !defined(RC2_INT)
+/* I need to put in a mod for the alpha - eay */
+#define RC2_INT unsigned int
+#endif
+
+#if defined(HEADER_RC4_H)
+#if !defined(RC4_INT)
+/* using int types make the structure larger but make the code faster
+ * on most boxes I have tested - up to %20 faster. */
+/*
+ * I don't know what does "most" mean, but declaring "int" is a must on:
+ * - Intel P6 because partial register stalls are very expensive;
+ * - elder Alpha because it lacks byte load/store instructions;
+ */
+#define RC4_INT unsigned int
+#endif
+#if !defined(RC4_CHUNK)
+/*
+ * This enables code handling data aligned at natural CPU word
+ * boundary. See crypto/rc4/rc4_enc.c for further details.
+ */
+#undef RC4_CHUNK
+#endif
+#endif
+
+#if (defined(HEADER_NEW_DES_H) || defined(HEADER_DES_H)) && !defined(DES_LONG)
+/* If this is set to 'unsigned int' on a DEC Alpha, this gives about a
+ * %20 speed up (longs are 8 bytes, int's are 4). */
+#ifndef DES_LONG
+#define DES_LONG unsigned int
+#endif
+#endif
+
+#if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H)
+#define CONFIG_HEADER_BN_H
+#undef BN_LLONG
+
+/* Should we define BN_DIV2W here? */
+
+/* Only one for the following should be defined */
+/* The prime number generation stuff may not work when
+ * EIGHT_BIT but I don't care since I've only used this mode
+ * for debuging the bignum libraries */
+#define SIXTY_FOUR_BIT_LONG
+#undef SIXTY_FOUR_BIT
+#undef THIRTY_TWO_BIT
+#undef SIXTEEN_BIT
+#undef EIGHT_BIT
+#endif
+
+#if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H)
+#define CONFIG_HEADER_RC4_LOCL_H
+/* if this is defined data[i] is used instead of *data, this is a %20
+ * speedup on x86 */
+#undef RC4_INDEX
+#endif
+
+#if defined(HEADER_BF_LOCL_H) && !defined(CONFIG_HEADER_BF_LOCL_H)
+#define CONFIG_HEADER_BF_LOCL_H
+#undef BF_PTR
+#endif /* HEADER_BF_LOCL_H */
+
+#if defined(HEADER_DES_LOCL_H) && !defined(CONFIG_HEADER_DES_LOCL_H)
+#define CONFIG_HEADER_DES_LOCL_H
+#ifndef DES_DEFAULT_OPTIONS
+/* the following is tweaked from a config script, that is why it is a
+ * protected undef/define */
+#ifndef DES_PTR
+#define DES_PTR
+#endif
+
+/* This helps C compiler generate the correct code for multiple functional
+ * units. It reduces register dependancies at the expense of 2 more
+ * registers */
+#ifndef DES_RISC1
+#undef DES_RISC1
+#endif
+
+#ifndef DES_RISC2
+#define DES_RISC2
+#endif
+
+#if defined(DES_RISC1) && defined(DES_RISC2)
+YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!!
+#endif
+
+/* Unroll the inner loop, this sometimes helps, sometimes hinders.
+ * Very mucy CPU dependant */
+#ifndef DES_UNROLL
+#undef DES_UNROLL
+#endif
+
+/* These default values were supplied by
+ * Peter Gutman <pgut001@cs.auckland.ac.nz>
+ * They are only used if nothing else has been defined */
+#if !defined(DES_PTR) && !defined(DES_RISC1) && !defined(DES_RISC2) && !defined(DES_UNROLL)
+/* Special defines which change the way the code is built depending on the
+ CPU and OS. For SGI machines you can use _MIPS_SZLONG (32 or 64) to find
+ even newer MIPS CPU's, but at the moment one size fits all for
+ optimization options. Older Sparc's work better with only UNROLL, but
+ there's no way to tell at compile time what it is you're running on */
+
+#if defined( sun ) /* Newer Sparc's */
+# define DES_PTR
+# define DES_RISC1
+# define DES_UNROLL
+#elif defined( __ultrix ) /* Older MIPS */
+# define DES_PTR
+# define DES_RISC2
+# define DES_UNROLL
+#elif defined( __osf1__ ) /* Alpha */
+# define DES_PTR
+# define DES_RISC2
+#elif defined ( _AIX ) /* RS6000 */
+ /* Unknown */
+#elif defined( __hpux ) /* HP-PA */
+ /* Unknown */
+#elif defined( __aux ) /* 68K */
+ /* Unknown */
+#elif defined( __dgux ) /* 88K (but P6 in latest boxes) */
+# define DES_UNROLL
+#elif defined( __sgi ) /* Newer MIPS */
+# define DES_PTR
+# define DES_RISC2
+# define DES_UNROLL
+#elif defined( i386 ) /* x86 boxes, should be gcc */
+# define DES_PTR
+# define DES_RISC1
+# define DES_UNROLL
+#endif /* Systems-specific speed defines */
+#endif
+
+#endif /* DES_DEFAULT_OPTIONS */
+#endif /* HEADER_DES_LOCL_H */
diff --git a/secure/lib/libcrypto/opensslconf-mips.h b/secure/lib/libcrypto/opensslconf-mips.h
new file mode 100644
index 0000000..98bbeb9
--- /dev/null
+++ b/secure/lib/libcrypto/opensslconf-mips.h
@@ -0,0 +1,231 @@
+/* $FreeBSD$ */
+/* opensslconf.h */
+/* WARNING: Generated automatically from opensslconf.h.in by Configure. */
+
+/* OpenSSL was configured with the following options: */
+#ifndef OPENSSL_DOING_MAKEDEPEND
+
+/* Disabled by default in OpenSSL 0.9.8. */
+#ifndef OPENSSL_NO_CAMELLIA
+# define OPENSSL_NO_CAMELLIA
+#endif
+/* Disabled by default in OpenSSL 0.9.8. */
+#ifndef OPENSSL_NO_CMS
+# define OPENSSL_NO_CMS
+#endif
+/* Disabled by default in OpenSSL 0.9.8. */
+#ifndef OPENSSL_NO_SEED
+# define OPENSSL_NO_SEED
+#endif
+/* jpake is marked experimental in OpenSSL 0.9.8. */
+#ifndef OPENSSL_NO_JPAKE
+# define OPENSSL_NO_JPAKE
+#endif
+/* libgmp is not in the FreeBSD base system. */
+#ifndef OPENSSL_NO_GMP
+# define OPENSSL_NO_GMP
+#endif
+/* The Kerberos 5 support is MIT-specific. */
+#ifndef OPENSSL_NO_KRB5
+# define OPENSSL_NO_KRB5
+#endif
+
+#endif /* OPENSSL_DOING_MAKEDEPEND */
+#ifndef OPENSSL_THREADS
+# define OPENSSL_THREADS
+#endif
+#ifndef OPENSSL_NO_STATIC_ENGINE
+# define OPENSSL_NO_STATIC_ENGINE
+#endif
+
+/* The OPENSSL_NO_* macros are also defined as NO_* if the application
+ asks for it. This is a transient feature that is provided for those
+ who haven't had the time to do the appropriate changes in their
+ applications. */
+#ifdef OPENSSL_ALGORITHM_DEFINES
+# if defined(OPENSSL_NO_GMP) && !defined(NO_GMP)
+# define NO_GMP
+# endif
+# if defined(OPENSSL_NO_KRB5) && !defined(NO_KRB5)
+# define NO_KRB5
+# endif
+# endif
+#ifdef OPENSSL_OTHER_DEFINES
+# ifndef NO_ASM
+# define NO_ASM
+# endif
+#endif
+
+/* crypto/opensslconf.h.in */
+
+/* Generate 80386 code? */
+#undef I386_ONLY
+
+#if !(defined(VMS) || defined(__VMS)) /* VMS uses logical names instead */
+#if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR)
+#define ENGINESDIR "/usr/lib/engines"
+#define OPENSSLDIR "/etc/ssl"
+#endif
+#endif
+
+#undef OPENSSL_UNISTD
+#define OPENSSL_UNISTD <unistd.h>
+
+#undef OPENSSL_EXPORT_VAR_AS_FUNCTION
+
+#if defined(HEADER_IDEA_H) && !defined(IDEA_INT)
+#define IDEA_INT unsigned int
+#endif
+
+#if defined(HEADER_MD2_H) && !defined(MD2_INT)
+#define MD2_INT unsigned int
+#endif
+
+#if defined(HEADER_RC2_H) && !defined(RC2_INT)
+/* I need to put in a mod for the alpha - eay */
+#define RC2_INT unsigned int
+#endif
+
+#if defined(HEADER_RC4_H)
+#if !defined(RC4_INT)
+/* using int types make the structure larger but make the code faster
+ * on most boxes I have tested - up to %20 faster. */
+/*
+ * I don't know what does "most" mean, but declaring "int" is a must on:
+ * - Intel P6 because partial register stalls are very expensive;
+ * - elder Alpha because it lacks byte load/store instructions;
+ */
+#define RC4_INT unsigned int
+#endif
+#if !defined(RC4_CHUNK)
+/*
+ * This enables code handling data aligned at natural CPU word
+ * boundary. See crypto/rc4/rc4_enc.c for further details.
+ */
+#undef RC4_CHUNK
+#endif
+#endif
+
+#if (defined(HEADER_NEW_DES_H) || defined(HEADER_DES_H)) && !defined(DES_LONG)
+/* If this is set to 'unsigned int' on a DEC Alpha, this gives about a
+ * %20 speed up (longs are 8 bytes, int's are 4). */
+#ifndef DES_LONG
+#ifdef __mips_n64
+#define DES_LONG unsigned int
+#else
+#define DES_LONG unsigned long
+#endif
+#endif
+#endif
+
+#if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H)
+#define CONFIG_HEADER_BN_H
+#ifdef __mips_n64
+#undef BN_LLONG
+#else
+#define BN_LLONG
+#endif
+
+/* Should we define BN_DIV2W here? */
+
+/* Only one for the following should be defined */
+/* The prime number generation stuff may not work when
+ * EIGHT_BIT but I don't care since I've only used this mode
+ * for debuging the bignum libraries */
+#ifdef __mips_n64
+#define SIXTY_FOUR_BIT_LONG
+#undef SIXTY_FOUR_BIT
+#undef THIRTY_TWO_BIT
+#else
+#undef SIXTY_FOUR_BIT_LONG
+#undef SIXTY_FOUR_BIT
+#define THIRTY_TWO_BIT
+#endif
+#undef SIXTEEN_BIT
+#undef EIGHT_BIT
+#endif
+
+#if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H)
+#define CONFIG_HEADER_RC4_LOCL_H
+/* if this is defined data[i] is used instead of *data, this is a %20
+ * speedup on x86 */
+#define RC4_INDEX
+#endif
+
+#if defined(HEADER_BF_LOCL_H) && !defined(CONFIG_HEADER_BF_LOCL_H)
+#define CONFIG_HEADER_BF_LOCL_H
+#undef BF_PTR
+#endif /* HEADER_BF_LOCL_H */
+
+#if defined(HEADER_DES_LOCL_H) && !defined(CONFIG_HEADER_DES_LOCL_H)
+#define CONFIG_HEADER_DES_LOCL_H
+#ifndef DES_DEFAULT_OPTIONS
+/* the following is tweaked from a config script, that is why it is a
+ * protected undef/define */
+#ifndef DES_PTR
+#define DES_PTR
+#endif
+
+/* This helps C compiler generate the correct code for multiple functional
+ * units. It reduces register dependancies at the expense of 2 more
+ * registers */
+#ifndef DES_RISC1
+#define DES_RISC1
+#endif
+
+#ifndef DES_RISC2
+#undef DES_RISC2
+#endif
+
+#if defined(DES_RISC1) && defined(DES_RISC2)
+YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!!
+#endif
+
+/* Unroll the inner loop, this sometimes helps, sometimes hinders.
+ * Very mucy CPU dependant */
+#ifndef DES_UNROLL
+#define DES_UNROLL
+#endif
+
+/* These default values were supplied by
+ * Peter Gutman <pgut001@cs.auckland.ac.nz>
+ * They are only used if nothing else has been defined */
+#if !defined(DES_PTR) && !defined(DES_RISC1) && !defined(DES_RISC2) && !defined(DES_UNROLL)
+/* Special defines which change the way the code is built depending on the
+ CPU and OS. For SGI machines you can use _MIPS_SZLONG (32 or 64) to find
+ even newer MIPS CPU's, but at the moment one size fits all for
+ optimization options. Older Sparc's work better with only UNROLL, but
+ there's no way to tell at compile time what it is you're running on */
+
+#if defined( sun ) /* Newer Sparc's */
+# define DES_PTR
+# define DES_RISC1
+# define DES_UNROLL
+#elif defined( __ultrix ) /* Older MIPS */
+# define DES_PTR
+# define DES_RISC2
+# define DES_UNROLL
+#elif defined( __osf1__ ) /* Alpha */
+# define DES_PTR
+# define DES_RISC2
+#elif defined ( _AIX ) /* RS6000 */
+ /* Unknown */
+#elif defined( __hpux ) /* HP-PA */
+ /* Unknown */
+#elif defined( __aux ) /* 68K */
+ /* Unknown */
+#elif defined( __dgux ) /* 88K (but P6 in latest boxes) */
+# define DES_UNROLL
+#elif defined( __sgi ) /* Newer MIPS */
+# define DES_PTR
+# define DES_RISC2
+# define DES_UNROLL
+#elif defined( i386 ) /* x86 boxes, should be gcc */
+# define DES_PTR
+# define DES_RISC1
+# define DES_UNROLL
+#endif /* Systems-specific speed defines */
+#endif
+
+#endif /* DES_DEFAULT_OPTIONS */
+#endif /* HEADER_DES_LOCL_H */
diff --git a/secure/lib/libcrypto/opensslconf-powerpc.h b/secure/lib/libcrypto/opensslconf-powerpc.h
new file mode 100644
index 0000000..70800fe
--- /dev/null
+++ b/secure/lib/libcrypto/opensslconf-powerpc.h
@@ -0,0 +1,226 @@
+/* $FreeBSD$ */
+/* opensslconf.h */
+/* WARNING: Generated automatically from opensslconf.h.in by Configure. */
+
+/* OpenSSL was configured with the following options: */
+#ifndef OPENSSL_DOING_MAKEDEPEND
+
+/* Disabled by default in OpenSSL 0.9.8. */
+#ifndef OPENSSL_NO_CAMELLIA
+# define OPENSSL_NO_CAMELLIA
+#endif
+/* Disabled by default in OpenSSL 0.9.8. */
+#ifndef OPENSSL_NO_CMS
+# define OPENSSL_NO_CMS
+#endif
+/* Disabled by default in OpenSSL 0.9.8. */
+#ifndef OPENSSL_NO_SEED
+# define OPENSSL_NO_SEED
+#endif
+/* jpake is marked experimental in OpenSSL 0.9.8. */
+#ifndef OPENSSL_NO_JPAKE
+# define OPENSSL_NO_JPAKE
+#endif
+/* libgmp is not in the FreeBSD base system. */
+#ifndef OPENSSL_NO_GMP
+# define OPENSSL_NO_GMP
+#endif
+/* The Kerberos 5 support is MIT-specific. */
+#ifndef OPENSSL_NO_KRB5
+# define OPENSSL_NO_KRB5
+#endif
+
+#endif /* OPENSSL_DOING_MAKEDEPEND */
+#ifndef OPENSSL_THREADS
+# define OPENSSL_THREADS
+#endif
+#ifndef OPENSSL_NO_STATIC_ENGINE
+# define OPENSSL_NO_STATIC_ENGINE
+#endif
+
+/* The OPENSSL_NO_* macros are also defined as NO_* if the application
+ asks for it. This is a transient feature that is provided for those
+ who haven't had the time to do the appropriate changes in their
+ applications. */
+#ifdef OPENSSL_ALGORITHM_DEFINES
+# if defined(OPENSSL_NO_GMP) && !defined(NO_GMP)
+# define NO_GMP
+# endif
+# if defined(OPENSSL_NO_KRB5) && !defined(NO_KRB5)
+# define NO_KRB5
+# endif
+# endif
+#ifdef OPENSSL_OTHER_DEFINES
+# ifndef NO_ASM
+# define NO_ASM
+# endif
+#endif
+
+/* crypto/opensslconf.h.in */
+
+/* Generate 80386 code? */
+#undef I386_ONLY
+
+#if !(defined(VMS) || defined(__VMS)) /* VMS uses logical names instead */
+#if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR)
+#define ENGINESDIR "/usr/lib/engines"
+#define OPENSSLDIR "/etc/ssl"
+#endif
+#endif
+
+#undef OPENSSL_UNISTD
+#define OPENSSL_UNISTD <unistd.h>
+
+#undef OPENSSL_EXPORT_VAR_AS_FUNCTION
+
+#if defined(HEADER_IDEA_H) && !defined(IDEA_INT)
+#define IDEA_INT unsigned int
+#endif
+
+#if defined(HEADER_MD2_H) && !defined(MD2_INT)
+#define MD2_INT unsigned int
+#endif
+
+#if defined(HEADER_RC2_H) && !defined(RC2_INT)
+/* I need to put in a mod for the alpha - eay */
+#define RC2_INT unsigned int
+#endif
+
+#if defined(HEADER_RC4_H)
+#if !defined(RC4_INT)
+/* using int types make the structure larger but make the code faster
+ * on most boxes I have tested - up to %20 faster. */
+/*
+ * I don't know what does "most" mean, but declaring "int" is a must on:
+ * - Intel P6 because partial register stalls are very expensive;
+ * - elder Alpha because it lacks byte load/store instructions;
+ */
+#define RC4_INT unsigned int
+#endif
+#if !defined(RC4_CHUNK)
+/*
+ * This enables code handling data aligned at natural CPU word
+ * boundary. See crypto/rc4/rc4_enc.c for further details.
+ */
+#undef RC4_CHUNK
+#endif
+#endif
+
+#if (defined(HEADER_NEW_DES_H) || defined(HEADER_DES_H)) && !defined(DES_LONG)
+/* If this is set to 'unsigned int' on a DEC Alpha, this gives about a
+ * %20 speed up (longs are 8 bytes, int's are 4). */
+#ifndef DES_LONG
+#define DES_LONG unsigned int
+#endif
+#endif
+
+#if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H)
+#define CONFIG_HEADER_BN_H
+#ifdef __powerpc64__
+#undef BN_LLONG
+#else
+#define BN_LLONG
+#endif
+
+/* Should we define BN_DIV2W here? */
+
+/* Only one for the following should be defined */
+/* The prime number generation stuff may not work when
+ * EIGHT_BIT but I don't care since I've only used this mode
+ * for debuging the bignum libraries */
+#ifdef __powerpc64__
+#define SIXTY_FOUR_BIT_LONG
+#undef THIRTY_TWO_BIT
+#else
+#undef SIXTY_FOUR_BIT_LONG
+#define THIRTY_TWO_BIT
+#endif
+#undef SIXTY_FOUR_BIT
+#undef SIXTEEN_BIT
+#undef EIGHT_BIT
+#endif
+
+#if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H)
+#define CONFIG_HEADER_RC4_LOCL_H
+/* if this is defined data[i] is used instead of *data, this is a %20
+ * speedup on x86 */
+#define RC4_INDEX
+#endif
+
+#if defined(HEADER_BF_LOCL_H) && !defined(CONFIG_HEADER_BF_LOCL_H)
+#define CONFIG_HEADER_BF_LOCL_H
+#undef BF_PTR
+#endif /* HEADER_BF_LOCL_H */
+
+#if defined(HEADER_DES_LOCL_H) && !defined(CONFIG_HEADER_DES_LOCL_H)
+#define CONFIG_HEADER_DES_LOCL_H
+#ifndef DES_DEFAULT_OPTIONS
+/* the following is tweaked from a config script, that is why it is a
+ * protected undef/define */
+#ifndef DES_PTR
+#define DES_PTR
+#endif
+
+/* This helps C compiler generate the correct code for multiple functional
+ * units. It reduces register dependancies at the expense of 2 more
+ * registers */
+#ifndef DES_RISC1
+#define DES_RISC1
+#endif
+
+#ifndef DES_RISC2
+#undef DES_RISC2
+#endif
+
+#if defined(DES_RISC1) && defined(DES_RISC2)
+YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!!
+#endif
+
+/* Unroll the inner loop, this sometimes helps, sometimes hinders.
+ * Very mucy CPU dependant */
+#ifndef DES_UNROLL
+#define DES_UNROLL
+#endif
+
+/* These default values were supplied by
+ * Peter Gutman <pgut001@cs.auckland.ac.nz>
+ * They are only used if nothing else has been defined */
+#if !defined(DES_PTR) && !defined(DES_RISC1) && !defined(DES_RISC2) && !defined(DES_UNROLL)
+/* Special defines which change the way the code is built depending on the
+ CPU and OS. For SGI machines you can use _MIPS_SZLONG (32 or 64) to find
+ even newer MIPS CPU's, but at the moment one size fits all for
+ optimization options. Older Sparc's work better with only UNROLL, but
+ there's no way to tell at compile time what it is you're running on */
+
+#if defined( sun ) /* Newer Sparc's */
+# define DES_PTR
+# define DES_RISC1
+# define DES_UNROLL
+#elif defined( __ultrix ) /* Older MIPS */
+# define DES_PTR
+# define DES_RISC2
+# define DES_UNROLL
+#elif defined( __osf1__ ) /* Alpha */
+# define DES_PTR
+# define DES_RISC2
+#elif defined ( _AIX ) /* RS6000 */
+ /* Unknown */
+#elif defined( __hpux ) /* HP-PA */
+ /* Unknown */
+#elif defined( __aux ) /* 68K */
+ /* Unknown */
+#elif defined( __dgux ) /* 88K (but P6 in latest boxes) */
+# define DES_UNROLL
+#elif defined( __sgi ) /* Newer MIPS */
+# define DES_PTR
+# define DES_RISC2
+# define DES_UNROLL
+#elif defined( i386 ) /* x86 boxes, should be gcc */
+# define DES_PTR
+# define DES_RISC1
+# define DES_UNROLL
+#endif /* Systems-specific speed defines */
+#endif
+
+#endif /* DES_DEFAULT_OPTIONS */
+#endif /* HEADER_DES_LOCL_H */
diff --git a/secure/lib/libcrypto/opensslconf-sparc64.h b/secure/lib/libcrypto/opensslconf-sparc64.h
new file mode 100644
index 0000000..ca7d682
--- /dev/null
+++ b/secure/lib/libcrypto/opensslconf-sparc64.h
@@ -0,0 +1,217 @@
+/* $FreeBSD$ */
+/* opensslconf.h */
+/* WARNING: Generated automatically from opensslconf.h.in by Configure. */
+
+/* OpenSSL was configured with the following options: */
+#ifndef OPENSSL_DOING_MAKEDEPEND
+
+/* Disabled by default in OpenSSL 0.9.8. */
+#ifndef OPENSSL_NO_CAMELLIA
+# define OPENSSL_NO_CAMELLIA
+#endif
+/* Disabled by default in OpenSSL 0.9.8. */
+#ifndef OPENSSL_NO_CMS
+# define OPENSSL_NO_CMS
+#endif
+/* Disabled by default in OpenSSL 0.9.8. */
+#ifndef OPENSSL_NO_SEED
+# define OPENSSL_NO_SEED
+#endif
+/* jpake is marked experimental in OpenSSL 0.9.8. */
+#ifndef OPENSSL_NO_JPAKE
+# define OPENSSL_NO_JPAKE
+#endif
+/* libgmp is not in the FreeBSD base system. */
+#ifndef OPENSSL_NO_GMP
+# define OPENSSL_NO_GMP
+#endif
+/* The Kerberos 5 support is MIT-specific. */
+#ifndef OPENSSL_NO_KRB5
+# define OPENSSL_NO_KRB5
+#endif
+
+#endif /* OPENSSL_DOING_MAKEDEPEND */
+#ifndef OPENSSL_THREADS
+# define OPENSSL_THREADS
+#endif
+#ifndef OPENSSL_NO_STATIC_ENGINE
+# define OPENSSL_NO_STATIC_ENGINE
+#endif
+
+/* The OPENSSL_NO_* macros are also defined as NO_* if the application
+ asks for it. This is a transient feature that is provided for those
+ who haven't had the time to do the appropriate changes in their
+ applications. */
+#ifdef OPENSSL_ALGORITHM_DEFINES
+# if defined(OPENSSL_NO_GMP) && !defined(NO_GMP)
+# define NO_GMP
+# endif
+# if defined(OPENSSL_NO_KRB5) && !defined(NO_KRB5)
+# define NO_KRB5
+# endif
+# endif
+#ifdef OPENSSL_OTHER_DEFINES
+# ifndef NO_ASM
+# define NO_ASM
+# endif
+#endif
+
+/* crypto/opensslconf.h.in */
+
+/* Generate 80386 code? */
+#undef I386_ONLY
+
+#if !(defined(VMS) || defined(__VMS)) /* VMS uses logical names instead */
+#if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR)
+#define ENGINESDIR "/usr/lib/engines"
+#define OPENSSLDIR "/etc/ssl"
+#endif
+#endif
+
+#undef OPENSSL_UNISTD
+#define OPENSSL_UNISTD <unistd.h>
+
+#undef OPENSSL_EXPORT_VAR_AS_FUNCTION
+
+#if defined(HEADER_IDEA_H) && !defined(IDEA_INT)
+#define IDEA_INT unsigned int
+#endif
+
+#if defined(HEADER_MD2_H) && !defined(MD2_INT)
+#define MD2_INT unsigned int
+#endif
+
+#if defined(HEADER_RC2_H) && !defined(RC2_INT)
+/* I need to put in a mod for the alpha - eay */
+#define RC2_INT unsigned int
+#endif
+
+#if defined(HEADER_RC4_H)
+#if !defined(RC4_INT)
+/* using int types make the structure larger but make the code faster
+ * on most boxes I have tested - up to %20 faster. */
+/*
+ * I don't know what does "most" mean, but declaring "int" is a must on:
+ * - Intel P6 because partial register stalls are very expensive;
+ * - elder Alpha because it lacks byte load/store instructions;
+ */
+#define RC4_INT unsigned int
+#endif
+#if !defined(RC4_CHUNK)
+/*
+ * This enables code handling data aligned at natural CPU word
+ * boundary. See crypto/rc4/rc4_enc.c for further details.
+ */
+#undef RC4_CHUNK
+#endif
+#endif
+
+#if (defined(HEADER_NEW_DES_H) || defined(HEADER_DES_H)) && !defined(DES_LONG)
+/* If this is set to 'unsigned int' on a DEC Alpha, this gives about a
+ * %20 speed up (longs are 8 bytes, int's are 4). */
+#ifndef DES_LONG
+#define DES_LONG unsigned int
+#endif
+#endif
+
+#if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H)
+#define CONFIG_HEADER_BN_H
+#undef BN_LLONG
+
+/* Should we define BN_DIV2W here? */
+
+/* Only one for the following should be defined */
+/* The prime number generation stuff may not work when
+ * EIGHT_BIT but I don't care since I've only used this mode
+ * for debuging the bignum libraries */
+#define SIXTY_FOUR_BIT_LONG
+#undef SIXTY_FOUR_BIT
+#undef THIRTY_TWO_BIT
+#undef SIXTEEN_BIT
+#undef EIGHT_BIT
+#endif
+
+#if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H)
+#define CONFIG_HEADER_RC4_LOCL_H
+/* if this is defined data[i] is used instead of *data, this is a %20
+ * speedup on x86 */
+#undef RC4_INDEX
+#endif
+
+#if defined(HEADER_BF_LOCL_H) && !defined(CONFIG_HEADER_BF_LOCL_H)
+#define CONFIG_HEADER_BF_LOCL_H
+#undef BF_PTR
+#endif /* HEADER_BF_LOCL_H */
+
+#if defined(HEADER_DES_LOCL_H) && !defined(CONFIG_HEADER_DES_LOCL_H)
+#define CONFIG_HEADER_DES_LOCL_H
+#ifndef DES_DEFAULT_OPTIONS
+/* the following is tweaked from a config script, that is why it is a
+ * protected undef/define */
+#ifndef DES_PTR
+#define DES_PTR
+#endif
+
+/* This helps C compiler generate the correct code for multiple functional
+ * units. It reduces register dependancies at the expense of 2 more
+ * registers */
+#ifndef DES_RISC1
+#undef DES_RISC1
+#endif
+
+#ifndef DES_RISC2
+#define DES_RISC2
+#endif
+
+#if defined(DES_RISC1) && defined(DES_RISC2)
+YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!!
+#endif
+
+/* Unroll the inner loop, this sometimes helps, sometimes hinders.
+ * Very mucy CPU dependant */
+#ifndef DES_UNROLL
+#undef DES_UNROLL
+#endif
+
+/* These default values were supplied by
+ * Peter Gutman <pgut001@cs.auckland.ac.nz>
+ * They are only used if nothing else has been defined */
+#if !defined(DES_PTR) && !defined(DES_RISC1) && !defined(DES_RISC2) && !defined(DES_UNROLL)
+/* Special defines which change the way the code is built depending on the
+ CPU and OS. For SGI machines you can use _MIPS_SZLONG (32 or 64) to find
+ even newer MIPS CPU's, but at the moment one size fits all for
+ optimization options. Older Sparc's work better with only UNROLL, but
+ there's no way to tell at compile time what it is you're running on */
+
+#if defined( sun ) /* Newer Sparc's */
+# define DES_PTR
+# define DES_RISC1
+# define DES_UNROLL
+#elif defined( __ultrix ) /* Older MIPS */
+# define DES_PTR
+# define DES_RISC2
+# define DES_UNROLL
+#elif defined( __osf1__ ) /* Alpha */
+# define DES_PTR
+# define DES_RISC2
+#elif defined ( _AIX ) /* RS6000 */
+ /* Unknown */
+#elif defined( __hpux ) /* HP-PA */
+ /* Unknown */
+#elif defined( __aux ) /* 68K */
+ /* Unknown */
+#elif defined( __dgux ) /* 88K (but P6 in latest boxes) */
+# define DES_UNROLL
+#elif defined( __sgi ) /* Newer MIPS */
+# define DES_PTR
+# define DES_RISC2
+# define DES_UNROLL
+#elif defined( i386 ) /* x86 boxes, should be gcc */
+# define DES_PTR
+# define DES_RISC1
+# define DES_UNROLL
+#endif /* Systems-specific speed defines */
+#endif
+
+#endif /* DES_DEFAULT_OPTIONS */
+#endif /* HEADER_DES_LOCL_H */
diff --git a/secure/lib/libssh/Makefile b/secure/lib/libssh/Makefile
new file mode 100644
index 0000000..662bb1a
--- /dev/null
+++ b/secure/lib/libssh/Makefile
@@ -0,0 +1,52 @@
+# $FreeBSD$
+
+.include <bsd.own.mk>
+
+LIB= ssh
+SHLIB_MAJOR= 5
+SRCS= acss.c authfd.c authfile.c bufaux.c bufbn.c buffer.c \
+ canohost.c channels.c cipher.c cipher-acss.c cipher-aes.c \
+ cipher-bf1.c cipher-ctr.c cipher-3des1.c cleanup.c \
+ compat.c compress.c crc32.c deattack.c fatal.c hostfile.c \
+ log.c match.c md-sha256.c moduli.c nchan.c packet.c \
+ readpass.c rsa.c ttymodes.c xmalloc.c addrmatch.c \
+ atomicio.c key.c dispatch.c kex.c mac.c uidswap.c uuencode.c misc.c \
+ monitor_fdpass.c rijndael.c ssh-dss.c ssh-ecdsa.c ssh-rsa.c dh.c \
+ kexdh.c kexgex.c kexdhc.c kexgexc.c bufec.c kexecdh.c kexecdhc.c \
+ msg.c progressmeter.c dns.c entropy.c umac.c jpake.c \
+ schnorr.c ssh-pkcs11.c
+
+# gss-genr.c should be in $SRCS but causes linking problems, so it is
+# compiled directly into sshd instead.
+
+# Portability layer
+SRCS+= bsd-misc.c fmt_scaled.c getrrsetbyname.c glob.c \
+ openssl-compat.c port-tun.c strtonum.c timingsafe_bcmp.c \
+ vis.c xcrypt.c xmmap.c
+# FreeBSD additions
+SRCS+= version.c
+
+.if defined(COMPAT_GETADDRINFO)
+SRCS+= getaddrinfo.c getnameinfo.c name6.c rcmd.c bindresvport.c
+.endif
+
+CFLAGS+= -I${SSHDIR} -include ssh_namespace.h
+DPADD= ${LIBZ}
+LDADD= -lz
+
+.if ${MK_KERBEROS_SUPPORT} != "no"
+CFLAGS+= -DGSSAPI -DHAVE_GSSAPI_GSSAPI_H=1 -DKRB5 -DHEIMDAL
+DPADD+= ${LIBGSSAPI} ${LIBKRB5} ${LIBHX509} ${LIBASN1} ${LIBCOM_ERR} ${LIBMD} ${LIBROKEN}
+LDADD+= -lgssapi -lkrb5 -lhx509 -lasn1 -lcom_err -lmd -lroken
+.endif
+
+NO_LINT=
+
+DPADD+= ${LIBCRYPTO} ${LIBCRYPT}
+LDADD+= -lcrypto -lcrypt
+
+.include <bsd.lib.mk>
+
+.PATH: ${SSHDIR} ${SSHDIR}/openbsd-compat
+
+${OBJS} ${POBJS} ${SOBJS}: ssh_namespace.h
diff --git a/secure/lib/libssl/Makefile b/secure/lib/libssl/Makefile
new file mode 100644
index 0000000..c8cc554
--- /dev/null
+++ b/secure/lib/libssl/Makefile
@@ -0,0 +1,31 @@
+# $FreeBSD$
+
+LIB= ssl
+SHLIB_MAJOR= 6
+
+NO_LINT=
+
+.if exists(Makefile.man)
+.include "Makefile.man"
+.endif
+.include "../libcrypto/Makefile.inc"
+
+SRCS= bio_ssl.c d1_meth.c d1_srvr.c d1_clnt.c d1_lib.c d1_pkt.c \
+ d1_both.c d1_enc.c \
+ s23_clnt.c s23_lib.c s23_meth.c s23_pkt.c s23_srvr.c \
+ s2_clnt.c s2_enc.c s2_lib.c s2_meth.c s2_pkt.c s2_srvr.c \
+ s3_both.c s3_clnt.c s3_enc.c s3_lib.c s3_meth.c s3_pkt.c \
+ s3_srvr.c ssl_algs.c ssl_asn1.c ssl_cert.c ssl_ciph.c \
+ ssl_err.c ssl_err2.c ssl_lib.c ssl_rsa.c ssl_sess.c ssl_stat.c \
+ ssl_txt.c t1_clnt.c t1_enc.c t1_lib.c t1_meth.c t1_reneg.c t1_srvr.c
+
+INCS= dtls1.h kssl.h ssl.h ssl2.h ssl23.h ssl3.h tls1.h
+INCSDIR=${INCLUDEDIR}/openssl
+
+DPADD= ${LIBCRYPTO}
+LDADD= -lcrypto
+
+.include <bsd.lib.mk>
+
+.PATH: ${LCRYPTO_SRC}/ssl \
+ ${.CURDIR}/man
diff --git a/secure/lib/libssl/Makefile.man b/secure/lib/libssl/Makefile.man
new file mode 100644
index 0000000..8219687
--- /dev/null
+++ b/secure/lib/libssl/Makefile.man
@@ -0,0 +1,209 @@
+# $FreeBSD$
+# DO NOT EDIT: generated from man-makefile-update target
+MAN+= SSL_CIPHER_get_name.3
+MAN+= SSL_COMP_add_compression_method.3
+MAN+= SSL_CTX_add_extra_chain_cert.3
+MAN+= SSL_CTX_add_session.3
+MAN+= SSL_CTX_ctrl.3
+MAN+= SSL_CTX_flush_sessions.3
+MAN+= SSL_CTX_free.3
+MAN+= SSL_CTX_get_ex_new_index.3
+MAN+= SSL_CTX_get_verify_mode.3
+MAN+= SSL_CTX_load_verify_locations.3
+MAN+= SSL_CTX_new.3
+MAN+= SSL_CTX_sess_number.3
+MAN+= SSL_CTX_sess_set_cache_size.3
+MAN+= SSL_CTX_sess_set_get_cb.3
+MAN+= SSL_CTX_sessions.3
+MAN+= SSL_CTX_set_cert_store.3
+MAN+= SSL_CTX_set_cert_verify_callback.3
+MAN+= SSL_CTX_set_cipher_list.3
+MAN+= SSL_CTX_set_client_CA_list.3
+MAN+= SSL_CTX_set_client_cert_cb.3
+MAN+= SSL_CTX_set_default_passwd_cb.3
+MAN+= SSL_CTX_set_generate_session_id.3
+MAN+= SSL_CTX_set_info_callback.3
+MAN+= SSL_CTX_set_max_cert_list.3
+MAN+= SSL_CTX_set_mode.3
+MAN+= SSL_CTX_set_msg_callback.3
+MAN+= SSL_CTX_set_options.3
+MAN+= SSL_CTX_set_quiet_shutdown.3
+MAN+= SSL_CTX_set_session_cache_mode.3
+MAN+= SSL_CTX_set_session_id_context.3
+MAN+= SSL_CTX_set_ssl_version.3
+MAN+= SSL_CTX_set_timeout.3
+MAN+= SSL_CTX_set_tmp_dh_callback.3
+MAN+= SSL_CTX_set_tmp_rsa_callback.3
+MAN+= SSL_CTX_set_verify.3
+MAN+= SSL_CTX_use_certificate.3
+MAN+= SSL_SESSION_free.3
+MAN+= SSL_SESSION_get_ex_new_index.3
+MAN+= SSL_SESSION_get_time.3
+MAN+= SSL_accept.3
+MAN+= SSL_alert_type_string.3
+MAN+= SSL_clear.3
+MAN+= SSL_connect.3
+MAN+= SSL_do_handshake.3
+MAN+= SSL_free.3
+MAN+= SSL_get_SSL_CTX.3
+MAN+= SSL_get_ciphers.3
+MAN+= SSL_get_client_CA_list.3
+MAN+= SSL_get_current_cipher.3
+MAN+= SSL_get_default_timeout.3
+MAN+= SSL_get_error.3
+MAN+= SSL_get_ex_data_X509_STORE_CTX_idx.3
+MAN+= SSL_get_ex_new_index.3
+MAN+= SSL_get_fd.3
+MAN+= SSL_get_peer_cert_chain.3
+MAN+= SSL_get_peer_certificate.3
+MAN+= SSL_get_rbio.3
+MAN+= SSL_get_session.3
+MAN+= SSL_get_verify_result.3
+MAN+= SSL_get_version.3
+MAN+= SSL_library_init.3
+MAN+= SSL_load_client_CA_file.3
+MAN+= SSL_new.3
+MAN+= SSL_pending.3
+MAN+= SSL_read.3
+MAN+= SSL_rstate_string.3
+MAN+= SSL_session_reused.3
+MAN+= SSL_set_bio.3
+MAN+= SSL_set_connect_state.3
+MAN+= SSL_set_fd.3
+MAN+= SSL_set_session.3
+MAN+= SSL_set_shutdown.3
+MAN+= SSL_set_verify_result.3
+MAN+= SSL_shutdown.3
+MAN+= SSL_state_string.3
+MAN+= SSL_want.3
+MAN+= SSL_write.3
+MAN+= d2i_SSL_SESSION.3
+MAN+= ssl.3
+MLINKS+= SSL_CIPHER_get_name.3 SSL_CIPHER_get_bits.3
+MLINKS+= SSL_CIPHER_get_name.3 SSL_CIPHER_get_version.3
+MLINKS+= SSL_CIPHER_get_name.3 SSL_CIPHER_description.3
+MLINKS+= SSL_CTX_add_session.3 SSL_add_session.3
+MLINKS+= SSL_CTX_add_session.3 SSL_CTX_remove_session.3
+MLINKS+= SSL_CTX_add_session.3 SSL_remove_session.3
+MLINKS+= SSL_CTX_ctrl.3 SSL_CTX_callback_ctrl.3
+MLINKS+= SSL_CTX_ctrl.3 SSL_ctrl.3
+MLINKS+= SSL_CTX_ctrl.3 SSL_callback_ctrl.3
+MLINKS+= SSL_CTX_flush_sessions.3 SSL_flush_sessions.3
+MLINKS+= SSL_CTX_get_ex_new_index.3 SSL_CTX_set_ex_data.3
+MLINKS+= SSL_CTX_get_ex_new_index.3 SSL_CTX_get_ex_data.3
+MLINKS+= SSL_CTX_get_verify_mode.3 SSL_get_verify_mode.3
+MLINKS+= SSL_CTX_get_verify_mode.3 SSL_CTX_get_verify_depth.3
+MLINKS+= SSL_CTX_get_verify_mode.3 SSL_get_verify_depth.3
+MLINKS+= SSL_CTX_get_verify_mode.3 SSL_get_verify_callback.3
+MLINKS+= SSL_CTX_get_verify_mode.3 SSL_CTX_get_verify_callback.3
+MLINKS+= SSL_CTX_sess_number.3 SSL_CTX_sess_connect.3
+MLINKS+= SSL_CTX_sess_number.3 SSL_CTX_sess_connect_good.3
+MLINKS+= SSL_CTX_sess_number.3 SSL_CTX_sess_connect_renegotiate.3
+MLINKS+= SSL_CTX_sess_number.3 SSL_CTX_sess_accept.3
+MLINKS+= SSL_CTX_sess_number.3 SSL_CTX_sess_accept_good.3
+MLINKS+= SSL_CTX_sess_number.3 SSL_CTX_sess_accept_renegotiate.3
+MLINKS+= SSL_CTX_sess_number.3 SSL_CTX_sess_hits.3
+MLINKS+= SSL_CTX_sess_number.3 SSL_CTX_sess_cb_hits.3
+MLINKS+= SSL_CTX_sess_number.3 SSL_CTX_sess_misses.3
+MLINKS+= SSL_CTX_sess_number.3 SSL_CTX_sess_timeouts.3
+MLINKS+= SSL_CTX_sess_number.3 SSL_CTX_sess_cache_full.3
+MLINKS+= SSL_CTX_sess_set_cache_size.3 SSL_CTX_sess_get_cache_size.3
+MLINKS+= SSL_CTX_sess_set_get_cb.3 SSL_CTX_sess_set_new_cb.3
+MLINKS+= SSL_CTX_sess_set_get_cb.3 SSL_CTX_sess_set_remove_cb.3
+MLINKS+= SSL_CTX_sess_set_get_cb.3 SSL_CTX_sess_get_new_cb.3
+MLINKS+= SSL_CTX_sess_set_get_cb.3 SSL_CTX_sess_get_remove_cb.3
+MLINKS+= SSL_CTX_sess_set_get_cb.3 SSL_CTX_sess_get_get_cb.3
+MLINKS+= SSL_CTX_set_cert_store.3 SSL_CTX_get_cert_store.3
+MLINKS+= SSL_CTX_set_cipher_list.3 SSL_set_cipher_list.3
+MLINKS+= SSL_CTX_set_client_CA_list.3 SSL_set_client_CA_list.3
+MLINKS+= SSL_CTX_set_client_CA_list.3 SSL_CTX_add_client_CA.3
+MLINKS+= SSL_CTX_set_client_CA_list.3 SSL_add_client_CA.3
+MLINKS+= SSL_CTX_set_client_cert_cb.3 SSL_CTX_get_client_cert_cb.3
+MLINKS+= SSL_CTX_set_default_passwd_cb.3 SSL_CTX_set_default_passwd_cb_userdata.3
+MLINKS+= SSL_CTX_set_generate_session_id.3 SSL_set_generate_session_id.3
+MLINKS+= SSL_CTX_set_generate_session_id.3 SSL_has_matching_session_id.3
+MLINKS+= SSL_CTX_set_info_callback.3 SSL_CTX_get_info_callback.3
+MLINKS+= SSL_CTX_set_info_callback.3 SSL_set_info_callback.3
+MLINKS+= SSL_CTX_set_info_callback.3 SSL_get_info_callback.3
+MLINKS+= SSL_CTX_set_max_cert_list.3 SSL_CTX_get_max_cert_list.3
+MLINKS+= SSL_CTX_set_max_cert_list.3 SSL_set_max_cert_list.3
+MLINKS+= SSL_CTX_set_max_cert_list.3 SSL_get_max_cert_list.3
+MLINKS+= SSL_CTX_set_mode.3 SSL_set_mode.3
+MLINKS+= SSL_CTX_set_mode.3 SSL_CTX_get_mode.3
+MLINKS+= SSL_CTX_set_mode.3 SSL_get_mode.3
+MLINKS+= SSL_CTX_set_msg_callback.3 SSL_CTX_set_msg_callback_arg.3
+MLINKS+= SSL_CTX_set_msg_callback.3 SSL_set_msg_callback.3
+MLINKS+= SSL_CTX_set_msg_callback.3 SSL_get_msg_callback_arg.3
+MLINKS+= SSL_CTX_set_options.3 SSL_set_options.3
+MLINKS+= SSL_CTX_set_options.3 SSL_CTX_clear_options.3
+MLINKS+= SSL_CTX_set_options.3 SSL_clear_options.3
+MLINKS+= SSL_CTX_set_options.3 SSL_CTX_get_options.3
+MLINKS+= SSL_CTX_set_options.3 SSL_get_options.3
+MLINKS+= SSL_CTX_set_options.3 SSL_get_secure_renegotiation_support.3
+MLINKS+= SSL_CTX_set_quiet_shutdown.3 SSL_CTX_get_quiet_shutdown.3
+MLINKS+= SSL_CTX_set_quiet_shutdown.3 SSL_set_quiet_shutdown.3
+MLINKS+= SSL_CTX_set_quiet_shutdown.3 SSL_get_quiet_shutdown.3
+MLINKS+= SSL_CTX_set_session_cache_mode.3 SSL_CTX_get_session_cache_mode.3
+MLINKS+= SSL_CTX_set_session_id_context.3 SSL_set_session_id_context.3
+MLINKS+= SSL_CTX_set_ssl_version.3 SSL_set_ssl_method.3
+MLINKS+= SSL_CTX_set_ssl_version.3 SSL_get_ssl_method.3
+MLINKS+= SSL_CTX_set_timeout.3 SSL_CTX_get_timeout.3
+MLINKS+= SSL_CTX_set_tmp_dh_callback.3 SSL_CTX_set_tmp_dh.3
+MLINKS+= SSL_CTX_set_tmp_dh_callback.3 SSL_set_tmp_dh_callback.3
+MLINKS+= SSL_CTX_set_tmp_dh_callback.3 SSL_set_tmp_dh.3
+MLINKS+= SSL_CTX_set_tmp_rsa_callback.3 SSL_CTX_set_tmp_rsa.3
+MLINKS+= SSL_CTX_set_tmp_rsa_callback.3 SSL_CTX_need_tmp_rsa.3
+MLINKS+= SSL_CTX_set_tmp_rsa_callback.3 SSL_set_tmp_rsa_callback.3
+MLINKS+= SSL_CTX_set_tmp_rsa_callback.3 SSL_set_tmp_rsa.3
+MLINKS+= SSL_CTX_set_tmp_rsa_callback.3 SSL_need_tmp_rsa.3
+MLINKS+= SSL_CTX_set_verify.3 SSL_set_verify.3
+MLINKS+= SSL_CTX_set_verify.3 SSL_CTX_set_verify_depth.3
+MLINKS+= SSL_CTX_set_verify.3 SSL_set_verify_depth.3
+MLINKS+= SSL_CTX_use_certificate.3 SSL_CTX_use_certificate_ASN1.3
+MLINKS+= SSL_CTX_use_certificate.3 SSL_CTX_use_certificate_file.3
+MLINKS+= SSL_CTX_use_certificate.3 SSL_use_certificate.3
+MLINKS+= SSL_CTX_use_certificate.3 SSL_use_certificate_ASN1.3
+MLINKS+= SSL_CTX_use_certificate.3 SSL_use_certificate_file.3
+MLINKS+= SSL_CTX_use_certificate.3 SSL_CTX_use_certificate_chain_file.3
+MLINKS+= SSL_CTX_use_certificate.3 SSL_CTX_use_PrivateKey.3
+MLINKS+= SSL_CTX_use_certificate.3 SSL_CTX_use_PrivateKey_ASN1.3
+MLINKS+= SSL_CTX_use_certificate.3 SSL_CTX_use_PrivateKey_file.3
+MLINKS+= SSL_CTX_use_certificate.3 SSL_CTX_use_RSAPrivateKey.3
+MLINKS+= SSL_CTX_use_certificate.3 SSL_CTX_use_RSAPrivateKey_ASN1.3
+MLINKS+= SSL_CTX_use_certificate.3 SSL_CTX_use_RSAPrivateKey_file.3
+MLINKS+= SSL_CTX_use_certificate.3 SSL_use_PrivateKey_file.3
+MLINKS+= SSL_CTX_use_certificate.3 SSL_use_PrivateKey_ASN1.3
+MLINKS+= SSL_CTX_use_certificate.3 SSL_use_PrivateKey.3
+MLINKS+= SSL_CTX_use_certificate.3 SSL_use_RSAPrivateKey.3
+MLINKS+= SSL_CTX_use_certificate.3 SSL_use_RSAPrivateKey_ASN1.3
+MLINKS+= SSL_CTX_use_certificate.3 SSL_use_RSAPrivateKey_file.3
+MLINKS+= SSL_CTX_use_certificate.3 SSL_CTX_check_private_key.3
+MLINKS+= SSL_CTX_use_certificate.3 SSL_check_private_key.3
+MLINKS+= SSL_SESSION_get_ex_new_index.3 SSL_SESSION_set_ex_data.3
+MLINKS+= SSL_SESSION_get_ex_new_index.3 SSL_SESSION_get_ex_data.3
+MLINKS+= SSL_SESSION_get_time.3 SSL_SESSION_set_time.3
+MLINKS+= SSL_SESSION_get_time.3 SSL_SESSION_get_timeout.3
+MLINKS+= SSL_SESSION_get_time.3 SSL_SESSION_set_timeout.3
+MLINKS+= SSL_alert_type_string.3 SSL_alert_type_string_long.3
+MLINKS+= SSL_alert_type_string.3 SSL_alert_desc_string.3
+MLINKS+= SSL_alert_type_string.3 SSL_alert_desc_string_long.3
+MLINKS+= SSL_get_ciphers.3 SSL_get_cipher_list.3
+MLINKS+= SSL_get_client_CA_list.3 SSL_CTX_get_client_CA_list.3
+MLINKS+= SSL_get_current_cipher.3 SSL_get_cipher.3
+MLINKS+= SSL_get_current_cipher.3 SSL_get_cipher_name.3
+MLINKS+= SSL_get_current_cipher.3 SSL_get_cipher_bits.3
+MLINKS+= SSL_get_current_cipher.3 SSL_get_cipher_version.3
+MLINKS+= SSL_get_ex_new_index.3 SSL_set_ex_data.3
+MLINKS+= SSL_get_ex_new_index.3 SSL_get_ex_data.3
+MLINKS+= SSL_library_init.3 OpenSSL_add_ssl_algorithms.3
+MLINKS+= SSL_library_init.3 SSLeay_add_ssl_algorithms.3
+MLINKS+= SSL_rstate_string.3 SSL_rstate_string_long.3
+MLINKS+= SSL_set_connect_state.3 SSL_get_accept_state.3
+MLINKS+= SSL_set_shutdown.3 SSL_get_shutdown.3
+MLINKS+= SSL_state_string.3 SSL_state_string_long.3
+MLINKS+= SSL_want.3 SSL_want_nothing.3
+MLINKS+= SSL_want.3 SSL_want_read.3
+MLINKS+= SSL_want.3 SSL_want_write.3
+MLINKS+= SSL_want.3 SSL_want_x509_lookup.3
+MLINKS+= d2i_SSL_SESSION.3 i2d_SSL_SESSION.3
+MLINKS+= ssl.3 SSL.3
diff --git a/secure/lib/libssl/man/SSL_CIPHER_get_name.3 b/secure/lib/libssl/man/SSL_CIPHER_get_name.3
new file mode 100644
index 0000000..0a28e0a
--- /dev/null
+++ b/secure/lib/libssl/man/SSL_CIPHER_get_name.3
@@ -0,0 +1,224 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "SSL_CIPHER_get_name 3"
+.TH SSL_CIPHER_get_name 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+SSL_CIPHER_get_name, SSL_CIPHER_get_bits, SSL_CIPHER_get_version, SSL_CIPHER_description \- get SSL_CIPHER properties
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/ssl.h>
+\&
+\& const char *SSL_CIPHER_get_name(const SSL_CIPHER *cipher);
+\& int SSL_CIPHER_get_bits(const SSL_CIPHER *cipher, int *alg_bits);
+\& char *SSL_CIPHER_get_version(const SSL_CIPHER *cipher);
+\& char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int size);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\fISSL_CIPHER_get_name()\fR returns a pointer to the name of \fBcipher\fR. If the
+argument is the \s-1NULL\s0 pointer, a pointer to the constant value \*(L"\s-1NONE\s0\*(R" is
+returned.
+.PP
+\&\fISSL_CIPHER_get_bits()\fR returns the number of secret bits used for \fBcipher\fR. If
+\&\fBalg_bits\fR is not \s-1NULL\s0, it contains the number of bits processed by the
+chosen algorithm. If \fBcipher\fR is \s-1NULL\s0, 0 is returned.
+.PP
+\&\fISSL_CIPHER_get_version()\fR returns the protocol version for \fBcipher\fR, currently
+\&\*(L"SSLv2\*(R", \*(L"SSLv3\*(R", or \*(L"TLSv1\*(R". If \fBcipher\fR is \s-1NULL\s0, \*(L"(\s-1NONE\s0)\*(R" is returned.
+.PP
+\&\fISSL_CIPHER_description()\fR returns a textual description of the cipher used
+into the buffer \fBbuf\fR of length \fBlen\fR provided. \fBlen\fR must be at least
+128 bytes, otherwise a pointer to the string \*(L"Buffer too small\*(R" is
+returned. If \fBbuf\fR is \s-1NULL\s0, a buffer of 128 bytes is allocated using
+\&\fIOPENSSL_malloc()\fR. If the allocation fails, a pointer to the string
+\&\*(L"OPENSSL_malloc Error\*(R" is returned.
+.SH "NOTES"
+.IX Header "NOTES"
+The number of bits processed can be different from the secret bits. An
+export cipher like e.g. \s-1EXP\-RC4\-MD5\s0 has only 40 secret bits. The algorithm
+does use the full 128 bits (which would be returned for \fBalg_bits\fR), of
+which however 88bits are fixed. The search space is hence only 40 bits.
+.PP
+The string returned by \fISSL_CIPHER_description()\fR in case of success consists
+of cleartext information separated by one or more blanks in the following
+sequence:
+.IP "<ciphername>" 4
+.IX Item "<ciphername>"
+Textual representation of the cipher name.
+.IP "<protocol version>" 4
+.IX Item "<protocol version>"
+Protocol version: \fBSSLv2\fR, \fBSSLv3\fR. The TLSv1 ciphers are flagged with SSLv3.
+.IP "Kx=<key exchange>" 4
+.IX Item "Kx=<key exchange>"
+Key exchange method: \fB\s-1RSA\s0\fR (for export ciphers as \fB\s-1RSA\s0(512)\fR or
+\&\fB\s-1RSA\s0(1024)\fR), \fB\s-1DH\s0\fR (for export ciphers as \fB\s-1DH\s0(512)\fR or \fB\s-1DH\s0(1024)\fR),
+\&\fB\s-1DH/RSA\s0\fR, \fB\s-1DH/DSS\s0\fR, \fBFortezza\fR.
+.IP "Au=<authentication>" 4
+.IX Item "Au=<authentication>"
+Authentication method: \fB\s-1RSA\s0\fR, \fB\s-1DSS\s0\fR, \fB\s-1DH\s0\fR, \fBNone\fR. None is the
+representation of anonymous ciphers.
+.IP "Enc=<symmetric encryption method>" 4
+.IX Item "Enc=<symmetric encryption method>"
+Encryption method with number of secret bits: \fB\s-1DES\s0(40)\fR, \fB\s-1DES\s0(56)\fR,
+\&\fB3DES(168)\fR, \fB\s-1RC4\s0(40)\fR, \fB\s-1RC4\s0(56)\fR, \fB\s-1RC4\s0(64)\fR, \fB\s-1RC4\s0(128)\fR,
+\&\fB\s-1RC2\s0(40)\fR, \fB\s-1RC2\s0(56)\fR, \fB\s-1RC2\s0(128)\fR, \fB\s-1IDEA\s0(128)\fR, \fBFortezza\fR, \fBNone\fR.
+.IP "Mac=<message authentication code>" 4
+.IX Item "Mac=<message authentication code>"
+Message digest: \fB\s-1MD5\s0\fR, \fB\s-1SHA1\s0\fR.
+.IP "<export flag>" 4
+.IX Item "<export flag>"
+If the cipher is flagged exportable with respect to old \s-1US\s0 crypto
+regulations, the word "\fBexport\fR" is printed.
+.SH "EXAMPLES"
+.IX Header "EXAMPLES"
+Some examples for the output of \fISSL_CIPHER_description()\fR:
+.PP
+.Vb 4
+\& EDH\-RSA\-DES\-CBC3\-SHA SSLv3 Kx=DH Au=RSA Enc=3DES(168) Mac=SHA1
+\& EDH\-DSS\-DES\-CBC3\-SHA SSLv3 Kx=DH Au=DSS Enc=3DES(168) Mac=SHA1
+\& RC4\-MD5 SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5
+\& EXP\-RC4\-MD5 SSLv3 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5 export
+.Ve
+.SH "BUGS"
+.IX Header "BUGS"
+If \fISSL_CIPHER_description()\fR is called with \fBcipher\fR being \s-1NULL\s0, the
+library crashes.
+.PP
+If \fISSL_CIPHER_description()\fR cannot handle a built-in cipher, the according
+description of the cipher property is \fBunknown\fR. This case should not
+occur.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+See \s-1DESCRIPTION\s0
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIssl\fR\|(3), \fISSL_get_current_cipher\fR\|(3),
+\&\fISSL_get_ciphers\fR\|(3), \fIciphers\fR\|(1)
diff --git a/secure/lib/libssl/man/SSL_COMP_add_compression_method.3 b/secure/lib/libssl/man/SSL_COMP_add_compression_method.3
new file mode 100644
index 0000000..2039b1c
--- /dev/null
+++ b/secure/lib/libssl/man/SSL_COMP_add_compression_method.3
@@ -0,0 +1,185 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "SSL_COMP_add_compression_method 3"
+.TH SSL_COMP_add_compression_method 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+SSL_COMP_add_compression_method \- handle SSL/TLS integrated compression methods
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/ssl.h>
+\&
+\& int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\fISSL_COMP_add_compression_method()\fR adds the compression method \fBcm\fR with
+the identifier \fBid\fR to the list of available compression methods. This
+list is globally maintained for all \s-1SSL\s0 operations within this application.
+It cannot be set for specific \s-1SSL_CTX\s0 or \s-1SSL\s0 objects.
+.SH "NOTES"
+.IX Header "NOTES"
+The \s-1TLS\s0 standard (or SSLv3) allows the integration of compression methods
+into the communication. The \s-1TLS\s0 \s-1RFC\s0 does however not specify compression
+methods or their corresponding identifiers, so there is currently no compatible
+way to integrate compression with unknown peers. It is therefore currently not
+recommended to integrate compression into applications. Applications for
+non-public use may agree on certain compression methods. Using different
+compression methods with the same identifier will lead to connection failure.
+.PP
+An OpenSSL client speaking a protocol that allows compression (SSLv3, TLSv1)
+will unconditionally send the list of all compression methods enabled with
+\&\fISSL_COMP_add_compression_method()\fR to the server during the handshake.
+Unlike the mechanisms to set a cipher list, there is no method available to
+restrict the list of compression method on a per connection basis.
+.PP
+An OpenSSL server will match the identifiers listed by a client against
+its own compression methods and will unconditionally activate compression
+when a matching identifier is found. There is no way to restrict the list
+of compression methods supported on a per connection basis.
+.PP
+The OpenSSL library has the compression methods \fB\f(BICOMP_rle()\fB\fR and (when
+especially enabled during compilation) \fB\f(BICOMP_zlib()\fB\fR available.
+.SH "WARNINGS"
+.IX Header "WARNINGS"
+Once the identities of the compression methods for the \s-1TLS\s0 protocol have
+been standardized, the compression \s-1API\s0 will most likely be changed. Using
+it in the current state is not recommended.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+\&\fISSL_COMP_add_compression_method()\fR may return the following values:
+.IP "0" 4
+The operation succeeded.
+.IP "1" 4
+.IX Item "1"
+The operation failed. Check the error queue to find out the reason.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIssl\fR\|(3)
diff --git a/secure/lib/libssl/man/SSL_CTX_add_extra_chain_cert.3 b/secure/lib/libssl/man/SSL_CTX_add_extra_chain_cert.3
new file mode 100644
index 0000000..5c09f4e
--- /dev/null
+++ b/secure/lib/libssl/man/SSL_CTX_add_extra_chain_cert.3
@@ -0,0 +1,162 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "SSL_CTX_add_extra_chain_cert 3"
+.TH SSL_CTX_add_extra_chain_cert 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+SSL_CTX_add_extra_chain_cert \- add certificate to chain
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/ssl.h>
+\&
+\& long SSL_CTX_add_extra_chain_cert(SSL_CTX ctx, X509 *x509)
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\fISSL_CTX_add_extra_chain_cert()\fR adds the certificate \fBx509\fR to the certificate
+chain presented together with the certificate. Several certificates
+can be added one after the other.
+.SH "NOTES"
+.IX Header "NOTES"
+When constructing the certificate chain, the chain will be formed from
+these certificates explicitly specified. If no chain is specified,
+the library will try to complete the chain from the available \s-1CA\s0
+certificates in the trusted \s-1CA\s0 storage, see
+\&\fISSL_CTX_load_verify_locations\fR\|(3).
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+\&\fISSL_CTX_add_extra_chain_cert()\fR returns 1 on success. Check out the
+error stack to find out the reason for failure otherwise.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIssl\fR\|(3),
+\&\fISSL_CTX_use_certificate\fR\|(3),
+\&\fISSL_CTX_set_client_cert_cb\fR\|(3),
+\&\fISSL_CTX_load_verify_locations\fR\|(3)
diff --git a/secure/lib/libssl/man/SSL_CTX_add_session.3 b/secure/lib/libssl/man/SSL_CTX_add_session.3
new file mode 100644
index 0000000..e74d1c9
--- /dev/null
+++ b/secure/lib/libssl/man/SSL_CTX_add_session.3
@@ -0,0 +1,192 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "SSL_CTX_add_session 3"
+.TH SSL_CTX_add_session 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+SSL_CTX_add_session, SSL_add_session, SSL_CTX_remove_session, SSL_remove_session \- manipulate session cache
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/ssl.h>
+\&
+\& int SSL_CTX_add_session(SSL_CTX *ctx, SSL_SESSION *c);
+\& int SSL_add_session(SSL_CTX *ctx, SSL_SESSION *c);
+\&
+\& int SSL_CTX_remove_session(SSL_CTX *ctx, SSL_SESSION *c);
+\& int SSL_remove_session(SSL_CTX *ctx, SSL_SESSION *c);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\fISSL_CTX_add_session()\fR adds the session \fBc\fR to the context \fBctx\fR. The
+reference count for session \fBc\fR is incremented by 1. If a session with
+the same session id already exists, the old session is removed by calling
+\&\fISSL_SESSION_free\fR\|(3).
+.PP
+\&\fISSL_CTX_remove_session()\fR removes the session \fBc\fR from the context \fBctx\fR.
+\&\fISSL_SESSION_free\fR\|(3) is called once for \fBc\fR.
+.PP
+\&\fISSL_add_session()\fR and \fISSL_remove_session()\fR are synonyms for their
+SSL_CTX_*() counterparts.
+.SH "NOTES"
+.IX Header "NOTES"
+When adding a new session to the internal session cache, it is examined
+whether a session with the same session id already exists. In this case
+it is assumed that both sessions are identical. If the same session is
+stored in a different \s-1SSL_SESSION\s0 object, The old session is
+removed and replaced by the new session. If the session is actually
+identical (the \s-1SSL_SESSION\s0 object is identical), \fISSL_CTX_add_session()\fR
+is a no-op, and the return value is 0.
+.PP
+If a server \s-1SSL_CTX\s0 is configured with the \s-1SSL_SESS_CACHE_NO_INTERNAL_STORE\s0
+flag then the internal cache will not be populated automatically by new
+sessions negotiated by the \s-1SSL/TLS\s0 implementation, even though the internal
+cache will be searched automatically for session-resume requests (the
+latter can be surpressed by \s-1SSL_SESS_CACHE_NO_INTERNAL_LOOKUP\s0). So the
+application can use \fISSL_CTX_add_session()\fR directly to have full control
+over the sessions that can be resumed if desired.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+The following values are returned by all functions:
+.IP "0" 4
+.Vb 3
+\& The operation failed. In case of the add operation, it was tried to add
+\& the same (identical) session twice. In case of the remove operation, the
+\& session was not found in the cache.
+.Ve
+.IP "1" 4
+.IX Item "1"
+.Vb 1
+\& The operation succeeded.
+.Ve
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIssl\fR\|(3),
+\&\fISSL_CTX_set_session_cache_mode\fR\|(3),
+\&\fISSL_SESSION_free\fR\|(3)
diff --git a/secure/lib/libssl/man/SSL_CTX_ctrl.3 b/secure/lib/libssl/man/SSL_CTX_ctrl.3
new file mode 100644
index 0000000..5fc2c53
--- /dev/null
+++ b/secure/lib/libssl/man/SSL_CTX_ctrl.3
@@ -0,0 +1,158 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "SSL_CTX_ctrl 3"
+.TH SSL_CTX_ctrl 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+SSL_CTX_ctrl, SSL_CTX_callback_ctrl, SSL_ctrl, SSL_callback_ctrl \- internal handling functions for SSL_CTX and SSL objects
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/ssl.h>
+\&
+\& long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg);
+\& long SSL_CTX_callback_ctrl(SSL_CTX *, int cmd, void (*fp)());
+\&
+\& long SSL_ctrl(SSL *ssl, int cmd, long larg, void *parg);
+\& long SSL_callback_ctrl(SSL *, int cmd, void (*fp)());
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+The SSL_*\fI_ctrl()\fR family of functions is used to manipulate settings of
+the \s-1SSL_CTX\s0 and \s-1SSL\s0 objects. Depending on the command \fBcmd\fR the arguments
+\&\fBlarg\fR, \fBparg\fR, or \fBfp\fR are evaluated. These functions should never
+be called directly. All functionalities needed are made available via
+other functions or macros.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+The return values of the SSL*\fI_ctrl()\fR functions depend on the command
+supplied via the \fBcmd\fR parameter.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIssl\fR\|(3)
diff --git a/secure/lib/libssl/man/SSL_CTX_flush_sessions.3 b/secure/lib/libssl/man/SSL_CTX_flush_sessions.3
new file mode 100644
index 0000000..e1505be
--- /dev/null
+++ b/secure/lib/libssl/man/SSL_CTX_flush_sessions.3
@@ -0,0 +1,173 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "SSL_CTX_flush_sessions 3"
+.TH SSL_CTX_flush_sessions 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+SSL_CTX_flush_sessions, SSL_flush_sessions \- remove expired sessions
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/ssl.h>
+\&
+\& void SSL_CTX_flush_sessions(SSL_CTX *ctx, long tm);
+\& void SSL_flush_sessions(SSL_CTX *ctx, long tm);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\fISSL_CTX_flush_sessions()\fR causes a run through the session cache of
+\&\fBctx\fR to remove sessions expired at time \fBtm\fR.
+.PP
+\&\fISSL_flush_sessions()\fR is a synonym for \fISSL_CTX_flush_sessions()\fR.
+.SH "NOTES"
+.IX Header "NOTES"
+If enabled, the internal session cache will collect all sessions established
+up to the specified maximum number (see \fISSL_CTX_sess_set_cache_size()\fR).
+As sessions will not be reused ones they are expired, they should be
+removed from the cache to save resources. This can either be done
+ automatically whenever 255 new sessions were established (see
+\&\fISSL_CTX_set_session_cache_mode\fR\|(3))
+or manually by calling \fISSL_CTX_flush_sessions()\fR.
+.PP
+The parameter \fBtm\fR specifies the time which should be used for the
+expiration test, in most cases the actual time given by \fItime\fR\|(0)
+will be used.
+.PP
+\&\fISSL_CTX_flush_sessions()\fR will only check sessions stored in the internal
+cache. When a session is found and removed, the remove_session_cb is however
+called to synchronize with the external cache (see
+\&\fISSL_CTX_sess_set_get_cb\fR\|(3)).
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIssl\fR\|(3),
+\&\fISSL_CTX_set_session_cache_mode\fR\|(3),
+\&\fISSL_CTX_set_timeout\fR\|(3),
+\&\fISSL_CTX_sess_set_get_cb\fR\|(3)
diff --git a/secure/lib/libssl/man/SSL_CTX_free.3 b/secure/lib/libssl/man/SSL_CTX_free.3
new file mode 100644
index 0000000..2a19b23
--- /dev/null
+++ b/secure/lib/libssl/man/SSL_CTX_free.3
@@ -0,0 +1,164 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "SSL_CTX_free 3"
+.TH SSL_CTX_free 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+SSL_CTX_free \- free an allocated SSL_CTX object
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/ssl.h>
+\&
+\& void SSL_CTX_free(SSL_CTX *ctx);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\fISSL_CTX_free()\fR decrements the reference count of \fBctx\fR, and removes the
+\&\s-1SSL_CTX\s0 object pointed to by \fBctx\fR and frees up the allocated memory if the
+the reference count has reached 0.
+.PP
+It also calls the \fIfree()\fRing procedures for indirectly affected items, if
+applicable: the session cache, the list of ciphers, the list of Client CAs,
+the certificates and keys.
+.SH "WARNINGS"
+.IX Header "WARNINGS"
+If a session-remove callback is set (\fISSL_CTX_sess_set_remove_cb()\fR), this
+callback will be called for each session being freed from \fBctx\fR's
+session cache. This implies, that all corresponding sessions from an
+external session cache are removed as well. If this is not desired, the user
+should explicitly unset the callback by calling
+SSL_CTX_sess_set_remove_cb(\fBctx\fR, \s-1NULL\s0) prior to calling \fISSL_CTX_free()\fR.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+\&\fISSL_CTX_free()\fR does not provide diagnostic information.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fISSL_CTX_new\fR\|(3), \fIssl\fR\|(3),
+\&\fISSL_CTX_sess_set_get_cb\fR\|(3)
diff --git a/secure/lib/libssl/man/SSL_CTX_get_ex_new_index.3 b/secure/lib/libssl/man/SSL_CTX_get_ex_new_index.3
new file mode 100644
index 0000000..45e37ad
--- /dev/null
+++ b/secure/lib/libssl/man/SSL_CTX_get_ex_new_index.3
@@ -0,0 +1,178 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "SSL_CTX_get_ex_new_index 3"
+.TH SSL_CTX_get_ex_new_index 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+SSL_CTX_get_ex_new_index, SSL_CTX_set_ex_data, SSL_CTX_get_ex_data \- internal application specific data functions
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/ssl.h>
+\&
+\& int SSL_CTX_get_ex_new_index(long argl, void *argp,
+\& CRYPTO_EX_new *new_func,
+\& CRYPTO_EX_dup *dup_func,
+\& CRYPTO_EX_free *free_func);
+\&
+\& int SSL_CTX_set_ex_data(SSL_CTX *ctx, int idx, void *arg);
+\&
+\& void *SSL_CTX_get_ex_data(const SSL_CTX *ctx, int idx);
+\&
+\& typedef int new_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad,
+\& int idx, long argl, void *argp);
+\& typedef void free_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad,
+\& int idx, long argl, void *argp);
+\& typedef int dup_func(CRYPTO_EX_DATA *to, CRYPTO_EX_DATA *from, void *from_d,
+\& int idx, long argl, void *argp);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+Several OpenSSL structures can have application specific data attached to them.
+These functions are used internally by OpenSSL to manipulate application
+specific data attached to a specific structure.
+.PP
+\&\fISSL_CTX_get_ex_new_index()\fR is used to register a new index for application
+specific data.
+.PP
+\&\fISSL_CTX_set_ex_data()\fR is used to store application data at \fBarg\fR for \fBidx\fR
+into the \fBctx\fR object.
+.PP
+\&\fISSL_CTX_get_ex_data()\fR is used to retrieve the information for \fBidx\fR from
+\&\fBctx\fR.
+.PP
+A detailed description for the \fB*\f(BI_get_ex_new_index()\fB\fR functionality
+can be found in \fIRSA_get_ex_new_index\fR\|(3).
+The \fB*\f(BI_get_ex_data()\fB\fR and \fB*\f(BI_set_ex_data()\fB\fR functionality is described in
+\&\fICRYPTO_set_ex_data\fR\|(3).
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIssl\fR\|(3),
+\&\fIRSA_get_ex_new_index\fR\|(3),
+\&\fICRYPTO_set_ex_data\fR\|(3)
diff --git a/secure/lib/libssl/man/SSL_CTX_get_verify_mode.3 b/secure/lib/libssl/man/SSL_CTX_get_verify_mode.3
new file mode 100644
index 0000000..1825011
--- /dev/null
+++ b/secure/lib/libssl/man/SSL_CTX_get_verify_mode.3
@@ -0,0 +1,174 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "SSL_CTX_get_verify_mode 3"
+.TH SSL_CTX_get_verify_mode 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+SSL_CTX_get_verify_mode, SSL_get_verify_mode, SSL_CTX_get_verify_depth, SSL_get_verify_depth, SSL_get_verify_callback, SSL_CTX_get_verify_callback \- get currently set verification parameters
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/ssl.h>
+\&
+\& int SSL_CTX_get_verify_mode(const SSL_CTX *ctx);
+\& int SSL_get_verify_mode(const SSL *ssl);
+\& int SSL_CTX_get_verify_depth(const SSL_CTX *ctx);
+\& int SSL_get_verify_depth(const SSL *ssl);
+\& int (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx))(int, X509_STORE_CTX *);
+\& int (*SSL_get_verify_callback(const SSL *ssl))(int, X509_STORE_CTX *);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\fISSL_CTX_get_verify_mode()\fR returns the verification mode currently set in
+\&\fBctx\fR.
+.PP
+\&\fISSL_get_verify_mode()\fR returns the verification mode currently set in
+\&\fBssl\fR.
+.PP
+\&\fISSL_CTX_get_verify_depth()\fR returns the verification depth limit currently set
+in \fBctx\fR. If no limit has been explicitly set, \-1 is returned and the
+default value will be used.
+.PP
+\&\fISSL_get_verify_depth()\fR returns the verification depth limit currently set
+in \fBssl\fR. If no limit has been explicitly set, \-1 is returned and the
+default value will be used.
+.PP
+\&\fISSL_CTX_get_verify_callback()\fR returns a function pointer to the verification
+callback currently set in \fBctx\fR. If no callback was explicitly set, the
+\&\s-1NULL\s0 pointer is returned and the default callback will be used.
+.PP
+\&\fISSL_get_verify_callback()\fR returns a function pointer to the verification
+callback currently set in \fBssl\fR. If no callback was explicitly set, the
+\&\s-1NULL\s0 pointer is returned and the default callback will be used.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+See \s-1DESCRIPTION\s0
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIssl\fR\|(3), \fISSL_CTX_set_verify\fR\|(3)
diff --git a/secure/lib/libssl/man/SSL_CTX_load_verify_locations.3 b/secure/lib/libssl/man/SSL_CTX_load_verify_locations.3
new file mode 100644
index 0000000..9aecb8f
--- /dev/null
+++ b/secure/lib/libssl/man/SSL_CTX_load_verify_locations.3
@@ -0,0 +1,244 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "SSL_CTX_load_verify_locations 3"
+.TH SSL_CTX_load_verify_locations 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+SSL_CTX_load_verify_locations \- set default locations for trusted CA
+certificates
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/ssl.h>
+\&
+\& int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile,
+\& const char *CApath);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\fISSL_CTX_load_verify_locations()\fR specifies the locations for \fBctx\fR, at
+which \s-1CA\s0 certificates for verification purposes are located. The certificates
+available via \fBCAfile\fR and \fBCApath\fR are trusted.
+.SH "NOTES"
+.IX Header "NOTES"
+If \fBCAfile\fR is not \s-1NULL\s0, it points to a file of \s-1CA\s0 certificates in \s-1PEM\s0
+format. The file can contain several \s-1CA\s0 certificates identified by
+.PP
+.Vb 3
+\& \-\-\-\-\-BEGIN CERTIFICATE\-\-\-\-\-
+\& ... (CA certificate in base64 encoding) ...
+\& \-\-\-\-\-END CERTIFICATE\-\-\-\-\-
+.Ve
+.PP
+sequences. Before, between, and after the certificates text is allowed
+which can be used e.g. for descriptions of the certificates.
+.PP
+The \fBCAfile\fR is processed on execution of the \fISSL_CTX_load_verify_locations()\fR
+function.
+.PP
+If \fBCApath\fR is not \s-1NULL\s0, it points to a directory containing \s-1CA\s0 certificates
+in \s-1PEM\s0 format. The files each contain one \s-1CA\s0 certificate. The files are
+looked up by the \s-1CA\s0 subject name hash value, which must hence be available.
+If more than one \s-1CA\s0 certificate with the same name hash value exist, the
+extension must be different (e.g. 9d66eef0.0, 9d66eef0.1 etc). The search
+is performed in the ordering of the extension number, regardless of other
+properties of the certificates.
+Use the \fBc_rehash\fR utility to create the necessary links.
+.PP
+The certificates in \fBCApath\fR are only looked up when required, e.g. when
+building the certificate chain or when actually performing the verification
+of a peer certificate.
+.PP
+When looking up \s-1CA\s0 certificates, the OpenSSL library will first search the
+certificates in \fBCAfile\fR, then those in \fBCApath\fR. Certificate matching
+is done based on the subject name, the key identifier (if present), and the
+serial number as taken from the certificate to be verified. If these data
+do not match, the next certificate will be tried. If a first certificate
+matching the parameters is found, the verification process will be performed;
+no other certificates for the same parameters will be searched in case of
+failure.
+.PP
+In server mode, when requesting a client certificate, the server must send
+the list of CAs of which it will accept client certificates. This list
+is not influenced by the contents of \fBCAfile\fR or \fBCApath\fR and must
+explicitly be set using the
+\&\fISSL_CTX_set_client_CA_list\fR\|(3)
+family of functions.
+.PP
+When building its own certificate chain, an OpenSSL client/server will
+try to fill in missing certificates from \fBCAfile\fR/\fBCApath\fR, if the
+certificate chain was not explicitly specified (see
+\&\fISSL_CTX_add_extra_chain_cert\fR\|(3),
+\&\fISSL_CTX_use_certificate\fR\|(3).
+.SH "WARNINGS"
+.IX Header "WARNINGS"
+If several \s-1CA\s0 certificates matching the name, key identifier, and serial
+number condition are available, only the first one will be examined. This
+may lead to unexpected results if the same \s-1CA\s0 certificate is available
+with different expiration dates. If a \*(L"certificate expired\*(R" verification
+error occurs, no other certificate will be searched. Make sure to not
+have expired certificates mixed with valid ones.
+.SH "EXAMPLES"
+.IX Header "EXAMPLES"
+Generate a \s-1CA\s0 certificate file with descriptive text from the \s-1CA\s0 certificates
+ca1.pem ca2.pem ca3.pem:
+.PP
+.Vb 5
+\& #!/bin/sh
+\& rm CAfile.pem
+\& for i in ca1.pem ca2.pem ca3.pem ; do
+\& openssl x509 \-in $i \-text >> CAfile.pem
+\& done
+.Ve
+.PP
+Prepare the directory /some/where/certs containing several \s-1CA\s0 certificates
+for use as \fBCApath\fR:
+.PP
+.Vb 2
+\& cd /some/where/certs
+\& c_rehash .
+.Ve
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+The following return values can occur:
+.IP "0" 4
+The operation failed because \fBCAfile\fR and \fBCApath\fR are \s-1NULL\s0 or the
+processing at one of the locations specified failed. Check the error
+stack to find out the reason.
+.IP "1" 4
+.IX Item "1"
+The operation succeeded.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIssl\fR\|(3),
+\&\fISSL_CTX_set_client_CA_list\fR\|(3),
+\&\fISSL_get_client_CA_list\fR\|(3),
+\&\fISSL_CTX_use_certificate\fR\|(3),
+\&\fISSL_CTX_add_extra_chain_cert\fR\|(3),
+\&\fISSL_CTX_set_cert_store\fR\|(3)
diff --git a/secure/lib/libssl/man/SSL_CTX_new.3 b/secure/lib/libssl/man/SSL_CTX_new.3
new file mode 100644
index 0000000..c10d335
--- /dev/null
+++ b/secure/lib/libssl/man/SSL_CTX_new.3
@@ -0,0 +1,203 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "SSL_CTX_new 3"
+.TH SSL_CTX_new 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+SSL_CTX_new \- create a new SSL_CTX object as framework for TLS/SSL enabled functions
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/ssl.h>
+\&
+\& SSL_CTX *SSL_CTX_new(SSL_METHOD *method);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\fISSL_CTX_new()\fR creates a new \fB\s-1SSL_CTX\s0\fR object as framework to establish
+\&\s-1TLS/SSL\s0 enabled connections.
+.SH "NOTES"
+.IX Header "NOTES"
+The \s-1SSL_CTX\s0 object uses \fBmethod\fR as connection method. The methods exist
+in a generic type (for client and server use), a server only type, and a
+client only type. \fBmethod\fR can be of the following types:
+.IP "SSLv2_method(void), SSLv2_server_method(void), SSLv2_client_method(void)" 4
+.IX Item "SSLv2_method(void), SSLv2_server_method(void), SSLv2_client_method(void)"
+A \s-1TLS/SSL\s0 connection established with these methods will only understand
+the SSLv2 protocol. A client will send out SSLv2 client hello messages
+and will also indicate that it only understand SSLv2. A server will only
+understand SSLv2 client hello messages.
+.IP "SSLv3_method(void), SSLv3_server_method(void), SSLv3_client_method(void)" 4
+.IX Item "SSLv3_method(void), SSLv3_server_method(void), SSLv3_client_method(void)"
+A \s-1TLS/SSL\s0 connection established with these methods will only understand the
+SSLv3 protocol. A client will send out SSLv3 client hello messages
+and will indicate that it only understands SSLv3. A server will only understand
+SSLv3 client hello messages. This especially means, that it will
+not understand SSLv2 client hello messages which are widely used for
+compatibility reasons, see SSLv23_*\fI_method()\fR.
+.IP "TLSv1_method(void), TLSv1_server_method(void), TLSv1_client_method(void)" 4
+.IX Item "TLSv1_method(void), TLSv1_server_method(void), TLSv1_client_method(void)"
+A \s-1TLS/SSL\s0 connection established with these methods will only understand the
+TLSv1 protocol. A client will send out TLSv1 client hello messages
+and will indicate that it only understands TLSv1. A server will only understand
+TLSv1 client hello messages. This especially means, that it will
+not understand SSLv2 client hello messages which are widely used for
+compatibility reasons, see SSLv23_*\fI_method()\fR. It will also not understand
+SSLv3 client hello messages.
+.IP "SSLv23_method(void), SSLv23_server_method(void), SSLv23_client_method(void)" 4
+.IX Item "SSLv23_method(void), SSLv23_server_method(void), SSLv23_client_method(void)"
+A \s-1TLS/SSL\s0 connection established with these methods will understand the SSLv2,
+SSLv3, and TLSv1 protocol. A client will send out SSLv2 client hello messages
+and will indicate that it also understands SSLv3 and TLSv1. A server will
+understand SSLv2, SSLv3, and TLSv1 client hello messages. This is the best
+choice when compatibility is a concern.
+.PP
+The list of protocols available can later be limited using the SSL_OP_NO_SSLv2,
+SSL_OP_NO_SSLv3, SSL_OP_NO_TLSv1 options of the \fB\f(BISSL_CTX_set_options()\fB\fR or
+\&\fB\f(BISSL_set_options()\fB\fR functions. Using these options it is possible to choose
+e.g. \fISSLv23_server_method()\fR and be able to negotiate with all possible
+clients, but to only allow newer protocols like SSLv3 or TLSv1.
+.PP
+\&\fISSL_CTX_new()\fR initializes the list of ciphers, the session cache setting,
+the callbacks, the keys and certificates, and the options to its default
+values.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+The following return values can occur:
+.IP "\s-1NULL\s0" 4
+.IX Item "NULL"
+The creation of a new \s-1SSL_CTX\s0 object failed. Check the error stack to
+find out the reason.
+.IP "Pointer to an \s-1SSL_CTX\s0 object" 4
+.IX Item "Pointer to an SSL_CTX object"
+The return value points to an allocated \s-1SSL_CTX\s0 object.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fISSL_CTX_free\fR\|(3), \fISSL_accept\fR\|(3),
+\&\fIssl\fR\|(3), \fISSL_set_connect_state\fR\|(3)
diff --git a/secure/lib/libssl/man/SSL_CTX_sess_number.3 b/secure/lib/libssl/man/SSL_CTX_sess_number.3
new file mode 100644
index 0000000..45ca9f6
--- /dev/null
+++ b/secure/lib/libssl/man/SSL_CTX_sess_number.3
@@ -0,0 +1,200 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "SSL_CTX_sess_number 3"
+.TH SSL_CTX_sess_number 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+SSL_CTX_sess_number, SSL_CTX_sess_connect, SSL_CTX_sess_connect_good, SSL_CTX_sess_connect_renegotiate, SSL_CTX_sess_accept, SSL_CTX_sess_accept_good, SSL_CTX_sess_accept_renegotiate, SSL_CTX_sess_hits, SSL_CTX_sess_cb_hits, SSL_CTX_sess_misses, SSL_CTX_sess_timeouts, SSL_CTX_sess_cache_full \- obtain session cache statistics
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/ssl.h>
+\&
+\& long SSL_CTX_sess_number(SSL_CTX *ctx);
+\& long SSL_CTX_sess_connect(SSL_CTX *ctx);
+\& long SSL_CTX_sess_connect_good(SSL_CTX *ctx);
+\& long SSL_CTX_sess_connect_renegotiate(SSL_CTX *ctx);
+\& long SSL_CTX_sess_accept(SSL_CTX *ctx);
+\& long SSL_CTX_sess_accept_good(SSL_CTX *ctx);
+\& long SSL_CTX_sess_accept_renegotiate(SSL_CTX *ctx);
+\& long SSL_CTX_sess_hits(SSL_CTX *ctx);
+\& long SSL_CTX_sess_cb_hits(SSL_CTX *ctx);
+\& long SSL_CTX_sess_misses(SSL_CTX *ctx);
+\& long SSL_CTX_sess_timeouts(SSL_CTX *ctx);
+\& long SSL_CTX_sess_cache_full(SSL_CTX *ctx);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\fISSL_CTX_sess_number()\fR returns the current number of sessions in the internal
+session cache.
+.PP
+\&\fISSL_CTX_sess_connect()\fR returns the number of started \s-1SSL/TLS\s0 handshakes in
+client mode.
+.PP
+\&\fISSL_CTX_sess_connect_good()\fR returns the number of successfully established
+\&\s-1SSL/TLS\s0 sessions in client mode.
+.PP
+\&\fISSL_CTX_sess_connect_renegotiate()\fR returns the number of start renegotiations
+in client mode.
+.PP
+\&\fISSL_CTX_sess_accept()\fR returns the number of started \s-1SSL/TLS\s0 handshakes in
+server mode.
+.PP
+\&\fISSL_CTX_sess_accept_good()\fR returns the number of successfully established
+\&\s-1SSL/TLS\s0 sessions in server mode.
+.PP
+\&\fISSL_CTX_sess_accept_renegotiate()\fR returns the number of start renegotiations
+in server mode.
+.PP
+\&\fISSL_CTX_sess_hits()\fR returns the number of successfully reused sessions.
+In client mode a session set with \fISSL_set_session\fR\|(3)
+successfully reused is counted as a hit. In server mode a session successfully
+retrieved from internal or external cache is counted as a hit.
+.PP
+\&\fISSL_CTX_sess_cb_hits()\fR returns the number of successfully retrieved sessions
+from the external session cache in server mode.
+.PP
+\&\fISSL_CTX_sess_misses()\fR returns the number of sessions proposed by clients
+that were not found in the internal session cache in server mode.
+.PP
+\&\fISSL_CTX_sess_timeouts()\fR returns the number of sessions proposed by clients
+and either found in the internal or external session cache in server mode,
+ but that were invalid due to timeout. These sessions are not included in
+the \fISSL_CTX_sess_hits()\fR count.
+.PP
+\&\fISSL_CTX_sess_cache_full()\fR returns the number of sessions that were removed
+because the maximum session cache size was exceeded.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+The functions return the values indicated in the \s-1DESCRIPTION\s0 section.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIssl\fR\|(3), \fISSL_set_session\fR\|(3),
+\&\fISSL_CTX_set_session_cache_mode\fR\|(3)
+\&\fISSL_CTX_sess_set_cache_size\fR\|(3)
diff --git a/secure/lib/libssl/man/SSL_CTX_sess_set_cache_size.3 b/secure/lib/libssl/man/SSL_CTX_sess_set_cache_size.3
new file mode 100644
index 0000000..e9cfa96
--- /dev/null
+++ b/secure/lib/libssl/man/SSL_CTX_sess_set_cache_size.3
@@ -0,0 +1,174 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "SSL_CTX_sess_set_cache_size 3"
+.TH SSL_CTX_sess_set_cache_size 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+SSL_CTX_sess_set_cache_size, SSL_CTX_sess_get_cache_size \- manipulate session cache size
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/ssl.h>
+\&
+\& long SSL_CTX_sess_set_cache_size(SSL_CTX *ctx, long t);
+\& long SSL_CTX_sess_get_cache_size(SSL_CTX *ctx);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\fISSL_CTX_sess_set_cache_size()\fR sets the size of the internal session cache
+of context \fBctx\fR to \fBt\fR.
+.PP
+\&\fISSL_CTX_sess_get_cache_size()\fR returns the currently valid session cache size.
+.SH "NOTES"
+.IX Header "NOTES"
+The internal session cache size is \s-1SSL_SESSION_CACHE_MAX_SIZE_DEFAULT\s0,
+currently 1024*20, so that up to 20000 sessions can be held. This size
+can be modified using the \fISSL_CTX_sess_set_cache_size()\fR call. A special
+case is the size 0, which is used for unlimited size.
+.PP
+When the maximum number of sessions is reached, no more new sessions are
+added to the cache. New space may be added by calling
+\&\fISSL_CTX_flush_sessions\fR\|(3) to remove
+expired sessions.
+.PP
+If the size of the session cache is reduced and more sessions are already
+in the session cache, old session will be removed at the next time a
+session shall be added. This removal is not synchronized with the
+expiration of sessions.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+\&\fISSL_CTX_sess_set_cache_size()\fR returns the previously valid size.
+.PP
+\&\fISSL_CTX_sess_get_cache_size()\fR returns the currently valid size.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIssl\fR\|(3),
+\&\fISSL_CTX_set_session_cache_mode\fR\|(3),
+\&\fISSL_CTX_sess_number\fR\|(3),
+\&\fISSL_CTX_flush_sessions\fR\|(3)
diff --git a/secure/lib/libssl/man/SSL_CTX_sess_set_get_cb.3 b/secure/lib/libssl/man/SSL_CTX_sess_set_get_cb.3
new file mode 100644
index 0000000..5b12c7e
--- /dev/null
+++ b/secure/lib/libssl/man/SSL_CTX_sess_set_get_cb.3
@@ -0,0 +1,211 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "SSL_CTX_sess_set_get_cb 3"
+.TH SSL_CTX_sess_set_get_cb 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+SSL_CTX_sess_set_new_cb, SSL_CTX_sess_set_remove_cb, SSL_CTX_sess_set_get_cb, SSL_CTX_sess_get_new_cb, SSL_CTX_sess_get_remove_cb, SSL_CTX_sess_get_get_cb \- provide callback functions for server side external session caching
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/ssl.h>
+\&
+\& void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx,
+\& int (*new_session_cb)(SSL *, SSL_SESSION *));
+\& void SSL_CTX_sess_set_remove_cb(SSL_CTX *ctx,
+\& void (*remove_session_cb)(SSL_CTX *ctx, SSL_SESSION *));
+\& void SSL_CTX_sess_set_get_cb(SSL_CTX *ctx,
+\& SSL_SESSION (*get_session_cb)(SSL *, unsigned char *, int, int *));
+\&
+\& int (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx))(struct ssl_st *ssl, SSL_SESSION *sess);
+\& void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx))(struct ssl_ctx_st *ctx, SSL_SESSION *sess);
+\& SSL_SESSION *(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx))(struct ssl_st *ssl, unsigned char *data, int len, int *copy);
+\&
+\& int (*new_session_cb)(struct ssl_st *ssl, SSL_SESSION *sess);
+\& void (*remove_session_cb)(struct ssl_ctx_st *ctx, SSL_SESSION *sess);
+\& SSL_SESSION *(*get_session_cb)(struct ssl_st *ssl, unsigned char *data,
+\& int len, int *copy);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\fISSL_CTX_sess_set_new_cb()\fR sets the callback function, which is automatically
+called whenever a new session was negotiated.
+.PP
+\&\fISSL_CTX_sess_set_remove_cb()\fR sets the callback function, which is
+automatically called whenever a session is removed by the \s-1SSL\s0 engine,
+because it is considered faulty or the session has become obsolete because
+of exceeding the timeout value.
+.PP
+\&\fISSL_CTX_sess_set_get_cb()\fR sets the callback function which is called,
+whenever a \s-1SSL/TLS\s0 client proposed to resume a session but the session
+could not be found in the internal session cache (see
+\&\fISSL_CTX_set_session_cache_mode\fR\|(3)).
+(\s-1SSL/TLS\s0 server only.)
+.PP
+\&\fISSL_CTX_sess_get_new_cb()\fR, \fISSL_CTX_sess_get_remove_cb()\fR, and
+\&\fISSL_CTX_sess_get_get_cb()\fR allow to retrieve the function pointers of the
+provided callback functions. If a callback function has not been set,
+the \s-1NULL\s0 pointer is returned.
+.SH "NOTES"
+.IX Header "NOTES"
+In order to allow external session caching, synchronization with the internal
+session cache is realized via callback functions. Inside these callback
+functions, session can be saved to disk or put into a database using the
+\&\fId2i_SSL_SESSION\fR\|(3) interface.
+.PP
+The \fInew_session_cb()\fR is called, whenever a new session has been negotiated
+and session caching is enabled (see
+\&\fISSL_CTX_set_session_cache_mode\fR\|(3)).
+The \fInew_session_cb()\fR is passed the \fBssl\fR connection and the ssl session
+\&\fBsess\fR. If the callback returns \fB0\fR, the session will be immediately
+removed again.
+.PP
+The \fIremove_session_cb()\fR is called, whenever the \s-1SSL\s0 engine removes a session
+from the internal cache. This happens when the session is removed because
+it is expired or when a connection was not shutdown cleanly. It also happens
+for all sessions in the internal session cache when
+\&\fISSL_CTX_free\fR\|(3) is called. The \fIremove_session_cb()\fR is passed
+the \fBctx\fR and the ssl session \fBsess\fR. It does not provide any feedback.
+.PP
+The \fIget_session_cb()\fR is only called on \s-1SSL/TLS\s0 servers with the session id
+proposed by the client. The \fIget_session_cb()\fR is always called, also when
+session caching was disabled. The \fIget_session_cb()\fR is passed the
+\&\fBssl\fR connection, the session id of length \fBlength\fR at the memory location
+\&\fBdata\fR. With the parameter \fBcopy\fR the callback can require the
+\&\s-1SSL\s0 engine to increment the reference count of the \s-1SSL_SESSION\s0 object,
+Normally the reference count is not incremented and therefore the
+session must not be explicitly freed with
+\&\fISSL_SESSION_free\fR\|(3).
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIssl\fR\|(3), \fId2i_SSL_SESSION\fR\|(3),
+\&\fISSL_CTX_set_session_cache_mode\fR\|(3),
+\&\fISSL_CTX_flush_sessions\fR\|(3),
+\&\fISSL_SESSION_free\fR\|(3),
+\&\fISSL_CTX_free\fR\|(3)
diff --git a/secure/lib/libssl/man/SSL_CTX_sessions.3 b/secure/lib/libssl/man/SSL_CTX_sessions.3
new file mode 100644
index 0000000..b8f4666
--- /dev/null
+++ b/secure/lib/libssl/man/SSL_CTX_sessions.3
@@ -0,0 +1,158 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "SSL_CTX_sessions 3"
+.TH SSL_CTX_sessions 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+SSL_CTX_sessions \- access internal session cache
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/ssl.h>
+\&
+\& struct lhash_st *SSL_CTX_sessions(SSL_CTX *ctx);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\fISSL_CTX_sessions()\fR returns a pointer to the lhash databases containing the
+internal session cache for \fBctx\fR.
+.SH "NOTES"
+.IX Header "NOTES"
+The sessions in the internal session cache are kept in an
+\&\fIlhash\fR\|(3) type database. It is possible to directly
+access this database e.g. for searching. In parallel, the sessions
+form a linked list which is maintained separately from the
+\&\fIlhash\fR\|(3) operations, so that the database must not be
+modified directly but by using the
+\&\fISSL_CTX_add_session\fR\|(3) family of functions.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIssl\fR\|(3), \fIlhash\fR\|(3),
+\&\fISSL_CTX_add_session\fR\|(3),
+\&\fISSL_CTX_set_session_cache_mode\fR\|(3)
diff --git a/secure/lib/libssl/man/SSL_CTX_set_cert_store.3 b/secure/lib/libssl/man/SSL_CTX_set_cert_store.3
new file mode 100644
index 0000000..f53d4bc
--- /dev/null
+++ b/secure/lib/libssl/man/SSL_CTX_set_cert_store.3
@@ -0,0 +1,180 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "SSL_CTX_set_cert_store 3"
+.TH SSL_CTX_set_cert_store 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+SSL_CTX_set_cert_store, SSL_CTX_get_cert_store \- manipulate X509 certificate verification storage
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/ssl.h>
+\&
+\& void SSL_CTX_set_cert_store(SSL_CTX *ctx, X509_STORE *store);
+\& X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *ctx);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\fISSL_CTX_set_cert_store()\fR sets/replaces the certificate verification storage
+of \fBctx\fR to/with \fBstore\fR. If another X509_STORE object is currently
+set in \fBctx\fR, it will be \fIX509_STORE_free()\fRed.
+.PP
+\&\fISSL_CTX_get_cert_store()\fR returns a pointer to the current certificate
+verification storage.
+.SH "NOTES"
+.IX Header "NOTES"
+In order to verify the certificates presented by the peer, trusted \s-1CA\s0
+certificates must be accessed. These \s-1CA\s0 certificates are made available
+via lookup methods, handled inside the X509_STORE. From the X509_STORE
+the X509_STORE_CTX used when verifying certificates is created.
+.PP
+Typically the trusted certificate store is handled indirectly via using
+\&\fISSL_CTX_load_verify_locations\fR\|(3).
+Using the \fISSL_CTX_set_cert_store()\fR and \fISSL_CTX_get_cert_store()\fR functions
+it is possible to manipulate the X509_STORE object beyond the
+\&\fISSL_CTX_load_verify_locations\fR\|(3)
+call.
+.PP
+Currently no detailed documentation on how to use the X509_STORE
+object is available. Not all members of the X509_STORE are used when
+the verification takes place. So will e.g. the \fIverify_callback()\fR be
+overridden with the \fIverify_callback()\fR set via the
+\&\fISSL_CTX_set_verify\fR\|(3) family of functions.
+This document must therefore be updated when documentation about the
+X509_STORE object and its handling becomes available.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+\&\fISSL_CTX_set_cert_store()\fR does not return diagnostic output.
+.PP
+\&\fISSL_CTX_get_cert_store()\fR returns the current setting.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIssl\fR\|(3),
+\&\fISSL_CTX_load_verify_locations\fR\|(3),
+\&\fISSL_CTX_set_verify\fR\|(3)
diff --git a/secure/lib/libssl/man/SSL_CTX_set_cert_verify_callback.3 b/secure/lib/libssl/man/SSL_CTX_set_cert_verify_callback.3
new file mode 100644
index 0000000..57d3f90
--- /dev/null
+++ b/secure/lib/libssl/man/SSL_CTX_set_cert_verify_callback.3
@@ -0,0 +1,196 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "SSL_CTX_set_cert_verify_callback 3"
+.TH SSL_CTX_set_cert_verify_callback 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+SSL_CTX_set_cert_verify_callback \- set peer certificate verification procedure
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/ssl.h>
+\&
+\& void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, int (*callback)(X509_STORE_CTX *,void *), void *arg);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\fISSL_CTX_set_cert_verify_callback()\fR sets the verification callback function for
+\&\fIctx\fR. \s-1SSL\s0 objects that are created from \fIctx\fR inherit the setting valid at
+the time when \fISSL_new\fR\|(3) is called.
+.SH "NOTES"
+.IX Header "NOTES"
+Whenever a certificate is verified during a \s-1SSL/TLS\s0 handshake, a verification
+function is called. If the application does not explicitly specify a
+verification callback function, the built-in verification function is used.
+If a verification callback \fIcallback\fR is specified via
+\&\fISSL_CTX_set_cert_verify_callback()\fR, the supplied callback function is called
+instead. By setting \fIcallback\fR to \s-1NULL\s0, the default behaviour is restored.
+.PP
+When the verification must be performed, \fIcallback\fR will be called with
+the arguments callback(X509_STORE_CTX *x509_store_ctx, void *arg). The
+argument \fIarg\fR is specified by the application when setting \fIcallback\fR.
+.PP
+\&\fIcallback\fR should return 1 to indicate verification success and 0 to
+indicate verification failure. If \s-1SSL_VERIFY_PEER\s0 is set and \fIcallback\fR
+returns 0, the handshake will fail. As the verification procedure may
+allow to continue the connection in case of failure (by always returning 1)
+the verification result must be set in any case using the \fBerror\fR
+member of \fIx509_store_ctx\fR so that the calling application will be informed
+about the detailed result of the verification procedure!
+.PP
+Within \fIx509_store_ctx\fR, \fIcallback\fR has access to the \fIverify_callback\fR
+function set using \fISSL_CTX_set_verify\fR\|(3).
+.SH "WARNINGS"
+.IX Header "WARNINGS"
+Do not mix the verification callback described in this function with the
+\&\fBverify_callback\fR function called during the verification process. The
+latter is set using the \fISSL_CTX_set_verify\fR\|(3)
+family of functions.
+.PP
+Providing a complete verification procedure including certificate purpose
+settings etc is a complex task. The built-in procedure is quite powerful
+and in most cases it should be sufficient to modify its behaviour using
+the \fBverify_callback\fR function.
+.SH "BUGS"
+.IX Header "BUGS"
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+\&\fISSL_CTX_set_cert_verify_callback()\fR does not provide diagnostic information.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIssl\fR\|(3), \fISSL_CTX_set_verify\fR\|(3),
+\&\fISSL_get_verify_result\fR\|(3),
+\&\fISSL_CTX_load_verify_locations\fR\|(3)
+.SH "HISTORY"
+.IX Header "HISTORY"
+Previous to OpenSSL 0.9.7, the \fIarg\fR argument to \fBSSL_CTX_set_cert_verify_callback\fR
+was ignored, and \fIcallback\fR was called simply as
+ int (*callback)(X509_STORE_CTX *)
+To compile software written for previous versions of OpenSSL, a dummy
+argument will have to be added to \fIcallback\fR.
diff --git a/secure/lib/libssl/man/SSL_CTX_set_cipher_list.3 b/secure/lib/libssl/man/SSL_CTX_set_cipher_list.3
new file mode 100644
index 0000000..c6e1de2
--- /dev/null
+++ b/secure/lib/libssl/man/SSL_CTX_set_cipher_list.3
@@ -0,0 +1,193 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "SSL_CTX_set_cipher_list 3"
+.TH SSL_CTX_set_cipher_list 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+SSL_CTX_set_cipher_list, SSL_set_cipher_list \- choose list of available SSL_CIPHERs
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/ssl.h>
+\&
+\& int SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str);
+\& int SSL_set_cipher_list(SSL *ssl, const char *str);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\fISSL_CTX_set_cipher_list()\fR sets the list of available ciphers for \fBctx\fR
+using the control string \fBstr\fR. The format of the string is described
+in \fIciphers\fR\|(1). The list of ciphers is inherited by all
+\&\fBssl\fR objects created from \fBctx\fR.
+.PP
+\&\fISSL_set_cipher_list()\fR sets the list of ciphers only for \fBssl\fR.
+.SH "NOTES"
+.IX Header "NOTES"
+The control string \fBstr\fR should be universally usable and not depend
+on details of the library configuration (ciphers compiled in). Thus no
+syntax checking takes place. Items that are not recognized, because the
+corresponding ciphers are not compiled in or because they are mistyped,
+are simply ignored. Failure is only flagged if no ciphers could be collected
+at all.
+.PP
+It should be noted, that inclusion of a cipher to be used into the list is
+a necessary condition. On the client side, the inclusion into the list is
+also sufficient. On the server side, additional restrictions apply. All ciphers
+have additional requirements. \s-1ADH\s0 ciphers don't need a certificate, but
+DH-parameters must have been set. All other ciphers need a corresponding
+certificate and key.
+.PP
+A \s-1RSA\s0 cipher can only be chosen, when a \s-1RSA\s0 certificate is available.
+\&\s-1RSA\s0 export ciphers with a keylength of 512 bits for the \s-1RSA\s0 key require
+a temporary 512 bit \s-1RSA\s0 key, as typically the supplied key has a length
+of 1024 bit (see
+\&\fISSL_CTX_set_tmp_rsa_callback\fR\|(3)).
+\&\s-1RSA\s0 ciphers using \s-1EDH\s0 need a certificate and key and additional DH-parameters
+(see \fISSL_CTX_set_tmp_dh_callback\fR\|(3)).
+.PP
+A \s-1DSA\s0 cipher can only be chosen, when a \s-1DSA\s0 certificate is available.
+\&\s-1DSA\s0 ciphers always use \s-1DH\s0 key exchange and therefore need DH-parameters
+(see \fISSL_CTX_set_tmp_dh_callback\fR\|(3)).
+.PP
+When these conditions are not met for any cipher in the list (e.g. a
+client only supports export \s-1RSA\s0 ciphers with a asymmetric key length
+of 512 bits and the server is not configured to use temporary \s-1RSA\s0
+keys), the \*(L"no shared cipher\*(R" (\s-1SSL_R_NO_SHARED_CIPHER\s0) error is generated
+and the handshake will fail.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+\&\fISSL_CTX_set_cipher_list()\fR and \fISSL_set_cipher_list()\fR return 1 if any cipher
+could be selected and 0 on complete failure.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIssl\fR\|(3), \fISSL_get_ciphers\fR\|(3),
+\&\fISSL_CTX_use_certificate\fR\|(3),
+\&\fISSL_CTX_set_tmp_rsa_callback\fR\|(3),
+\&\fISSL_CTX_set_tmp_dh_callback\fR\|(3),
+\&\fIciphers\fR\|(1)
diff --git a/secure/lib/libssl/man/SSL_CTX_set_client_CA_list.3 b/secure/lib/libssl/man/SSL_CTX_set_client_CA_list.3
new file mode 100644
index 0000000..6240f79
--- /dev/null
+++ b/secure/lib/libssl/man/SSL_CTX_set_client_CA_list.3
@@ -0,0 +1,216 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "SSL_CTX_set_client_CA_list 3"
+.TH SSL_CTX_set_client_CA_list 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+SSL_CTX_set_client_CA_list, SSL_set_client_CA_list, SSL_CTX_add_client_CA,
+SSL_add_client_CA \- set list of CAs sent to the client when requesting a
+client certificate
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/ssl.h>
+\&
+\& void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *list);
+\& void SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *list);
+\& int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *cacert);
+\& int SSL_add_client_CA(SSL *ssl, X509 *cacert);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\fISSL_CTX_set_client_CA_list()\fR sets the \fBlist\fR of CAs sent to the client when
+requesting a client certificate for \fBctx\fR.
+.PP
+\&\fISSL_set_client_CA_list()\fR sets the \fBlist\fR of CAs sent to the client when
+requesting a client certificate for the chosen \fBssl\fR, overriding the
+setting valid for \fBssl\fR's \s-1SSL_CTX\s0 object.
+.PP
+\&\fISSL_CTX_add_client_CA()\fR adds the \s-1CA\s0 name extracted from \fBcacert\fR to the
+list of CAs sent to the client when requesting a client certificate for
+\&\fBctx\fR.
+.PP
+\&\fISSL_add_client_CA()\fR adds the \s-1CA\s0 name extracted from \fBcacert\fR to the
+list of CAs sent to the client when requesting a client certificate for
+the chosen \fBssl\fR, overriding the setting valid for \fBssl\fR's \s-1SSL_CTX\s0 object.
+.SH "NOTES"
+.IX Header "NOTES"
+When a \s-1TLS/SSL\s0 server requests a client certificate (see
+\&\fB\f(BISSL_CTX_set_verify_options()\fB\fR), it sends a list of CAs, for which
+it will accept certificates, to the client.
+.PP
+This list must explicitly be set using \fISSL_CTX_set_client_CA_list()\fR for
+\&\fBctx\fR and \fISSL_set_client_CA_list()\fR for the specific \fBssl\fR. The list
+specified overrides the previous setting. The CAs listed do not become
+trusted (\fBlist\fR only contains the names, not the complete certificates); use
+\&\fISSL_CTX_load_verify_locations\fR\|(3)
+to additionally load them for verification.
+.PP
+If the list of acceptable CAs is compiled in a file, the
+\&\fISSL_load_client_CA_file\fR\|(3)
+function can be used to help importing the necessary data.
+.PP
+\&\fISSL_CTX_add_client_CA()\fR and \fISSL_add_client_CA()\fR can be used to add additional
+items the list of client CAs. If no list was specified before using
+\&\fISSL_CTX_set_client_CA_list()\fR or \fISSL_set_client_CA_list()\fR, a new client
+\&\s-1CA\s0 list for \fBctx\fR or \fBssl\fR (as appropriate) is opened.
+.PP
+These functions are only useful for \s-1TLS/SSL\s0 servers.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+\&\fISSL_CTX_set_client_CA_list()\fR and \fISSL_set_client_CA_list()\fR do not return
+diagnostic information.
+.PP
+\&\fISSL_CTX_add_client_CA()\fR and \fISSL_add_client_CA()\fR have the following return
+values:
+.IP "1." 4
+The operation succeeded.
+.IP "2." 4
+A failure while manipulating the \s-1STACK_OF\s0(X509_NAME) object occurred or
+the X509_NAME could not be extracted from \fBcacert\fR. Check the error stack
+to find out the reason.
+.SH "EXAMPLES"
+.IX Header "EXAMPLES"
+Scan all certificates in \fBCAfile\fR and list them as acceptable CAs:
+.PP
+.Vb 1
+\& SSL_CTX_set_client_CA_list(ctx,SSL_load_client_CA_file(CAfile));
+.Ve
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIssl\fR\|(3),
+\&\fISSL_get_client_CA_list\fR\|(3),
+\&\fISSL_load_client_CA_file\fR\|(3),
+\&\fISSL_CTX_load_verify_locations\fR\|(3)
+.SH "POD ERRORS"
+.IX Header "POD ERRORS"
+Hey! \fBThe above document had some coding errors, which are explained below:\fR
+.IP "Around line 73:" 4
+.IX Item "Around line 73:"
+You have '=item 0' instead of the expected '=item 2'
diff --git a/secure/lib/libssl/man/SSL_CTX_set_client_cert_cb.3 b/secure/lib/libssl/man/SSL_CTX_set_client_cert_cb.3
new file mode 100644
index 0000000..b5df457
--- /dev/null
+++ b/secure/lib/libssl/man/SSL_CTX_set_client_cert_cb.3
@@ -0,0 +1,217 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "SSL_CTX_set_client_cert_cb 3"
+.TH SSL_CTX_set_client_cert_cb 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+SSL_CTX_set_client_cert_cb, SSL_CTX_get_client_cert_cb \- handle client certificate callback function
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/ssl.h>
+\&
+\& void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx, int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey));
+\& int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))(SSL *ssl, X509 **x509, EVP_PKEY **pkey);
+\& int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\fISSL_CTX_set_client_cert_cb()\fR sets the \fB\f(BIclient_cert_cb()\fB\fR callback, that is
+called when a client certificate is requested by a server and no certificate
+was yet set for the \s-1SSL\s0 object.
+.PP
+When \fB\f(BIclient_cert_cb()\fB\fR is \s-1NULL\s0, no callback function is used.
+.PP
+\&\fISSL_CTX_get_client_cert_cb()\fR returns a pointer to the currently set callback
+function.
+.PP
+\&\fIclient_cert_cb()\fR is the application defined callback. If it wants to
+set a certificate, a certificate/private key combination must be set
+using the \fBx509\fR and \fBpkey\fR arguments and \*(L"1\*(R" must be returned. The
+certificate will be installed into \fBssl\fR, see the \s-1NOTES\s0 and \s-1BUGS\s0 sections.
+If no certificate should be set, \*(L"0\*(R" has to be returned and no certificate
+will be sent. A negative return value will suspend the handshake and the
+handshake function will return immediatly. \fISSL_get_error\fR\|(3)
+will return \s-1SSL_ERROR_WANT_X509_LOOKUP\s0 to indicate, that the handshake was
+suspended. The next call to the handshake function will again lead to the call
+of \fIclient_cert_cb()\fR. It is the job of the \fIclient_cert_cb()\fR to store information
+about the state of the last call, if required to continue.
+.SH "NOTES"
+.IX Header "NOTES"
+During a handshake (or renegotiation) a server may request a certificate
+from the client. A client certificate must only be sent, when the server
+did send the request.
+.PP
+When a certificate was set using the
+\&\fISSL_CTX_use_certificate\fR\|(3) family of functions,
+it will be sent to the server. The \s-1TLS\s0 standard requires that only a
+certificate is sent, if it matches the list of acceptable CAs sent by the
+server. This constraint is violated by the default behavior of the OpenSSL
+library. Using the callback function it is possible to implement a proper
+selection routine or to allow a user interaction to choose the certificate to
+be sent.
+.PP
+If a callback function is defined and no certificate was yet defined for the
+\&\s-1SSL\s0 object, the callback function will be called.
+If the callback function returns a certificate, the OpenSSL library
+will try to load the private key and certificate data into the \s-1SSL\s0
+object using the \fISSL_use_certificate()\fR and \fISSL_use_private_key()\fR functions.
+Thus it will permanently install the certificate and key for this \s-1SSL\s0
+object. It will not be reset by calling \fISSL_clear\fR\|(3).
+If the callback returns no certificate, the OpenSSL library will not send
+a certificate.
+.SH "BUGS"
+.IX Header "BUGS"
+The \fIclient_cert_cb()\fR cannot return a complete certificate chain, it can
+only return one client certificate. If the chain only has a length of 2,
+the root \s-1CA\s0 certificate may be omitted according to the \s-1TLS\s0 standard and
+thus a standard conforming answer can be sent to the server. For a
+longer chain, the client must send the complete chain (with the option
+to leave out the root \s-1CA\s0 certificate). This can only be accomplished by
+either adding the intermediate \s-1CA\s0 certificates into the trusted
+certificate store for the \s-1SSL_CTX\s0 object (resulting in having to add
+\&\s-1CA\s0 certificates that otherwise maybe would not be trusted), or by adding
+the chain certificates using the
+\&\fISSL_CTX_add_extra_chain_cert\fR\|(3)
+function, which is only available for the \s-1SSL_CTX\s0 object as a whole and that
+therefore probably can only apply for one client certificate, making
+the concept of the callback function (to allow the choice from several
+certificates) questionable.
+.PP
+Once the \s-1SSL\s0 object has been used in conjunction with the callback function,
+the certificate will be set for the \s-1SSL\s0 object and will not be cleared
+even when \fISSL_clear\fR\|(3) is being called. It is therefore
+mandatory to destroy the \s-1SSL\s0 object using \fISSL_free\fR\|(3)
+and create a new one to return to the previous state.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIssl\fR\|(3), \fISSL_CTX_use_certificate\fR\|(3),
+\&\fISSL_CTX_add_extra_chain_cert\fR\|(3),
+\&\fISSL_get_client_CA_list\fR\|(3),
+\&\fISSL_clear\fR\|(3), \fISSL_free\fR\|(3)
diff --git a/secure/lib/libssl/man/SSL_CTX_set_default_passwd_cb.3 b/secure/lib/libssl/man/SSL_CTX_set_default_passwd_cb.3
new file mode 100644
index 0000000..5dc40f5
--- /dev/null
+++ b/secure/lib/libssl/man/SSL_CTX_set_default_passwd_cb.3
@@ -0,0 +1,200 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "SSL_CTX_set_default_passwd_cb 3"
+.TH SSL_CTX_set_default_passwd_cb 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+SSL_CTX_set_default_passwd_cb, SSL_CTX_set_default_passwd_cb_userdata \- set passwd callback for encrypted PEM file handling
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/ssl.h>
+\&
+\& void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb);
+\& void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u);
+\&
+\& int pem_passwd_cb(char *buf, int size, int rwflag, void *userdata);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\fISSL_CTX_set_default_passwd_cb()\fR sets the default password callback called
+when loading/storing a \s-1PEM\s0 certificate with encryption.
+.PP
+\&\fISSL_CTX_set_default_passwd_cb_userdata()\fR sets a pointer to \fBuserdata\fR which
+will be provided to the password callback on invocation.
+.PP
+The \fIpem_passwd_cb()\fR, which must be provided by the application, hands back the
+password to be used during decryption. On invocation a pointer to \fBuserdata\fR
+is provided. The pem_passwd_cb must write the password into the provided buffer
+\&\fBbuf\fR which is of size \fBsize\fR. The actual length of the password must
+be returned to the calling function. \fBrwflag\fR indicates whether the
+callback is used for reading/decryption (rwflag=0) or writing/encryption
+(rwflag=1).
+.SH "NOTES"
+.IX Header "NOTES"
+When loading or storing private keys, a password might be supplied to
+protect the private key. The way this password can be supplied may depend
+on the application. If only one private key is handled, it can be practical
+to have \fIpem_passwd_cb()\fR handle the password dialog interactively. If several
+keys have to be handled, it can be practical to ask for the password once,
+then keep it in memory and use it several times. In the last case, the
+password could be stored into the \fBuserdata\fR storage and the
+\&\fIpem_passwd_cb()\fR only returns the password already stored.
+.PP
+When asking for the password interactively, \fIpem_passwd_cb()\fR can use
+\&\fBrwflag\fR to check, whether an item shall be encrypted (rwflag=1).
+In this case the password dialog may ask for the same password twice
+for comparison in order to catch typos, that would make decryption
+impossible.
+.PP
+Other items in \s-1PEM\s0 formatting (certificates) can also be encrypted, it is
+however not usual, as certificate information is considered public.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+\&\fISSL_CTX_set_default_passwd_cb()\fR and \fISSL_CTX_set_default_passwd_cb_userdata()\fR
+do not provide diagnostic information.
+.SH "EXAMPLES"
+.IX Header "EXAMPLES"
+The following example returns the password provided as \fBuserdata\fR to the
+calling function. The password is considered to be a '\e0' terminated
+string. If the password does not fit into the buffer, the password is
+truncated.
+.PP
+.Vb 6
+\& int pem_passwd_cb(char *buf, int size, int rwflag, void *password)
+\& {
+\& strncpy(buf, (char *)(password), size);
+\& buf[size \- 1] = \*(Aq\e0\*(Aq;
+\& return(strlen(buf));
+\& }
+.Ve
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIssl\fR\|(3),
+\&\fISSL_CTX_use_certificate\fR\|(3)
diff --git a/secure/lib/libssl/man/SSL_CTX_set_generate_session_id.3 b/secure/lib/libssl/man/SSL_CTX_set_generate_session_id.3
new file mode 100644
index 0000000..c57f634
--- /dev/null
+++ b/secure/lib/libssl/man/SSL_CTX_set_generate_session_id.3
@@ -0,0 +1,272 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "SSL_CTX_set_generate_session_id 3"
+.TH SSL_CTX_set_generate_session_id 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+SSL_CTX_set_generate_session_id, SSL_set_generate_session_id, SSL_has_matching_session_id \- manipulate generation of SSL session IDs (server only)
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/ssl.h>
+\&
+\& typedef int (*GEN_SESSION_CB)(const SSL *ssl, unsigned char *id,
+\& unsigned int *id_len);
+\&
+\& int SSL_CTX_set_generate_session_id(SSL_CTX *ctx, GEN_SESSION_CB cb);
+\& int SSL_set_generate_session_id(SSL *ssl, GEN_SESSION_CB, cb);
+\& int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id,
+\& unsigned int id_len);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\fISSL_CTX_set_generate_session_id()\fR sets the callback function for generating
+new session ids for \s-1SSL/TLS\s0 sessions for \fBctx\fR to be \fBcb\fR.
+.PP
+\&\fISSL_set_generate_session_id()\fR sets the callback function for generating
+new session ids for \s-1SSL/TLS\s0 sessions for \fBssl\fR to be \fBcb\fR.
+.PP
+\&\fISSL_has_matching_session_id()\fR checks, whether a session with id \fBid\fR
+(of length \fBid_len\fR) is already contained in the internal session cache
+of the parent context of \fBssl\fR.
+.SH "NOTES"
+.IX Header "NOTES"
+When a new session is established between client and server, the server
+generates a session id. The session id is an arbitrary sequence of bytes.
+The length of the session id is 16 bytes for SSLv2 sessions and between
+1 and 32 bytes for SSLv3/TLSv1. The session id is not security critical
+but must be unique for the server. Additionally, the session id is
+transmitted in the clear when reusing the session so it must not contain
+sensitive information.
+.PP
+Without a callback being set, an OpenSSL server will generate a unique
+session id from pseudo random numbers of the maximum possible length.
+Using the callback function, the session id can be changed to contain
+additional information like e.g. a host id in order to improve load balancing
+or external caching techniques.
+.PP
+The callback function receives a pointer to the memory location to put
+\&\fBid\fR into and a pointer to the maximum allowed length \fBid_len\fR. The
+buffer at location \fBid\fR is only guaranteed to have the size \fBid_len\fR.
+The callback is only allowed to generate a shorter id and reduce \fBid_len\fR;
+the callback \fBmust never\fR increase \fBid_len\fR or write to the location
+\&\fBid\fR exceeding the given limit.
+.PP
+If a SSLv2 session id is generated and \fBid_len\fR is reduced, it will be
+restored after the callback has finished and the session id will be padded
+with 0x00. It is not recommended to change the \fBid_len\fR for SSLv2 sessions.
+The callback can use the \fISSL_get_version\fR\|(3) function
+to check, whether the session is of type SSLv2.
+.PP
+The location \fBid\fR is filled with 0x00 before the callback is called, so the
+callback may only fill part of the possible length and leave \fBid_len\fR
+untouched while maintaining reproducibility.
+.PP
+Since the sessions must be distinguished, session ids must be unique.
+Without the callback a random number is used, so that the probability
+of generating the same session id is extremely small (2^128 possible ids
+for an SSLv2 session, 2^256 for SSLv3/TLSv1). In order to assure the
+uniqueness of the generated session id, the callback must call
+\&\fISSL_has_matching_session_id()\fR and generate another id if a conflict occurs.
+If an id conflict is not resolved, the handshake will fail.
+If the application codes e.g. a unique host id, a unique process number, and
+a unique sequence number into the session id, uniqueness could easily be
+achieved without randomness added (it should however be taken care that
+no confidential information is leaked this way). If the application can not
+guarantee uniqueness, it is recommended to use the maximum \fBid_len\fR and
+fill in the bytes not used to code special information with random data
+to avoid collisions.
+.PP
+\&\fISSL_has_matching_session_id()\fR will only query the internal session cache,
+not the external one. Since the session id is generated before the
+handshake is completed, it is not immediately added to the cache. If
+another thread is using the same internal session cache, a race condition
+can occur in that another thread generates the same session id.
+Collisions can also occur when using an external session cache, since
+the external cache is not tested with \fISSL_has_matching_session_id()\fR
+and the same race condition applies.
+.PP
+When calling \fISSL_has_matching_session_id()\fR for an SSLv2 session with
+reduced \fBid_len\fR, the match operation will be performed using the
+fixed length required and with a 0x00 padded id.
+.PP
+The callback must return 0 if it cannot generate a session id for whatever
+reason and return 1 on success.
+.SH "EXAMPLES"
+.IX Header "EXAMPLES"
+The callback function listed will generate a session id with the
+server id given, and will fill the rest with pseudo random bytes:
+.PP
+.Vb 1
+\& const char session_id_prefix = "www\-18";
+\&
+\& #define MAX_SESSION_ID_ATTEMPTS 10
+\& static int generate_session_id(const SSL *ssl, unsigned char *id,
+\& unsigned int *id_len)
+\& {
+\& unsigned int count = 0;
+\& const char *version;
+\&
+\& version = SSL_get_version(ssl);
+\& if (!strcmp(version, "SSLv2"))
+\& /* we must not change id_len */;
+\&
+\& do {
+\& RAND_pseudo_bytes(id, *id_len);
+\& /* Prefix the session_id with the required prefix. NB: If our
+\& * prefix is too long, clip it \- but there will be worse effects
+\& * anyway, eg. the server could only possibly create 1 session
+\& * ID (ie. the prefix!) so all future session negotiations will
+\& * fail due to conflicts. */
+\& memcpy(id, session_id_prefix,
+\& (strlen(session_id_prefix) < *id_len) ?
+\& strlen(session_id_prefix) : *id_len);
+\& }
+\& while(SSL_has_matching_session_id(ssl, id, *id_len) &&
+\& (++count < MAX_SESSION_ID_ATTEMPTS));
+\& if(count >= MAX_SESSION_ID_ATTEMPTS)
+\& return 0;
+\& return 1;
+\& }
+.Ve
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+\&\fISSL_CTX_set_generate_session_id()\fR and \fISSL_set_generate_session_id()\fR
+always return 1.
+.PP
+\&\fISSL_has_matching_session_id()\fR returns 1 if another session with the
+same id is already in the cache.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIssl\fR\|(3), \fISSL_get_version\fR\|(3)
+.SH "HISTORY"
+.IX Header "HISTORY"
+\&\fISSL_CTX_set_generate_session_id()\fR, \fISSL_set_generate_session_id()\fR
+and \fISSL_has_matching_session_id()\fR have been introduced in
+OpenSSL 0.9.7.
diff --git a/secure/lib/libssl/man/SSL_CTX_set_info_callback.3 b/secure/lib/libssl/man/SSL_CTX_set_info_callback.3
new file mode 100644
index 0000000..f01f8e3
--- /dev/null
+++ b/secure/lib/libssl/man/SSL_CTX_set_info_callback.3
@@ -0,0 +1,268 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "SSL_CTX_set_info_callback 3"
+.TH SSL_CTX_set_info_callback 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+SSL_CTX_set_info_callback, SSL_CTX_get_info_callback, SSL_set_info_callback, SSL_get_info_callback \- handle information callback for SSL connections
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/ssl.h>
+\&
+\& void SSL_CTX_set_info_callback(SSL_CTX *ctx, void (*callback)());
+\& void (*SSL_CTX_get_info_callback(const SSL_CTX *ctx))();
+\&
+\& void SSL_set_info_callback(SSL *ssl, void (*callback)());
+\& void (*SSL_get_info_callback(const SSL *ssl))();
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\fISSL_CTX_set_info_callback()\fR sets the \fBcallback\fR function, that can be used to
+obtain state information for \s-1SSL\s0 objects created from \fBctx\fR during connection
+setup and use. The setting for \fBctx\fR is overridden from the setting for
+a specific \s-1SSL\s0 object, if specified.
+When \fBcallback\fR is \s-1NULL\s0, not callback function is used.
+.PP
+\&\fISSL_set_info_callback()\fR sets the \fBcallback\fR function, that can be used to
+obtain state information for \fBssl\fR during connection setup and use.
+When \fBcallback\fR is \s-1NULL\s0, the callback setting currently valid for
+\&\fBctx\fR is used.
+.PP
+\&\fISSL_CTX_get_info_callback()\fR returns a pointer to the currently set information
+callback function for \fBctx\fR.
+.PP
+\&\fISSL_get_info_callback()\fR returns a pointer to the currently set information
+callback function for \fBssl\fR.
+.SH "NOTES"
+.IX Header "NOTES"
+When setting up a connection and during use, it is possible to obtain state
+information from the \s-1SSL/TLS\s0 engine. When set, an information callback function
+is called whenever the state changes, an alert appears, or an error occurs.
+.PP
+The callback function is called as \fBcallback(\s-1SSL\s0 *ssl, int where, int ret)\fR.
+The \fBwhere\fR argument specifies information about where (in which context)
+the callback function was called. If \fBret\fR is 0, an error condition occurred.
+If an alert is handled, \s-1SSL_CB_ALERT\s0 is set and \fBret\fR specifies the alert
+information.
+.PP
+\&\fBwhere\fR is a bitmask made up of the following bits:
+.IP "\s-1SSL_CB_LOOP\s0" 4
+.IX Item "SSL_CB_LOOP"
+Callback has been called to indicate state change inside a loop.
+.IP "\s-1SSL_CB_EXIT\s0" 4
+.IX Item "SSL_CB_EXIT"
+Callback has been called to indicate error exit of a handshake function.
+(May be soft error with retry option for non-blocking setups.)
+.IP "\s-1SSL_CB_READ\s0" 4
+.IX Item "SSL_CB_READ"
+Callback has been called during read operation.
+.IP "\s-1SSL_CB_WRITE\s0" 4
+.IX Item "SSL_CB_WRITE"
+Callback has been called during write operation.
+.IP "\s-1SSL_CB_ALERT\s0" 4
+.IX Item "SSL_CB_ALERT"
+Callback has been called due to an alert being sent or received.
+.IP "\s-1SSL_CB_READ_ALERT\s0 (SSL_CB_ALERT|SSL_CB_READ)" 4
+.IX Item "SSL_CB_READ_ALERT (SSL_CB_ALERT|SSL_CB_READ)"
+.PD 0
+.IP "\s-1SSL_CB_WRITE_ALERT\s0 (SSL_CB_ALERT|SSL_CB_WRITE)" 4
+.IX Item "SSL_CB_WRITE_ALERT (SSL_CB_ALERT|SSL_CB_WRITE)"
+.IP "\s-1SSL_CB_ACCEPT_LOOP\s0 (SSL_ST_ACCEPT|SSL_CB_LOOP)" 4
+.IX Item "SSL_CB_ACCEPT_LOOP (SSL_ST_ACCEPT|SSL_CB_LOOP)"
+.IP "\s-1SSL_CB_ACCEPT_EXIT\s0 (SSL_ST_ACCEPT|SSL_CB_EXIT)" 4
+.IX Item "SSL_CB_ACCEPT_EXIT (SSL_ST_ACCEPT|SSL_CB_EXIT)"
+.IP "\s-1SSL_CB_CONNECT_LOOP\s0 (SSL_ST_CONNECT|SSL_CB_LOOP)" 4
+.IX Item "SSL_CB_CONNECT_LOOP (SSL_ST_CONNECT|SSL_CB_LOOP)"
+.IP "\s-1SSL_CB_CONNECT_EXIT\s0 (SSL_ST_CONNECT|SSL_CB_EXIT)" 4
+.IX Item "SSL_CB_CONNECT_EXIT (SSL_ST_CONNECT|SSL_CB_EXIT)"
+.IP "\s-1SSL_CB_HANDSHAKE_START\s0" 4
+.IX Item "SSL_CB_HANDSHAKE_START"
+.PD
+Callback has been called because a new handshake is started.
+.IP "\s-1SSL_CB_HANDSHAKE_DONE\s0 0x20" 4
+.IX Item "SSL_CB_HANDSHAKE_DONE 0x20"
+Callback has been called because a handshake is finished.
+.PP
+The current state information can be obtained using the
+\&\fISSL_state_string\fR\|(3) family of functions.
+.PP
+The \fBret\fR information can be evaluated using the
+\&\fISSL_alert_type_string\fR\|(3) family of functions.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+\&\fISSL_set_info_callback()\fR does not provide diagnostic information.
+.PP
+\&\fISSL_get_info_callback()\fR returns the current setting.
+.SH "EXAMPLES"
+.IX Header "EXAMPLES"
+The following example callback function prints state strings, information
+about alerts being handled and error messages to the \fBbio_err\fR \s-1BIO\s0.
+.PP
+.Vb 4
+\& void apps_ssl_info_callback(SSL *s, int where, int ret)
+\& {
+\& const char *str;
+\& int w;
+\&
+\& w=where& ~SSL_ST_MASK;
+\&
+\& if (w & SSL_ST_CONNECT) str="SSL_connect";
+\& else if (w & SSL_ST_ACCEPT) str="SSL_accept";
+\& else str="undefined";
+\&
+\& if (where & SSL_CB_LOOP)
+\& {
+\& BIO_printf(bio_err,"%s:%s\en",str,SSL_state_string_long(s));
+\& }
+\& else if (where & SSL_CB_ALERT)
+\& {
+\& str=(where & SSL_CB_READ)?"read":"write";
+\& BIO_printf(bio_err,"SSL3 alert %s:%s:%s\en",
+\& str,
+\& SSL_alert_type_string_long(ret),
+\& SSL_alert_desc_string_long(ret));
+\& }
+\& else if (where & SSL_CB_EXIT)
+\& {
+\& if (ret == 0)
+\& BIO_printf(bio_err,"%s:failed in %s\en",
+\& str,SSL_state_string_long(s));
+\& else if (ret < 0)
+\& {
+\& BIO_printf(bio_err,"%s:error in %s\en",
+\& str,SSL_state_string_long(s));
+\& }
+\& }
+\& }
+.Ve
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIssl\fR\|(3), \fISSL_state_string\fR\|(3),
+\&\fISSL_alert_type_string\fR\|(3)
diff --git a/secure/lib/libssl/man/SSL_CTX_set_max_cert_list.3 b/secure/lib/libssl/man/SSL_CTX_set_max_cert_list.3
new file mode 100644
index 0000000..d9d5762
--- /dev/null
+++ b/secure/lib/libssl/man/SSL_CTX_set_max_cert_list.3
@@ -0,0 +1,199 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "SSL_CTX_set_max_cert_list 3"
+.TH SSL_CTX_set_max_cert_list 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+SSL_CTX_set_max_cert_list, SSL_CTX_get_max_cert_list, SSL_set_max_cert_list, SSL_get_max_cert_list, \- manipulate allowed for the peer's certificate chain
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/ssl.h>
+\&
+\& long SSL_CTX_set_max_cert_list(SSL_CTX *ctx, long size);
+\& long SSL_CTX_get_max_cert_list(SSL_CTX *ctx);
+\&
+\& long SSL_set_max_cert_list(SSL *ssl, long size);
+\& long SSL_get_max_cert_list(SSL *ctx);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\fISSL_CTX_set_max_cert_list()\fR sets the maximum size allowed for the peer's
+certificate chain for all \s-1SSL\s0 objects created from \fBctx\fR to be <size> bytes.
+The \s-1SSL\s0 objects inherit the setting valid for \fBctx\fR at the time
+\&\fISSL_new\fR\|(3) is being called.
+.PP
+\&\fISSL_CTX_get_max_cert_list()\fR returns the currently set maximum size for \fBctx\fR.
+.PP
+\&\fISSL_set_max_cert_list()\fR sets the maximum size allowed for the peer's
+certificate chain for \fBssl\fR to be <size> bytes. This setting stays valid
+until a new value is set.
+.PP
+\&\fISSL_get_max_cert_list()\fR returns the currently set maximum size for \fBssl\fR.
+.SH "NOTES"
+.IX Header "NOTES"
+During the handshake process, the peer may send a certificate chain.
+The \s-1TLS/SSL\s0 standard does not give any maximum size of the certificate chain.
+The OpenSSL library handles incoming data by a dynamically allocated buffer.
+In order to prevent this buffer from growing without bounds due to data
+received from a faulty or malicious peer, a maximum size for the certificate
+chain is set.
+.PP
+The default value for the maximum certificate chain size is 100kB (30kB
+on the 16bit \s-1DOS\s0 platform). This should be sufficient for usual certificate
+chains (OpenSSL's default maximum chain length is 10, see
+\&\fISSL_CTX_set_verify\fR\|(3), and certificates
+without special extensions have a typical size of 1\-2kB).
+.PP
+For special applications it can be necessary to extend the maximum certificate
+chain size allowed to be sent by the peer, see e.g. the work on
+\&\*(L"Internet X.509 Public Key Infrastructure Proxy Certificate Profile\*(R"
+and \*(L"\s-1TLS\s0 Delegation Protocol\*(R" at http://www.ietf.org/ and
+http://www.globus.org/ .
+.PP
+Under normal conditions it should never be necessary to set a value smaller
+than the default, as the buffer is handled dynamically and only uses the
+memory actually required by the data sent by the peer.
+.PP
+If the maximum certificate chain size allowed is exceeded, the handshake will
+fail with a \s-1SSL_R_EXCESSIVE_MESSAGE_SIZE\s0 error.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+\&\fISSL_CTX_set_max_cert_list()\fR and \fISSL_set_max_cert_list()\fR return the previously
+set value.
+.PP
+\&\fISSL_CTX_get_max_cert_list()\fR and \fISSL_get_max_cert_list()\fR return the currently
+set value.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIssl\fR\|(3), \fISSL_new\fR\|(3),
+\&\fISSL_CTX_set_verify\fR\|(3)
+.SH "HISTORY"
+.IX Header "HISTORY"
+SSL*_set/\fIget_max_cert_list()\fR have been introduced in OpenSSL 0.9.7.
diff --git a/secure/lib/libssl/man/SSL_CTX_set_mode.3 b/secure/lib/libssl/man/SSL_CTX_set_mode.3
new file mode 100644
index 0000000..5418b96
--- /dev/null
+++ b/secure/lib/libssl/man/SSL_CTX_set_mode.3
@@ -0,0 +1,196 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "SSL_CTX_set_mode 3"
+.TH SSL_CTX_set_mode 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+SSL_CTX_set_mode, SSL_set_mode, SSL_CTX_get_mode, SSL_get_mode \- manipulate SSL engine mode
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/ssl.h>
+\&
+\& long SSL_CTX_set_mode(SSL_CTX *ctx, long mode);
+\& long SSL_set_mode(SSL *ssl, long mode);
+\&
+\& long SSL_CTX_get_mode(SSL_CTX *ctx);
+\& long SSL_get_mode(SSL *ssl);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\fISSL_CTX_set_mode()\fR adds the mode set via bitmask in \fBmode\fR to \fBctx\fR.
+Options already set before are not cleared.
+.PP
+\&\fISSL_set_mode()\fR adds the mode set via bitmask in \fBmode\fR to \fBssl\fR.
+Options already set before are not cleared.
+.PP
+\&\fISSL_CTX_get_mode()\fR returns the mode set for \fBctx\fR.
+.PP
+\&\fISSL_get_mode()\fR returns the mode set for \fBssl\fR.
+.SH "NOTES"
+.IX Header "NOTES"
+The following mode changes are available:
+.IP "\s-1SSL_MODE_ENABLE_PARTIAL_WRITE\s0" 4
+.IX Item "SSL_MODE_ENABLE_PARTIAL_WRITE"
+Allow SSL_write(..., n) to return r with 0 < r < n (i.e. report success
+when just a single record has been written). When not set (the default),
+\&\fISSL_write()\fR will only report success once the complete chunk was written.
+Once \fISSL_write()\fR returns with r, r bytes have been successfully written
+and the next call to \fISSL_write()\fR must only send the n\-r bytes left,
+imitating the behaviour of \fIwrite()\fR.
+.IP "\s-1SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER\s0" 4
+.IX Item "SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER"
+Make it possible to retry \fISSL_write()\fR with changed buffer location
+(the buffer contents must stay the same). This is not the default to avoid
+the misconception that non-blocking \fISSL_write()\fR behaves like
+non-blocking \fIwrite()\fR.
+.IP "\s-1SSL_MODE_AUTO_RETRY\s0" 4
+.IX Item "SSL_MODE_AUTO_RETRY"
+Never bother the application with retries if the transport is blocking.
+If a renegotiation take place during normal operation, a
+\&\fISSL_read\fR\|(3) or \fISSL_write\fR\|(3) would return
+with \-1 and indicate the need to retry with \s-1SSL_ERROR_WANT_READ\s0.
+In a non-blocking environment applications must be prepared to handle
+incomplete read/write operations.
+In a blocking environment, applications are not always prepared to
+deal with read/write operations returning without success report. The
+flag \s-1SSL_MODE_AUTO_RETRY\s0 will cause read/write operations to only
+return after the handshake and successful completion.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+\&\fISSL_CTX_set_mode()\fR and \fISSL_set_mode()\fR return the new mode bitmask
+after adding \fBmode\fR.
+.PP
+\&\fISSL_CTX_get_mode()\fR and \fISSL_get_mode()\fR return the current bitmask.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIssl\fR\|(3), \fISSL_read\fR\|(3), \fISSL_write\fR\|(3)
+.SH "HISTORY"
+.IX Header "HISTORY"
+\&\s-1SSL_MODE_AUTO_RETRY\s0 as been added in OpenSSL 0.9.6.
diff --git a/secure/lib/libssl/man/SSL_CTX_set_msg_callback.3 b/secure/lib/libssl/man/SSL_CTX_set_msg_callback.3
new file mode 100644
index 0000000..1ef26ba
--- /dev/null
+++ b/secure/lib/libssl/man/SSL_CTX_set_msg_callback.3
@@ -0,0 +1,212 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "SSL_CTX_set_msg_callback 3"
+.TH SSL_CTX_set_msg_callback 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+SSL_CTX_set_msg_callback, SSL_CTX_set_msg_callback_arg, SSL_set_msg_callback, SSL_get_msg_callback_arg \- install callback for observing protocol messages
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/ssl.h>
+\&
+\& void SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg));
+\& void SSL_CTX_set_msg_callback_arg(SSL_CTX *ctx, void *arg);
+\&
+\& void SSL_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg));
+\& void SSL_set_msg_callback_arg(SSL_CTX *ctx, void *arg);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\fISSL_CTX_set_msg_callback()\fR or \fISSL_set_msg_callback()\fR can be used to
+define a message callback function \fIcb\fR for observing all \s-1SSL/TLS\s0
+protocol messages (such as handshake messages) that are received or
+sent. \fISSL_CTX_set_msg_callback_arg()\fR and \fISSL_set_msg_callback_arg()\fR
+can be used to set argument \fIarg\fR to the callback function, which is
+available for arbitrary application use.
+.PP
+\&\fISSL_CTX_set_msg_callback()\fR and \fISSL_CTX_set_msg_callback_arg()\fR specify
+default settings that will be copied to new \fB\s-1SSL\s0\fR objects by
+\&\fISSL_new\fR\|(3). \fISSL_set_msg_callback()\fR and
+\&\fISSL_set_msg_callback_arg()\fR modify the actual settings of an \fB\s-1SSL\s0\fR
+object. Using a \fB0\fR pointer for \fIcb\fR disables the message callback.
+.PP
+When \fIcb\fR is called by the \s-1SSL/TLS\s0 library for a protocol message,
+the function arguments have the following meaning:
+.IP "\fIwrite_p\fR" 4
+.IX Item "write_p"
+This flag is \fB0\fR when a protocol message has been received and \fB1\fR
+when a protocol message has been sent.
+.IP "\fIversion\fR" 4
+.IX Item "version"
+The protocol version according to which the protocol message is
+interpreted by the library. Currently, this is one of
+\&\fB\s-1SSL2_VERSION\s0\fR, \fB\s-1SSL3_VERSION\s0\fR and \fB\s-1TLS1_VERSION\s0\fR (for \s-1SSL\s0 2.0, \s-1SSL\s0
+3.0 and \s-1TLS\s0 1.0, respectively).
+.IP "\fIcontent_type\fR" 4
+.IX Item "content_type"
+In the case of \s-1SSL\s0 2.0, this is always \fB0\fR. In the case of \s-1SSL\s0 3.0
+or \s-1TLS\s0 1.0, this is one of the \fBContentType\fR values defined in the
+protocol specification (\fBchange_cipher_spec(20)\fR, \fBalert(21)\fR,
+\&\fBhandshake(22)\fR; but never \fBapplication_data(23)\fR because the
+callback will only be called for protocol messages).
+.IP "\fIbuf\fR, \fIlen\fR" 4
+.IX Item "buf, len"
+\&\fIbuf\fR points to a buffer containing the protocol message, which
+consists of \fIlen\fR bytes. The buffer is no longer valid after the
+callback function has returned.
+.IP "\fIssl\fR" 4
+.IX Item "ssl"
+The \fB\s-1SSL\s0\fR object that received or sent the message.
+.IP "\fIarg\fR" 4
+.IX Item "arg"
+The user-defined argument optionally defined by
+\&\fISSL_CTX_set_msg_callback_arg()\fR or \fISSL_set_msg_callback_arg()\fR.
+.SH "NOTES"
+.IX Header "NOTES"
+Protocol messages are passed to the callback function after decryption
+and fragment collection where applicable. (Thus record boundaries are
+not visible.)
+.PP
+If processing a received protocol message results in an error,
+the callback function may not be called. For example, the callback
+function will never see messages that are considered too large to be
+processed.
+.PP
+Due to automatic protocol version negotiation, \fIversion\fR is not
+necessarily the protocol version used by the sender of the message: If
+a \s-1TLS\s0 1.0 ClientHello message is received by an \s-1SSL\s0 3.0\-only server,
+\&\fIversion\fR will be \fB\s-1SSL3_VERSION\s0\fR.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIssl\fR\|(3), \fISSL_new\fR\|(3)
+.SH "HISTORY"
+.IX Header "HISTORY"
+\&\fISSL_CTX_set_msg_callback()\fR, \fISSL_CTX_set_msg_callback_arg()\fR,
+\&\fISSL_set_msg_callback()\fR and \fISSL_get_msg_callback_arg()\fR were added in OpenSSL 0.9.7.
diff --git a/secure/lib/libssl/man/SSL_CTX_set_options.3 b/secure/lib/libssl/man/SSL_CTX_set_options.3
new file mode 100644
index 0000000..b2e2cb4
--- /dev/null
+++ b/secure/lib/libssl/man/SSL_CTX_set_options.3
@@ -0,0 +1,431 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "SSL_CTX_set_options 3"
+.TH SSL_CTX_set_options 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+SSL_CTX_set_options, SSL_set_options, SSL_CTX_clear_options, SSL_clear_options, SSL_CTX_get_options, SSL_get_options, SSL_get_secure_renegotiation_support \- manipulate SSL options
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/ssl.h>
+\&
+\& long SSL_CTX_set_options(SSL_CTX *ctx, long options);
+\& long SSL_set_options(SSL *ssl, long options);
+\&
+\& long SSL_CTX_clear_options(SSL_CTX *ctx, long options);
+\& long SSL_clear_options(SSL *ssl, long options);
+\&
+\& long SSL_CTX_get_options(SSL_CTX *ctx);
+\& long SSL_get_options(SSL *ssl);
+\&
+\& long SSL_get_secure_renegotiation_support(SSL *ssl);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+Note: all these functions are implemented using macros.
+.PP
+\&\fISSL_CTX_set_options()\fR adds the options set via bitmask in \fBoptions\fR to \fBctx\fR.
+Options already set before are not cleared!
+.PP
+\&\fISSL_set_options()\fR adds the options set via bitmask in \fBoptions\fR to \fBssl\fR.
+Options already set before are not cleared!
+.PP
+\&\fISSL_CTX_clear_options()\fR clears the options set via bitmask in \fBoptions\fR
+to \fBctx\fR.
+.PP
+\&\fISSL_clear_options()\fR clears the options set via bitmask in \fBoptions\fR to \fBssl\fR.
+.PP
+\&\fISSL_CTX_get_options()\fR returns the options set for \fBctx\fR.
+.PP
+\&\fISSL_get_options()\fR returns the options set for \fBssl\fR.
+.PP
+\&\fISSL_get_secure_renegotiation_support()\fR indicates whether the peer supports
+secure renegotiation.
+.SH "NOTES"
+.IX Header "NOTES"
+The behaviour of the \s-1SSL\s0 library can be changed by setting several options.
+The options are coded as bitmasks and can be combined by a logical \fBor\fR
+operation (|).
+.PP
+\&\fISSL_CTX_set_options()\fR and \fISSL_set_options()\fR affect the (external)
+protocol behaviour of the \s-1SSL\s0 library. The (internal) behaviour of
+the \s-1API\s0 can be changed by using the similar
+\&\fISSL_CTX_set_mode\fR\|(3) and \fISSL_set_mode()\fR functions.
+.PP
+During a handshake, the option settings of the \s-1SSL\s0 object are used. When
+a new \s-1SSL\s0 object is created from a context using \fISSL_new()\fR, the current
+option setting is copied. Changes to \fBctx\fR do not affect already created
+\&\s-1SSL\s0 objects. \fISSL_clear()\fR does not affect the settings.
+.PP
+The following \fBbug workaround\fR options are available:
+.IP "\s-1SSL_OP_MICROSOFT_SESS_ID_BUG\s0" 4
+.IX Item "SSL_OP_MICROSOFT_SESS_ID_BUG"
+www.microsoft.com \- when talking SSLv2, if session-id reuse is
+performed, the session-id passed back in the server-finished message
+is different from the one decided upon.
+.IP "\s-1SSL_OP_NETSCAPE_CHALLENGE_BUG\s0" 4
+.IX Item "SSL_OP_NETSCAPE_CHALLENGE_BUG"
+Netscape\-Commerce/1.12, when talking SSLv2, accepts a 32 byte
+challenge but then appears to only use 16 bytes when generating the
+encryption keys. Using 16 bytes is ok but it should be ok to use 32.
+According to the SSLv3 spec, one should use 32 bytes for the challenge
+when operating in SSLv2/v3 compatibility mode, but as mentioned above,
+this breaks this server so 16 bytes is the way to go.
+.IP "\s-1SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG\s0" 4
+.IX Item "SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG"
+As of OpenSSL 0.9.8q and 1.0.0c, this option has no effect.
+.IP "\s-1SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG\s0" 4
+.IX Item "SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG"
+\&...
+.IP "\s-1SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER\s0" 4
+.IX Item "SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER"
+\&...
+.IP "\s-1SSL_OP_MSIE_SSLV2_RSA_PADDING\s0" 4
+.IX Item "SSL_OP_MSIE_SSLV2_RSA_PADDING"
+As of OpenSSL 0.9.7h and 0.9.8a, this option has no effect.
+.IP "\s-1SSL_OP_SSLEAY_080_CLIENT_DH_BUG\s0" 4
+.IX Item "SSL_OP_SSLEAY_080_CLIENT_DH_BUG"
+\&...
+.IP "\s-1SSL_OP_TLS_D5_BUG\s0" 4
+.IX Item "SSL_OP_TLS_D5_BUG"
+\&...
+.IP "\s-1SSL_OP_TLS_BLOCK_PADDING_BUG\s0" 4
+.IX Item "SSL_OP_TLS_BLOCK_PADDING_BUG"
+\&...
+.IP "\s-1SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS\s0" 4
+.IX Item "SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS"
+Disables a countermeasure against a \s-1SSL\s0 3.0/TLS 1.0 protocol
+vulnerability affecting \s-1CBC\s0 ciphers, which cannot be handled by some
+broken \s-1SSL\s0 implementations. This option has no effect for connections
+using other ciphers.
+.IP "\s-1SSL_OP_ALL\s0" 4
+.IX Item "SSL_OP_ALL"
+All of the above bug workarounds.
+.PP
+It is usually safe to use \fB\s-1SSL_OP_ALL\s0\fR to enable the bug workaround
+options if compatibility with somewhat broken implementations is
+desired.
+.PP
+The following \fBmodifying\fR options are available:
+.IP "\s-1SSL_OP_TLS_ROLLBACK_BUG\s0" 4
+.IX Item "SSL_OP_TLS_ROLLBACK_BUG"
+Disable version rollback attack detection.
+.Sp
+During the client key exchange, the client must send the same information
+about acceptable \s-1SSL/TLS\s0 protocol levels as during the first hello. Some
+clients violate this rule by adapting to the server's answer. (Example:
+the client sends a SSLv2 hello and accepts up to SSLv3.1=TLSv1, the server
+only understands up to SSLv3. In this case the client must still use the
+same SSLv3.1=TLSv1 announcement. Some clients step down to SSLv3 with respect
+to the server's answer and violate the version rollback protection.)
+.IP "\s-1SSL_OP_SINGLE_DH_USE\s0" 4
+.IX Item "SSL_OP_SINGLE_DH_USE"
+Always create a new key when using temporary/ephemeral \s-1DH\s0 parameters
+(see \fISSL_CTX_set_tmp_dh_callback\fR\|(3)).
+This option must be used to prevent small subgroup attacks, when
+the \s-1DH\s0 parameters were not generated using \*(L"strong\*(R" primes
+(e.g. when using DSA-parameters, see \fIdhparam\fR\|(1)).
+If \*(L"strong\*(R" primes were used, it is not strictly necessary to generate
+a new \s-1DH\s0 key during each handshake but it is also recommended.
+\&\fB\s-1SSL_OP_SINGLE_DH_USE\s0\fR should therefore be enabled whenever
+temporary/ephemeral \s-1DH\s0 parameters are used.
+.IP "\s-1SSL_OP_EPHEMERAL_RSA\s0" 4
+.IX Item "SSL_OP_EPHEMERAL_RSA"
+Always use ephemeral (temporary) \s-1RSA\s0 key when doing \s-1RSA\s0 operations
+(see \fISSL_CTX_set_tmp_rsa_callback\fR\|(3)).
+According to the specifications this is only done, when a \s-1RSA\s0 key
+can only be used for signature operations (namely under export ciphers
+with restricted \s-1RSA\s0 keylength). By setting this option, ephemeral
+\&\s-1RSA\s0 keys are always used. This option breaks compatibility with the
+\&\s-1SSL/TLS\s0 specifications and may lead to interoperability problems with
+clients and should therefore never be used. Ciphers with \s-1EDH\s0 (ephemeral
+Diffie-Hellman) key exchange should be used instead.
+.IP "\s-1SSL_OP_CIPHER_SERVER_PREFERENCE\s0" 4
+.IX Item "SSL_OP_CIPHER_SERVER_PREFERENCE"
+When choosing a cipher, use the server's preferences instead of the client
+preferences. When not set, the \s-1SSL\s0 server will always follow the clients
+preferences. When set, the SSLv3/TLSv1 server will choose following its
+own preferences. Because of the different protocol, for SSLv2 the server
+will send its list of preferences to the client and the client chooses.
+.IP "\s-1SSL_OP_PKCS1_CHECK_1\s0" 4
+.IX Item "SSL_OP_PKCS1_CHECK_1"
+\&...
+.IP "\s-1SSL_OP_PKCS1_CHECK_2\s0" 4
+.IX Item "SSL_OP_PKCS1_CHECK_2"
+\&...
+.IP "\s-1SSL_OP_NETSCAPE_CA_DN_BUG\s0" 4
+.IX Item "SSL_OP_NETSCAPE_CA_DN_BUG"
+If we accept a netscape connection, demand a client cert, have a
+non-self-signed \s-1CA\s0 which does not have its \s-1CA\s0 in netscape, and the
+browser has a cert, it will crash/hang. Works for 3.x and 4.xbeta
+.IP "\s-1SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG\s0" 4
+.IX Item "SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG"
+\&...
+.IP "SSL_OP_NO_SSLv2" 4
+.IX Item "SSL_OP_NO_SSLv2"
+Do not use the SSLv2 protocol.
+.IP "SSL_OP_NO_SSLv3" 4
+.IX Item "SSL_OP_NO_SSLv3"
+Do not use the SSLv3 protocol.
+.IP "SSL_OP_NO_TLSv1" 4
+.IX Item "SSL_OP_NO_TLSv1"
+Do not use the TLSv1 protocol.
+.IP "\s-1SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION\s0" 4
+.IX Item "SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION"
+When performing renegotiation as a server, always start a new session
+(i.e., session resumption requests are only accepted in the initial
+handshake). This option is not needed for clients.
+.IP "\s-1SSL_OP_NO_TICKET\s0" 4
+.IX Item "SSL_OP_NO_TICKET"
+Normally clients and servers will, where possible, transparently make use
+of RFC4507bis tickets for stateless session resumption if extension support
+is explicitly set when OpenSSL is compiled.
+.Sp
+If this option is set this functionality is disabled and tickets will
+not be used by clients or servers.
+.IP "\s-1SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION\s0" 4
+.IX Item "SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION"
+Allow legacy insecure renegotiation between OpenSSL and unpatched clients or
+servers. See the \fB\s-1SECURE\s0 \s-1RENEGOTIATION\s0\fR section for more details.
+.IP "\s-1SSL_OP_LEGACY_SERVER_CONNECT\s0" 4
+.IX Item "SSL_OP_LEGACY_SERVER_CONNECT"
+Allow legacy insecure renegotiation between OpenSSL and unpatched servers
+\&\fBonly\fR: this option is currently set by default. See the
+\&\fB\s-1SECURE\s0 \s-1RENEGOTIATION\s0\fR section for more details.
+.SH "SECURE RENEGOTIATION"
+.IX Header "SECURE RENEGOTIATION"
+OpenSSL 0.9.8m and later always attempts to use secure renegotiation as
+described in \s-1RFC5746\s0. This counters the prefix attack described in
+\&\s-1CVE\-2009\-3555\s0 and elsewhere.
+.PP
+The deprecated and highly broken SSLv2 protocol does not support
+renegotiation at all: its use is \fBstrongly\fR discouraged.
+.PP
+This attack has far reaching consequences which application writers should be
+aware of. In the description below an implementation supporting secure
+renegotiation is referred to as \fIpatched\fR. A server not supporting secure
+renegotiation is referred to as \fIunpatched\fR.
+.PP
+The following sections describe the operations permitted by OpenSSL's secure
+renegotiation implementation.
+.SS "Patched client and server"
+.IX Subsection "Patched client and server"
+Connections and renegotiation are always permitted by OpenSSL implementations.
+.SS "Unpatched client and patched OpenSSL server"
+.IX Subsection "Unpatched client and patched OpenSSL server"
+The initial connection suceeds but client renegotiation is denied by the
+server with a \fBno_renegotiation\fR warning alert if \s-1TLS\s0 v1.0 is used or a fatal
+\&\fBhandshake_failure\fR alert in \s-1SSL\s0 v3.0.
+.PP
+If the patched OpenSSL server attempts to renegotiate a fatal
+\&\fBhandshake_failure\fR alert is sent. This is because the server code may be
+unaware of the unpatched nature of the client.
+.PP
+If the option \fB\s-1SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION\s0\fR is set then
+renegotiation \fBalways\fR succeeds.
+.PP
+\&\fB\s-1NB:\s0\fR a bug in OpenSSL clients earlier than 0.9.8m (all of which are
+unpatched) will result in the connection hanging if it receives a
+\&\fBno_renegotiation\fR alert. OpenSSL versions 0.9.8m and later will regard
+a \fBno_renegotiation\fR alert as fatal and respond with a fatal
+\&\fBhandshake_failure\fR alert. This is because the OpenSSL \s-1API\s0 currently has
+no provision to indicate to an application that a renegotiation attempt
+was refused.
+.SS "Patched OpenSSL client and unpatched server."
+.IX Subsection "Patched OpenSSL client and unpatched server."
+If the option \fB\s-1SSL_OP_LEGACY_SERVER_CONNECT\s0\fR or
+\&\fB\s-1SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION\s0\fR is set then initial connections
+and renegotiation between patched OpenSSL clients and unpatched servers
+succeeds. If neither option is set then initial connections to unpatched
+servers will fail.
+.PP
+The option \fB\s-1SSL_OP_LEGACY_SERVER_CONNECT\s0\fR is currently set by default even
+though it has security implications: otherwise it would be impossible to
+connect to unpatched servers (i.e. all of them initially) and this is clearly
+not acceptable. Renegotiation is permitted because this does not add any
+additional security issues: during an attack clients do not see any
+renegotiations anyway.
+.PP
+As more servers become patched the option \fB\s-1SSL_OP_LEGACY_SERVER_CONNECT\s0\fR will
+\&\fBnot\fR be set by default in a future version of OpenSSL.
+.PP
+OpenSSL client applications wishing to ensure they can connect to unpatched
+servers should always \fBset\fR \fB\s-1SSL_OP_LEGACY_SERVER_CONNECT\s0\fR
+.PP
+OpenSSL client applications that want to ensure they can \fBnot\fR connect to
+unpatched servers (and thus avoid any security issues) should always \fBclear\fR
+\&\fB\s-1SSL_OP_LEGACY_SERVER_CONNECT\s0\fR using \fISSL_CTX_clear_options()\fR or
+\&\fISSL_clear_options()\fR.
+.PP
+The difference between the \fB\s-1SSL_OP_LEGACY_SERVER_CONNECT\s0\fR and
+\&\fB\s-1SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION\s0\fR options is that
+\&\fB\s-1SSL_OP_LEGACY_SERVER_CONNECT\s0\fR enables initial connections and secure
+renegotiation between OpenSSL clients and unpatched servers \fBonly\fR, while
+\&\fB\s-1SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION\s0\fR allows initial connections
+and renegotiation between OpenSSL and unpatched clients or servers.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+\&\fISSL_CTX_set_options()\fR and \fISSL_set_options()\fR return the new options bitmask
+after adding \fBoptions\fR.
+.PP
+\&\fISSL_CTX_clear_options()\fR and \fISSL_clear_options()\fR return the new options bitmask
+after clearing \fBoptions\fR.
+.PP
+\&\fISSL_CTX_get_options()\fR and \fISSL_get_options()\fR return the current bitmask.
+.PP
+\&\fISSL_get_secure_renegotiation_support()\fR returns 1 is the peer supports
+secure renegotiation and 0 if it does not.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIssl\fR\|(3), \fISSL_new\fR\|(3), \fISSL_clear\fR\|(3),
+\&\fISSL_CTX_set_tmp_dh_callback\fR\|(3),
+\&\fISSL_CTX_set_tmp_rsa_callback\fR\|(3),
+\&\fIdhparam\fR\|(1)
+.SH "HISTORY"
+.IX Header "HISTORY"
+\&\fB\s-1SSL_OP_CIPHER_SERVER_PREFERENCE\s0\fR and
+\&\fB\s-1SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION\s0\fR have been added in
+OpenSSL 0.9.7.
+.PP
+\&\fB\s-1SSL_OP_TLS_ROLLBACK_BUG\s0\fR has been added in OpenSSL 0.9.6 and was automatically
+enabled with \fB\s-1SSL_OP_ALL\s0\fR. As of 0.9.7, it is no longer included in \fB\s-1SSL_OP_ALL\s0\fR
+and must be explicitly set.
+.PP
+\&\fB\s-1SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS\s0\fR has been added in OpenSSL 0.9.6e.
+Versions up to OpenSSL 0.9.6c do not include the countermeasure that
+can be disabled with this option (in OpenSSL 0.9.6d, it was always
+enabled).
+.PP
+\&\fISSL_CTX_clear_options()\fR and \fISSL_clear_options()\fR were first added in OpenSSL
+0.9.8m.
+.PP
+\&\fB\s-1SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION\s0\fR, \fB\s-1SSL_OP_LEGACY_SERVER_CONNECT\s0\fR
+and the function \fISSL_get_secure_renegotiation_support()\fR were first added in
+OpenSSL 0.9.8m.
diff --git a/secure/lib/libssl/man/SSL_CTX_set_quiet_shutdown.3 b/secure/lib/libssl/man/SSL_CTX_set_quiet_shutdown.3
new file mode 100644
index 0000000..c60e048
--- /dev/null
+++ b/secure/lib/libssl/man/SSL_CTX_set_quiet_shutdown.3
@@ -0,0 +1,186 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "SSL_CTX_set_quiet_shutdown 3"
+.TH SSL_CTX_set_quiet_shutdown 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+SSL_CTX_set_quiet_shutdown, SSL_CTX_get_quiet_shutdown, SSL_set_quiet_shutdown, SSL_get_quiet_shutdown \- manipulate shutdown behaviour
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/ssl.h>
+\&
+\& void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx, int mode);
+\& int SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx);
+\&
+\& void SSL_set_quiet_shutdown(SSL *ssl, int mode);
+\& int SSL_get_quiet_shutdown(const SSL *ssl);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\fISSL_CTX_set_quiet_shutdown()\fR sets the \*(L"quiet shutdown\*(R" flag for \fBctx\fR to be
+\&\fBmode\fR. \s-1SSL\s0 objects created from \fBctx\fR inherit the \fBmode\fR valid at the time
+\&\fISSL_new\fR\|(3) is called. \fBmode\fR may be 0 or 1.
+.PP
+\&\fISSL_CTX_get_quiet_shutdown()\fR returns the \*(L"quiet shutdown\*(R" setting of \fBctx\fR.
+.PP
+\&\fISSL_set_quiet_shutdown()\fR sets the \*(L"quiet shutdown\*(R" flag for \fBssl\fR to be
+\&\fBmode\fR. The setting stays valid until \fBssl\fR is removed with
+\&\fISSL_free\fR\|(3) or \fISSL_set_quiet_shutdown()\fR is called again.
+It is not changed when \fISSL_clear\fR\|(3) is called.
+\&\fBmode\fR may be 0 or 1.
+.PP
+\&\fISSL_get_quiet_shutdown()\fR returns the \*(L"quiet shutdown\*(R" setting of \fBssl\fR.
+.SH "NOTES"
+.IX Header "NOTES"
+Normally when a \s-1SSL\s0 connection is finished, the parties must send out
+\&\*(L"close notify\*(R" alert messages using \fISSL_shutdown\fR\|(3)
+for a clean shutdown.
+.PP
+When setting the \*(L"quiet shutdown\*(R" flag to 1, \fISSL_shutdown\fR\|(3)
+will set the internal flags to SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN.
+(\fISSL_shutdown\fR\|(3) then behaves like
+\&\fISSL_set_shutdown\fR\|(3) called with
+SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN.)
+The session is thus considered to be shutdown, but no \*(L"close notify\*(R" alert
+is sent to the peer. This behaviour violates the \s-1TLS\s0 standard.
+.PP
+The default is normal shutdown behaviour as described by the \s-1TLS\s0 standard.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+\&\fISSL_CTX_set_quiet_shutdown()\fR and \fISSL_set_quiet_shutdown()\fR do not return
+diagnostic information.
+.PP
+\&\fISSL_CTX_get_quiet_shutdown()\fR and SSL_get_quiet_shutdown return the current
+setting.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIssl\fR\|(3), \fISSL_shutdown\fR\|(3),
+\&\fISSL_set_shutdown\fR\|(3), \fISSL_new\fR\|(3),
+\&\fISSL_clear\fR\|(3), \fISSL_free\fR\|(3)
diff --git a/secure/lib/libssl/man/SSL_CTX_set_session_cache_mode.3 b/secure/lib/libssl/man/SSL_CTX_set_session_cache_mode.3
new file mode 100644
index 0000000..37dfbb0
--- /dev/null
+++ b/secure/lib/libssl/man/SSL_CTX_set_session_cache_mode.3
@@ -0,0 +1,245 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "SSL_CTX_set_session_cache_mode 3"
+.TH SSL_CTX_set_session_cache_mode 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+SSL_CTX_set_session_cache_mode, SSL_CTX_get_session_cache_mode \- enable/disable session caching
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/ssl.h>
+\&
+\& long SSL_CTX_set_session_cache_mode(SSL_CTX ctx, long mode);
+\& long SSL_CTX_get_session_cache_mode(SSL_CTX ctx);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\fISSL_CTX_set_session_cache_mode()\fR enables/disables session caching
+by setting the operational mode for \fBctx\fR to <mode>.
+.PP
+\&\fISSL_CTX_get_session_cache_mode()\fR returns the currently used cache mode.
+.SH "NOTES"
+.IX Header "NOTES"
+The OpenSSL library can store/retrieve \s-1SSL/TLS\s0 sessions for later reuse.
+The sessions can be held in memory for each \fBctx\fR, if more than one
+\&\s-1SSL_CTX\s0 object is being maintained, the sessions are unique for each \s-1SSL_CTX\s0
+object.
+.PP
+In order to reuse a session, a client must send the session's id to the
+server. It can only send exactly one id. The server then either
+agrees to reuse the session or it starts a full handshake (to create a new
+session).
+.PP
+A server will lookup up the session in its internal session storage. If the
+session is not found in internal storage or lookups for the internal storage
+have been deactivated (\s-1SSL_SESS_CACHE_NO_INTERNAL_LOOKUP\s0), the server will try
+the external storage if available.
+.PP
+Since a client may try to reuse a session intended for use in a different
+context, the session id context must be set by the server (see
+\&\fISSL_CTX_set_session_id_context\fR\|(3)).
+.PP
+The following session cache modes and modifiers are available:
+.IP "\s-1SSL_SESS_CACHE_OFF\s0" 4
+.IX Item "SSL_SESS_CACHE_OFF"
+No session caching for client or server takes place.
+.IP "\s-1SSL_SESS_CACHE_CLIENT\s0" 4
+.IX Item "SSL_SESS_CACHE_CLIENT"
+Client sessions are added to the session cache. As there is no reliable way
+for the OpenSSL library to know whether a session should be reused or which
+session to choose (due to the abstract \s-1BIO\s0 layer the \s-1SSL\s0 engine does not
+have details about the connection), the application must select the session
+to be reused by using the \fISSL_set_session\fR\|(3)
+function. This option is not activated by default.
+.IP "\s-1SSL_SESS_CACHE_SERVER\s0" 4
+.IX Item "SSL_SESS_CACHE_SERVER"
+Server sessions are added to the session cache. When a client proposes a
+session to be reused, the server looks for the corresponding session in (first)
+the internal session cache (unless \s-1SSL_SESS_CACHE_NO_INTERNAL_LOOKUP\s0 is set),
+then (second) in the external cache if available. If the session is found, the
+server will try to reuse the session. This is the default.
+.IP "\s-1SSL_SESS_CACHE_BOTH\s0" 4
+.IX Item "SSL_SESS_CACHE_BOTH"
+Enable both \s-1SSL_SESS_CACHE_CLIENT\s0 and \s-1SSL_SESS_CACHE_SERVER\s0 at the same time.
+.IP "\s-1SSL_SESS_CACHE_NO_AUTO_CLEAR\s0" 4
+.IX Item "SSL_SESS_CACHE_NO_AUTO_CLEAR"
+Normally the session cache is checked for expired sessions every
+255 connections using the
+\&\fISSL_CTX_flush_sessions\fR\|(3) function. Since
+this may lead to a delay which cannot be controlled, the automatic
+flushing may be disabled and
+\&\fISSL_CTX_flush_sessions\fR\|(3) can be called
+explicitly by the application.
+.IP "\s-1SSL_SESS_CACHE_NO_INTERNAL_LOOKUP\s0" 4
+.IX Item "SSL_SESS_CACHE_NO_INTERNAL_LOOKUP"
+By setting this flag, session-resume operations in an \s-1SSL/TLS\s0 server will not
+automatically look up sessions in the internal cache, even if sessions are
+automatically stored there. If external session caching callbacks are in use,
+this flag guarantees that all lookups are directed to the external cache.
+As automatic lookup only applies for \s-1SSL/TLS\s0 servers, the flag has no effect on
+clients.
+.IP "\s-1SSL_SESS_CACHE_NO_INTERNAL_STORE\s0" 4
+.IX Item "SSL_SESS_CACHE_NO_INTERNAL_STORE"
+Depending on the presence of \s-1SSL_SESS_CACHE_CLIENT\s0 and/or \s-1SSL_SESS_CACHE_SERVER\s0,
+sessions negotiated in an \s-1SSL/TLS\s0 handshake may be cached for possible reuse.
+Normally a new session is added to the internal cache as well as any external
+session caching (callback) that is configured for the \s-1SSL_CTX\s0. This flag will
+prevent sessions being stored in the internal cache (though the application can
+add them manually using \fISSL_CTX_add_session\fR\|(3)). Note:
+in any \s-1SSL/TLS\s0 servers where external caching is configured, any successful
+session lookups in the external cache (ie. for session-resume requests) would
+normally be copied into the local cache before processing continues \- this flag
+prevents these additions to the internal cache as well.
+.IP "\s-1SSL_SESS_CACHE_NO_INTERNAL\s0" 4
+.IX Item "SSL_SESS_CACHE_NO_INTERNAL"
+Enable both \s-1SSL_SESS_CACHE_NO_INTERNAL_LOOKUP\s0 and
+\&\s-1SSL_SESS_CACHE_NO_INTERNAL_STORE\s0 at the same time.
+.PP
+The default mode is \s-1SSL_SESS_CACHE_SERVER\s0.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+\&\fISSL_CTX_set_session_cache_mode()\fR returns the previously set cache mode.
+.PP
+\&\fISSL_CTX_get_session_cache_mode()\fR returns the currently set cache mode.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIssl\fR\|(3), \fISSL_set_session\fR\|(3),
+\&\fISSL_session_reused\fR\|(3),
+\&\fISSL_CTX_add_session\fR\|(3),
+\&\fISSL_CTX_sess_number\fR\|(3),
+\&\fISSL_CTX_sess_set_cache_size\fR\|(3),
+\&\fISSL_CTX_sess_set_get_cb\fR\|(3),
+\&\fISSL_CTX_set_session_id_context\fR\|(3),
+\&\fISSL_CTX_set_timeout\fR\|(3),
+\&\fISSL_CTX_flush_sessions\fR\|(3)
+.SH "HISTORY"
+.IX Header "HISTORY"
+\&\s-1SSL_SESS_CACHE_NO_INTERNAL_STORE\s0 and \s-1SSL_SESS_CACHE_NO_INTERNAL\s0
+were introduced in OpenSSL 0.9.6h.
diff --git a/secure/lib/libssl/man/SSL_CTX_set_session_id_context.3 b/secure/lib/libssl/man/SSL_CTX_set_session_id_context.3
new file mode 100644
index 0000000..20348ff
--- /dev/null
+++ b/secure/lib/libssl/man/SSL_CTX_set_session_id_context.3
@@ -0,0 +1,198 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "SSL_CTX_set_session_id_context 3"
+.TH SSL_CTX_set_session_id_context 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+SSL_CTX_set_session_id_context, SSL_set_session_id_context \- set context within which session can be reused (server side only)
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/ssl.h>
+\&
+\& int SSL_CTX_set_session_id_context(SSL_CTX *ctx, const unsigned char *sid_ctx,
+\& unsigned int sid_ctx_len);
+\& int SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx,
+\& unsigned int sid_ctx_len);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\fISSL_CTX_set_session_id_context()\fR sets the context \fBsid_ctx\fR of length
+\&\fBsid_ctx_len\fR within which a session can be reused for the \fBctx\fR object.
+.PP
+\&\fISSL_set_session_id_context()\fR sets the context \fBsid_ctx\fR of length
+\&\fBsid_ctx_len\fR within which a session can be reused for the \fBssl\fR object.
+.SH "NOTES"
+.IX Header "NOTES"
+Sessions are generated within a certain context. When exporting/importing
+sessions with \fBi2d_SSL_SESSION\fR/\fBd2i_SSL_SESSION\fR it would be possible,
+to re-import a session generated from another context (e.g. another
+application), which might lead to malfunctions. Therefore each application
+must set its own session id context \fBsid_ctx\fR which is used to distinguish
+the contexts and is stored in exported sessions. The \fBsid_ctx\fR can be
+any kind of binary data with a given length, it is therefore possible
+to use e.g. the name of the application and/or the hostname and/or service
+name ...
+.PP
+The session id context becomes part of the session. The session id context
+is set by the \s-1SSL/TLS\s0 server. The \fISSL_CTX_set_session_id_context()\fR and
+\&\fISSL_set_session_id_context()\fR functions are therefore only useful on the
+server side.
+.PP
+OpenSSL clients will check the session id context returned by the server
+when reusing a session.
+.PP
+The maximum length of the \fBsid_ctx\fR is limited to
+\&\fB\s-1SSL_MAX_SSL_SESSION_ID_LENGTH\s0\fR.
+.SH "WARNINGS"
+.IX Header "WARNINGS"
+If the session id context is not set on an \s-1SSL/TLS\s0 server and client
+certificates are used, stored sessions
+will not be reused but a fatal error will be flagged and the handshake
+will fail.
+.PP
+If a server returns a different session id context to an OpenSSL client
+when reusing a session, an error will be flagged and the handshake will
+fail. OpenSSL servers will always return the correct session id context,
+as an OpenSSL server checks the session id context itself before reusing
+a session as described above.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+\&\fISSL_CTX_set_session_id_context()\fR and \fISSL_set_session_id_context()\fR
+return the following values:
+.IP "0" 4
+The length \fBsid_ctx_len\fR of the session id context \fBsid_ctx\fR exceeded
+the maximum allowed length of \fB\s-1SSL_MAX_SSL_SESSION_ID_LENGTH\s0\fR. The error
+is logged to the error stack.
+.IP "1" 4
+.IX Item "1"
+The operation succeeded.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIssl\fR\|(3)
diff --git a/secure/lib/libssl/man/SSL_CTX_set_ssl_version.3 b/secure/lib/libssl/man/SSL_CTX_set_ssl_version.3
new file mode 100644
index 0000000..e716731
--- /dev/null
+++ b/secure/lib/libssl/man/SSL_CTX_set_ssl_version.3
@@ -0,0 +1,177 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "SSL_CTX_set_ssl_version 3"
+.TH SSL_CTX_set_ssl_version 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+SSL_CTX_set_ssl_version, SSL_set_ssl_method, SSL_get_ssl_method
+\&\- choose a new TLS/SSL method
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/ssl.h>
+\&
+\& int SSL_CTX_set_ssl_version(SSL_CTX *ctx, SSL_METHOD *method);
+\& int SSL_set_ssl_method(SSL *s, SSL_METHOD *method);
+\& SSL_METHOD *SSL_get_ssl_method(SSL *ssl);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\fISSL_CTX_set_ssl_version()\fR sets a new default \s-1TLS/SSL\s0 \fBmethod\fR for \s-1SSL\s0 objects
+newly created from this \fBctx\fR. \s-1SSL\s0 objects already created with
+\&\fISSL_new\fR\|(3) are not affected, except when
+\&\fISSL_clear\fR\|(3) is being called.
+.PP
+\&\fISSL_set_ssl_method()\fR sets a new \s-1TLS/SSL\s0 \fBmethod\fR for a particular \fBssl\fR
+object. It may be reset, when \fISSL_clear()\fR is called.
+.PP
+\&\fISSL_get_ssl_method()\fR returns a function pointer to the \s-1TLS/SSL\s0 method
+set in \fBssl\fR.
+.SH "NOTES"
+.IX Header "NOTES"
+The available \fBmethod\fR choices are described in
+\&\fISSL_CTX_new\fR\|(3).
+.PP
+When \fISSL_clear\fR\|(3) is called and no session is connected to
+an \s-1SSL\s0 object, the method of the \s-1SSL\s0 object is reset to the method currently
+set in the corresponding \s-1SSL_CTX\s0 object.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+The following return values can occur for \fISSL_CTX_set_ssl_version()\fR
+and \fISSL_set_ssl_method()\fR:
+.IP "0" 4
+The new choice failed, check the error stack to find out the reason.
+.IP "1" 4
+.IX Item "1"
+The operation succeeded.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fISSL_CTX_new\fR\|(3), \fISSL_new\fR\|(3),
+\&\fISSL_clear\fR\|(3), \fIssl\fR\|(3),
+\&\fISSL_set_connect_state\fR\|(3)
diff --git a/secure/lib/libssl/man/SSL_CTX_set_timeout.3 b/secure/lib/libssl/man/SSL_CTX_set_timeout.3
new file mode 100644
index 0000000..2144d16
--- /dev/null
+++ b/secure/lib/libssl/man/SSL_CTX_set_timeout.3
@@ -0,0 +1,182 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "SSL_CTX_set_timeout 3"
+.TH SSL_CTX_set_timeout 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+SSL_CTX_set_timeout, SSL_CTX_get_timeout \- manipulate timeout values for session caching
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/ssl.h>
+\&
+\& long SSL_CTX_set_timeout(SSL_CTX *ctx, long t);
+\& long SSL_CTX_get_timeout(SSL_CTX *ctx);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\fISSL_CTX_set_timeout()\fR sets the timeout for newly created sessions for
+\&\fBctx\fR to \fBt\fR. The timeout value \fBt\fR must be given in seconds.
+.PP
+\&\fISSL_CTX_get_timeout()\fR returns the currently set timeout value for \fBctx\fR.
+.SH "NOTES"
+.IX Header "NOTES"
+Whenever a new session is created, it is assigned a maximum lifetime. This
+lifetime is specified by storing the creation time of the session and the
+timeout value valid at this time. If the actual time is later than creation
+time plus timeout, the session is not reused.
+.PP
+Due to this realization, all sessions behave according to the timeout value
+valid at the time of the session negotiation. Changes of the timeout value
+do not affect already established sessions.
+.PP
+The expiration time of a single session can be modified using the
+\&\fISSL_SESSION_get_time\fR\|(3) family of functions.
+.PP
+Expired sessions are removed from the internal session cache, whenever
+\&\fISSL_CTX_flush_sessions\fR\|(3) is called, either
+directly by the application or automatically (see
+\&\fISSL_CTX_set_session_cache_mode\fR\|(3))
+.PP
+The default value for session timeout is decided on a per protocol
+basis, see \fISSL_get_default_timeout\fR\|(3).
+All currently supported protocols have the same default timeout value
+of 300 seconds.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+\&\fISSL_CTX_set_timeout()\fR returns the previously set timeout value.
+.PP
+\&\fISSL_CTX_get_timeout()\fR returns the currently set timeout value.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIssl\fR\|(3),
+\&\fISSL_CTX_set_session_cache_mode\fR\|(3),
+\&\fISSL_SESSION_get_time\fR\|(3),
+\&\fISSL_CTX_flush_sessions\fR\|(3),
+\&\fISSL_get_default_timeout\fR\|(3)
diff --git a/secure/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3 b/secure/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3
new file mode 100644
index 0000000..e11f10b
--- /dev/null
+++ b/secure/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3
@@ -0,0 +1,294 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "SSL_CTX_set_tmp_dh_callback 3"
+.TH SSL_CTX_set_tmp_dh_callback 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+SSL_CTX_set_tmp_dh_callback, SSL_CTX_set_tmp_dh, SSL_set_tmp_dh_callback, SSL_set_tmp_dh \- handle DH keys for ephemeral key exchange
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/ssl.h>
+\&
+\& void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx,
+\& DH *(*tmp_dh_callback)(SSL *ssl, int is_export, int keylength));
+\& long SSL_CTX_set_tmp_dh(SSL_CTX *ctx, DH *dh);
+\&
+\& void SSL_set_tmp_dh_callback(SSL_CTX *ctx,
+\& DH *(*tmp_dh_callback)(SSL *ssl, int is_export, int keylength));
+\& long SSL_set_tmp_dh(SSL *ssl, DH *dh)
+\&
+\& DH *(*tmp_dh_callback)(SSL *ssl, int is_export, int keylength));
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\fISSL_CTX_set_tmp_dh_callback()\fR sets the callback function for \fBctx\fR to be
+used when a \s-1DH\s0 parameters are required to \fBtmp_dh_callback\fR.
+The callback is inherited by all \fBssl\fR objects created from \fBctx\fR.
+.PP
+\&\fISSL_CTX_set_tmp_dh()\fR sets \s-1DH\s0 parameters to be used to be \fBdh\fR.
+The key is inherited by all \fBssl\fR objects created from \fBctx\fR.
+.PP
+\&\fISSL_set_tmp_dh_callback()\fR sets the callback only for \fBssl\fR.
+.PP
+\&\fISSL_set_tmp_dh()\fR sets the parameters only for \fBssl\fR.
+.PP
+These functions apply to \s-1SSL/TLS\s0 servers only.
+.SH "NOTES"
+.IX Header "NOTES"
+When using a cipher with \s-1RSA\s0 authentication, an ephemeral \s-1DH\s0 key exchange
+can take place. Ciphers with \s-1DSA\s0 keys always use ephemeral \s-1DH\s0 keys as well.
+In these cases, the session data are negotiated using the
+ephemeral/temporary \s-1DH\s0 key and the key supplied and certified
+by the certificate chain is only used for signing.
+Anonymous ciphers (without a permanent server key) also use ephemeral \s-1DH\s0 keys.
+.PP
+Using ephemeral \s-1DH\s0 key exchange yields forward secrecy, as the connection
+can only be decrypted, when the \s-1DH\s0 key is known. By generating a temporary
+\&\s-1DH\s0 key inside the server application that is lost when the application
+is left, it becomes impossible for an attacker to decrypt past sessions,
+even if he gets hold of the normal (certified) key, as this key was
+only used for signing.
+.PP
+In order to perform a \s-1DH\s0 key exchange the server must use a \s-1DH\s0 group
+(\s-1DH\s0 parameters) and generate a \s-1DH\s0 key. The server will always generate a new
+\&\s-1DH\s0 key during the negotiation, when the \s-1DH\s0 parameters are supplied via
+callback and/or when the \s-1SSL_OP_SINGLE_DH_USE\s0 option of
+\&\fISSL_CTX_set_options\fR\|(3) is set. It will
+immediately create a \s-1DH\s0 key, when \s-1DH\s0 parameters are supplied via
+\&\fISSL_CTX_set_tmp_dh()\fR and \s-1SSL_OP_SINGLE_DH_USE\s0 is not set. In this case,
+it may happen that a key is generated on initialization without later
+being needed, while on the other hand the computer time during the
+negotiation is being saved.
+.PP
+If \*(L"strong\*(R" primes were used to generate the \s-1DH\s0 parameters, it is not strictly
+necessary to generate a new key for each handshake but it does improve forward
+secrecy. If it is not assured, that \*(L"strong\*(R" primes were used (see especially
+the section about \s-1DSA\s0 parameters below), \s-1SSL_OP_SINGLE_DH_USE\s0 must be used
+in order to prevent small subgroup attacks. Always using \s-1SSL_OP_SINGLE_DH_USE\s0
+has an impact on the computer time needed during negotiation, but it is not
+very large, so application authors/users should consider to always enable
+this option.
+.PP
+As generating \s-1DH\s0 parameters is extremely time consuming, an application
+should not generate the parameters on the fly but supply the parameters.
+\&\s-1DH\s0 parameters can be reused, as the actual key is newly generated during
+the negotiation. The risk in reusing \s-1DH\s0 parameters is that an attacker
+may specialize on a very often used \s-1DH\s0 group. Applications should therefore
+generate their own \s-1DH\s0 parameters during the installation process using the
+openssl \fIdhparam\fR\|(1) application. In order to reduce the computer
+time needed for this generation, it is possible to use \s-1DSA\s0 parameters
+instead (see \fIdhparam\fR\|(1)), but in this case \s-1SSL_OP_SINGLE_DH_USE\s0
+is mandatory.
+.PP
+Application authors may compile in \s-1DH\s0 parameters. Files dh512.pem,
+dh1024.pem, dh2048.pem, and dh4096 in the 'apps' directory of current
+version of the OpenSSL distribution contain the '\s-1SKIP\s0' \s-1DH\s0 parameters,
+which use safe primes and were generated verifiably pseudo-randomly.
+These files can be converted into C code using the \fB\-C\fR option of the
+\&\fIdhparam\fR\|(1) application.
+Authors may also generate their own set of parameters using
+\&\fIdhparam\fR\|(1), but a user may not be sure how the parameters were
+generated. The generation of \s-1DH\s0 parameters during installation is therefore
+recommended.
+.PP
+An application may either directly specify the \s-1DH\s0 parameters or
+can supply the \s-1DH\s0 parameters via a callback function. The callback approach
+has the advantage, that the callback may supply \s-1DH\s0 parameters for different
+key lengths.
+.PP
+The \fBtmp_dh_callback\fR is called with the \fBkeylength\fR needed and
+the \fBis_export\fR information. The \fBis_export\fR flag is set, when the
+ephemeral \s-1DH\s0 key exchange is performed with an export cipher.
+.SH "EXAMPLES"
+.IX Header "EXAMPLES"
+Handle \s-1DH\s0 parameters for key lengths of 512 and 1024 bits. (Error handling
+partly left out.)
+.PP
+.Vb 5
+\& ...
+\& /* Set up ephemeral DH stuff */
+\& DH *dh_512 = NULL;
+\& DH *dh_1024 = NULL;
+\& FILE *paramfile;
+\&
+\& ...
+\& /* "openssl dhparam \-out dh_param_512.pem \-2 512" */
+\& paramfile = fopen("dh_param_512.pem", "r");
+\& if (paramfile) {
+\& dh_512 = PEM_read_DHparams(paramfile, NULL, NULL, NULL);
+\& fclose(paramfile);
+\& }
+\& /* "openssl dhparam \-out dh_param_1024.pem \-2 1024" */
+\& paramfile = fopen("dh_param_1024.pem", "r");
+\& if (paramfile) {
+\& dh_1024 = PEM_read_DHparams(paramfile, NULL, NULL, NULL);
+\& fclose(paramfile);
+\& }
+\& ...
+\&
+\& /* "openssl dhparam \-C \-2 512" etc... */
+\& DH *get_dh512() { ... }
+\& DH *get_dh1024() { ... }
+\&
+\& DH *tmp_dh_callback(SSL *s, int is_export, int keylength)
+\& {
+\& DH *dh_tmp=NULL;
+\&
+\& switch (keylength) {
+\& case 512:
+\& if (!dh_512)
+\& dh_512 = get_dh512();
+\& dh_tmp = dh_512;
+\& break;
+\& case 1024:
+\& if (!dh_1024)
+\& dh_1024 = get_dh1024();
+\& dh_tmp = dh_1024;
+\& break;
+\& default:
+\& /* Generating a key on the fly is very costly, so use what is there */
+\& setup_dh_parameters_like_above();
+\& }
+\& return(dh_tmp);
+\& }
+.Ve
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+\&\fISSL_CTX_set_tmp_dh_callback()\fR and \fISSL_set_tmp_dh_callback()\fR do not return
+diagnostic output.
+.PP
+\&\fISSL_CTX_set_tmp_dh()\fR and \fISSL_set_tmp_dh()\fR do return 1 on success and 0
+on failure. Check the error queue to find out the reason of failure.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIssl\fR\|(3), \fISSL_CTX_set_cipher_list\fR\|(3),
+\&\fISSL_CTX_set_tmp_rsa_callback\fR\|(3),
+\&\fISSL_CTX_set_options\fR\|(3),
+\&\fIciphers\fR\|(1), \fIdhparam\fR\|(1)
diff --git a/secure/lib/libssl/man/SSL_CTX_set_tmp_rsa_callback.3 b/secure/lib/libssl/man/SSL_CTX_set_tmp_rsa_callback.3
new file mode 100644
index 0000000..6a1fd71
--- /dev/null
+++ b/secure/lib/libssl/man/SSL_CTX_set_tmp_rsa_callback.3
@@ -0,0 +1,290 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "SSL_CTX_set_tmp_rsa_callback 3"
+.TH SSL_CTX_set_tmp_rsa_callback 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+SSL_CTX_set_tmp_rsa_callback, SSL_CTX_set_tmp_rsa, SSL_CTX_need_tmp_rsa, SSL_set_tmp_rsa_callback, SSL_set_tmp_rsa, SSL_need_tmp_rsa \- handle RSA keys for ephemeral key exchange
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/ssl.h>
+\&
+\& void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx,
+\& RSA *(*tmp_rsa_callback)(SSL *ssl, int is_export, int keylength));
+\& long SSL_CTX_set_tmp_rsa(SSL_CTX *ctx, RSA *rsa);
+\& long SSL_CTX_need_tmp_rsa(SSL_CTX *ctx);
+\&
+\& void SSL_set_tmp_rsa_callback(SSL_CTX *ctx,
+\& RSA *(*tmp_rsa_callback)(SSL *ssl, int is_export, int keylength));
+\& long SSL_set_tmp_rsa(SSL *ssl, RSA *rsa)
+\& long SSL_need_tmp_rsa(SSL *ssl)
+\&
+\& RSA *(*tmp_rsa_callback)(SSL *ssl, int is_export, int keylength);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\fISSL_CTX_set_tmp_rsa_callback()\fR sets the callback function for \fBctx\fR to be
+used when a temporary/ephemeral \s-1RSA\s0 key is required to \fBtmp_rsa_callback\fR.
+The callback is inherited by all \s-1SSL\s0 objects newly created from \fBctx\fR
+with <\fISSL_new\fR\|(3)|\fISSL_new\fR\|(3)>. Already created \s-1SSL\s0 objects are not affected.
+.PP
+\&\fISSL_CTX_set_tmp_rsa()\fR sets the temporary/ephemeral \s-1RSA\s0 key to be used to be
+\&\fBrsa\fR. The key is inherited by all \s-1SSL\s0 objects newly created from \fBctx\fR
+with <\fISSL_new\fR\|(3)|\fISSL_new\fR\|(3)>. Already created \s-1SSL\s0 objects are not affected.
+.PP
+\&\fISSL_CTX_need_tmp_rsa()\fR returns 1, if a temporary/ephemeral \s-1RSA\s0 key is needed
+for RSA-based strength-limited 'exportable' ciphersuites because a \s-1RSA\s0 key
+with a keysize larger than 512 bits is installed.
+.PP
+\&\fISSL_set_tmp_rsa_callback()\fR sets the callback only for \fBssl\fR.
+.PP
+\&\fISSL_set_tmp_rsa()\fR sets the key only for \fBssl\fR.
+.PP
+\&\fISSL_need_tmp_rsa()\fR returns 1, if a temporary/ephemeral \s-1RSA\s0 key is needed,
+for RSA-based strength-limited 'exportable' ciphersuites because a \s-1RSA\s0 key
+with a keysize larger than 512 bits is installed.
+.PP
+These functions apply to \s-1SSL/TLS\s0 servers only.
+.SH "NOTES"
+.IX Header "NOTES"
+When using a cipher with \s-1RSA\s0 authentication, an ephemeral \s-1RSA\s0 key exchange
+can take place. In this case the session data are negotiated using the
+ephemeral/temporary \s-1RSA\s0 key and the \s-1RSA\s0 key supplied and certified
+by the certificate chain is only used for signing.
+.PP
+Under previous export restrictions, ciphers with \s-1RSA\s0 keys shorter (512 bits)
+than the usual key length of 1024 bits were created. To use these ciphers
+with \s-1RSA\s0 keys of usual length, an ephemeral key exchange must be performed,
+as the normal (certified) key cannot be directly used.
+.PP
+Using ephemeral \s-1RSA\s0 key exchange yields forward secrecy, as the connection
+can only be decrypted, when the \s-1RSA\s0 key is known. By generating a temporary
+\&\s-1RSA\s0 key inside the server application that is lost when the application
+is left, it becomes impossible for an attacker to decrypt past sessions,
+even if he gets hold of the normal (certified) \s-1RSA\s0 key, as this key was
+used for signing only. The downside is that creating a \s-1RSA\s0 key is
+computationally expensive.
+.PP
+Additionally, the use of ephemeral \s-1RSA\s0 key exchange is only allowed in
+the \s-1TLS\s0 standard, when the \s-1RSA\s0 key can be used for signing only, that is
+for export ciphers. Using ephemeral \s-1RSA\s0 key exchange for other purposes
+violates the standard and can break interoperability with clients.
+It is therefore strongly recommended to not use ephemeral \s-1RSA\s0 key
+exchange and use \s-1EDH\s0 (Ephemeral Diffie-Hellman) key exchange instead
+in order to achieve forward secrecy (see
+\&\fISSL_CTX_set_tmp_dh_callback\fR\|(3)).
+.PP
+On OpenSSL servers ephemeral \s-1RSA\s0 key exchange is therefore disabled by default
+and must be explicitly enabled using the \s-1SSL_OP_EPHEMERAL_RSA\s0 option of
+\&\fISSL_CTX_set_options\fR\|(3), violating the \s-1TLS/SSL\s0
+standard. When ephemeral \s-1RSA\s0 key exchange is required for export ciphers,
+it will automatically be used without this option!
+.PP
+An application may either directly specify the key or can supply the key via
+a callback function. The callback approach has the advantage, that the
+callback may generate the key only in case it is actually needed. As the
+generation of a \s-1RSA\s0 key is however costly, it will lead to a significant
+delay in the handshake procedure. Another advantage of the callback function
+is that it can supply keys of different size (e.g. for \s-1SSL_OP_EPHEMERAL_RSA\s0
+usage) while the explicit setting of the key is only useful for key size of
+512 bits to satisfy the export restricted ciphers and does give away key length
+if a longer key would be allowed.
+.PP
+The \fBtmp_rsa_callback\fR is called with the \fBkeylength\fR needed and
+the \fBis_export\fR information. The \fBis_export\fR flag is set, when the
+ephemeral \s-1RSA\s0 key exchange is performed with an export cipher.
+.SH "EXAMPLES"
+.IX Header "EXAMPLES"
+Generate temporary \s-1RSA\s0 keys to prepare ephemeral \s-1RSA\s0 key exchange. As the
+generation of a \s-1RSA\s0 key costs a lot of computer time, they saved for later
+reuse. For demonstration purposes, two keys for 512 bits and 1024 bits
+respectively are generated.
+.PP
+.Vb 4
+\& ...
+\& /* Set up ephemeral RSA stuff */
+\& RSA *rsa_512 = NULL;
+\& RSA *rsa_1024 = NULL;
+\&
+\& rsa_512 = RSA_generate_key(512,RSA_F4,NULL,NULL);
+\& if (rsa_512 == NULL)
+\& evaluate_error_queue();
+\&
+\& rsa_1024 = RSA_generate_key(1024,RSA_F4,NULL,NULL);
+\& if (rsa_1024 == NULL)
+\& evaluate_error_queue();
+\&
+\& ...
+\&
+\& RSA *tmp_rsa_callback(SSL *s, int is_export, int keylength)
+\& {
+\& RSA *rsa_tmp=NULL;
+\&
+\& switch (keylength) {
+\& case 512:
+\& if (rsa_512)
+\& rsa_tmp = rsa_512;
+\& else { /* generate on the fly, should not happen in this example */
+\& rsa_tmp = RSA_generate_key(keylength,RSA_F4,NULL,NULL);
+\& rsa_512 = rsa_tmp; /* Remember for later reuse */
+\& }
+\& break;
+\& case 1024:
+\& if (rsa_1024)
+\& rsa_tmp=rsa_1024;
+\& else
+\& should_not_happen_in_this_example();
+\& break;
+\& default:
+\& /* Generating a key on the fly is very costly, so use what is there */
+\& if (rsa_1024)
+\& rsa_tmp=rsa_1024;
+\& else
+\& rsa_tmp=rsa_512; /* Use at least a shorter key */
+\& }
+\& return(rsa_tmp);
+\& }
+.Ve
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+\&\fISSL_CTX_set_tmp_rsa_callback()\fR and \fISSL_set_tmp_rsa_callback()\fR do not return
+diagnostic output.
+.PP
+\&\fISSL_CTX_set_tmp_rsa()\fR and \fISSL_set_tmp_rsa()\fR do return 1 on success and 0
+on failure. Check the error queue to find out the reason of failure.
+.PP
+\&\fISSL_CTX_need_tmp_rsa()\fR and \fISSL_need_tmp_rsa()\fR return 1 if a temporary
+\&\s-1RSA\s0 key is needed and 0 otherwise.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIssl\fR\|(3), \fISSL_CTX_set_cipher_list\fR\|(3),
+\&\fISSL_CTX_set_options\fR\|(3),
+\&\fISSL_CTX_set_tmp_dh_callback\fR\|(3),
+\&\fISSL_new\fR\|(3), \fIciphers\fR\|(1)
diff --git a/secure/lib/libssl/man/SSL_CTX_set_verify.3 b/secure/lib/libssl/man/SSL_CTX_set_verify.3
new file mode 100644
index 0000000..1971e21
--- /dev/null
+++ b/secure/lib/libssl/man/SSL_CTX_set_verify.3
@@ -0,0 +1,409 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "SSL_CTX_set_verify 3"
+.TH SSL_CTX_set_verify 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+SSL_CTX_set_verify, SSL_set_verify, SSL_CTX_set_verify_depth, SSL_set_verify_depth \- set peer certificate verification parameters
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/ssl.h>
+\&
+\& void SSL_CTX_set_verify(SSL_CTX *ctx, int mode,
+\& int (*verify_callback)(int, X509_STORE_CTX *));
+\& void SSL_set_verify(SSL *s, int mode,
+\& int (*verify_callback)(int, X509_STORE_CTX *));
+\& void SSL_CTX_set_verify_depth(SSL_CTX *ctx,int depth);
+\& void SSL_set_verify_depth(SSL *s, int depth);
+\&
+\& int verify_callback(int preverify_ok, X509_STORE_CTX *x509_ctx);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\fISSL_CTX_set_verify()\fR sets the verification flags for \fBctx\fR to be \fBmode\fR and
+specifies the \fBverify_callback\fR function to be used. If no callback function
+shall be specified, the \s-1NULL\s0 pointer can be used for \fBverify_callback\fR.
+.PP
+\&\fISSL_set_verify()\fR sets the verification flags for \fBssl\fR to be \fBmode\fR and
+specifies the \fBverify_callback\fR function to be used. If no callback function
+shall be specified, the \s-1NULL\s0 pointer can be used for \fBverify_callback\fR. In
+this case last \fBverify_callback\fR set specifically for this \fBssl\fR remains. If
+no special \fBcallback\fR was set before, the default callback for the underlying
+\&\fBctx\fR is used, that was valid at the time \fBssl\fR was created with
+\&\fISSL_new\fR\|(3).
+.PP
+\&\fISSL_CTX_set_verify_depth()\fR sets the maximum \fBdepth\fR for the certificate chain
+verification that shall be allowed for \fBctx\fR. (See the \s-1BUGS\s0 section.)
+.PP
+\&\fISSL_set_verify_depth()\fR sets the maximum \fBdepth\fR for the certificate chain
+verification that shall be allowed for \fBssl\fR. (See the \s-1BUGS\s0 section.)
+.SH "NOTES"
+.IX Header "NOTES"
+The verification of certificates can be controlled by a set of logically
+or'ed \fBmode\fR flags:
+.IP "\s-1SSL_VERIFY_NONE\s0" 4
+.IX Item "SSL_VERIFY_NONE"
+\&\fBServer mode:\fR the server will not send a client certificate request to the
+client, so the client will not send a certificate.
+.Sp
+\&\fBClient mode:\fR if not using an anonymous cipher (by default disabled), the
+server will send a certificate which will be checked. The result of the
+certificate verification process can be checked after the \s-1TLS/SSL\s0 handshake
+using the \fISSL_get_verify_result\fR\|(3) function.
+The handshake will be continued regardless of the verification result.
+.IP "\s-1SSL_VERIFY_PEER\s0" 4
+.IX Item "SSL_VERIFY_PEER"
+\&\fBServer mode:\fR the server sends a client certificate request to the client.
+The certificate returned (if any) is checked. If the verification process
+fails, the \s-1TLS/SSL\s0 handshake is
+immediately terminated with an alert message containing the reason for
+the verification failure.
+The behaviour can be controlled by the additional
+\&\s-1SSL_VERIFY_FAIL_IF_NO_PEER_CERT\s0 and \s-1SSL_VERIFY_CLIENT_ONCE\s0 flags.
+.Sp
+\&\fBClient mode:\fR the server certificate is verified. If the verification process
+fails, the \s-1TLS/SSL\s0 handshake is
+immediately terminated with an alert message containing the reason for
+the verification failure. If no server certificate is sent, because an
+anonymous cipher is used, \s-1SSL_VERIFY_PEER\s0 is ignored.
+.IP "\s-1SSL_VERIFY_FAIL_IF_NO_PEER_CERT\s0" 4
+.IX Item "SSL_VERIFY_FAIL_IF_NO_PEER_CERT"
+\&\fBServer mode:\fR if the client did not return a certificate, the \s-1TLS/SSL\s0
+handshake is immediately terminated with a \*(L"handshake failure\*(R" alert.
+This flag must be used together with \s-1SSL_VERIFY_PEER\s0.
+.Sp
+\&\fBClient mode:\fR ignored
+.IP "\s-1SSL_VERIFY_CLIENT_ONCE\s0" 4
+.IX Item "SSL_VERIFY_CLIENT_ONCE"
+\&\fBServer mode:\fR only request a client certificate on the initial \s-1TLS/SSL\s0
+handshake. Do not ask for a client certificate again in case of a
+renegotiation. This flag must be used together with \s-1SSL_VERIFY_PEER\s0.
+.Sp
+\&\fBClient mode:\fR ignored
+.PP
+Exactly one of the \fBmode\fR flags \s-1SSL_VERIFY_NONE\s0 and \s-1SSL_VERIFY_PEER\s0 must be
+set at any time.
+.PP
+The actual verification procedure is performed either using the built-in
+verification procedure or using another application provided verification
+function set with
+\&\fISSL_CTX_set_cert_verify_callback\fR\|(3).
+The following descriptions apply in the case of the built-in procedure. An
+application provided procedure also has access to the verify depth information
+and the \fIverify_callback()\fR function, but the way this information is used
+may be different.
+.PP
+\&\fISSL_CTX_set_verify_depth()\fR and \fISSL_set_verify_depth()\fR set the limit up
+to which depth certificates in a chain are used during the verification
+procedure. If the certificate chain is longer than allowed, the certificates
+above the limit are ignored. Error messages are generated as if these
+certificates would not be present, most likely a
+X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY will be issued.
+The depth count is \*(L"level 0:peer certificate\*(R", \*(L"level 1: \s-1CA\s0 certificate\*(R",
+\&\*(L"level 2: higher level \s-1CA\s0 certificate\*(R", and so on. Setting the maximum
+depth to 2 allows the levels 0, 1, and 2. The default depth limit is 9,
+allowing for the peer certificate and additional 9 \s-1CA\s0 certificates.
+.PP
+The \fBverify_callback\fR function is used to control the behaviour when the
+\&\s-1SSL_VERIFY_PEER\s0 flag is set. It must be supplied by the application and
+receives two arguments: \fBpreverify_ok\fR indicates, whether the verification of
+the certificate in question was passed (preverify_ok=1) or not
+(preverify_ok=0). \fBx509_ctx\fR is a pointer to the complete context used
+for the certificate chain verification.
+.PP
+The certificate chain is checked starting with the deepest nesting level
+(the root \s-1CA\s0 certificate) and worked upward to the peer's certificate.
+At each level signatures and issuer attributes are checked. Whenever
+a verification error is found, the error number is stored in \fBx509_ctx\fR
+and \fBverify_callback\fR is called with \fBpreverify_ok\fR=0. By applying
+X509_CTX_store_* functions \fBverify_callback\fR can locate the certificate
+in question and perform additional steps (see \s-1EXAMPLES\s0). If no error is
+found for a certificate, \fBverify_callback\fR is called with \fBpreverify_ok\fR=1
+before advancing to the next level.
+.PP
+The return value of \fBverify_callback\fR controls the strategy of the further
+verification process. If \fBverify_callback\fR returns 0, the verification
+process is immediately stopped with \*(L"verification failed\*(R" state. If
+\&\s-1SSL_VERIFY_PEER\s0 is set, a verification failure alert is sent to the peer and
+the \s-1TLS/SSL\s0 handshake is terminated. If \fBverify_callback\fR returns 1,
+the verification process is continued. If \fBverify_callback\fR always returns
+1, the \s-1TLS/SSL\s0 handshake will not be terminated with respect to verification
+failures and the connection will be established. The calling process can
+however retrieve the error code of the last verification error using
+\&\fISSL_get_verify_result\fR\|(3) or by maintaining its
+own error storage managed by \fBverify_callback\fR.
+.PP
+If no \fBverify_callback\fR is specified, the default callback will be used.
+Its return value is identical to \fBpreverify_ok\fR, so that any verification
+failure will lead to a termination of the \s-1TLS/SSL\s0 handshake with an
+alert message, if \s-1SSL_VERIFY_PEER\s0 is set.
+.SH "BUGS"
+.IX Header "BUGS"
+In client mode, it is not checked whether the \s-1SSL_VERIFY_PEER\s0 flag
+is set, but whether \s-1SSL_VERIFY_NONE\s0 is not set. This can lead to
+unexpected behaviour, if the \s-1SSL_VERIFY_PEER\s0 and \s-1SSL_VERIFY_NONE\s0 are not
+used as required (exactly one must be set at any time).
+.PP
+The certificate verification depth set with SSL[_CTX]\fI_verify_depth()\fR
+stops the verification at a certain depth. The error message produced
+will be that of an incomplete certificate chain and not
+X509_V_ERR_CERT_CHAIN_TOO_LONG as may be expected.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+The SSL*_set_verify*() functions do not provide diagnostic information.
+.SH "EXAMPLES"
+.IX Header "EXAMPLES"
+The following code sequence realizes an example \fBverify_callback\fR function
+that will always continue the \s-1TLS/SSL\s0 handshake regardless of verification
+failure, if wished. The callback realizes a verification depth limit with
+more informational output.
+.PP
+All verification errors are printed, informations about the certificate chain
+are printed on request.
+The example is realized for a server that does allow but not require client
+certificates.
+.PP
+The example makes use of the ex_data technique to store application data
+into/retrieve application data from the \s-1SSL\s0 structure
+(see \fISSL_get_ex_new_index\fR\|(3),
+\&\fISSL_get_ex_data_X509_STORE_CTX_idx\fR\|(3)).
+.PP
+.Vb 10
+\& ...
+\& typedef struct {
+\& int verbose_mode;
+\& int verify_depth;
+\& int always_continue;
+\& } mydata_t;
+\& int mydata_index;
+\& ...
+\& static int verify_callback(int preverify_ok, X509_STORE_CTX *ctx)
+\& {
+\& char buf[256];
+\& X509 *err_cert;
+\& int err, depth;
+\& SSL *ssl;
+\& mydata_t *mydata;
+\&
+\& err_cert = X509_STORE_CTX_get_current_cert(ctx);
+\& err = X509_STORE_CTX_get_error(ctx);
+\& depth = X509_STORE_CTX_get_error_depth(ctx);
+\&
+\& /*
+\& * Retrieve the pointer to the SSL of the connection currently treated
+\& * and the application specific data stored into the SSL object.
+\& */
+\& ssl = X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx());
+\& mydata = SSL_get_ex_data(ssl, mydata_index);
+\&
+\& X509_NAME_oneline(X509_get_subject_name(err_cert), buf, 256);
+\&
+\& /*
+\& * Catch a too long certificate chain. The depth limit set using
+\& * SSL_CTX_set_verify_depth() is by purpose set to "limit+1" so
+\& * that whenever the "depth>verify_depth" condition is met, we
+\& * have violated the limit and want to log this error condition.
+\& * We must do it here, because the CHAIN_TOO_LONG error would not
+\& * be found explicitly; only errors introduced by cutting off the
+\& * additional certificates would be logged.
+\& */
+\& if (depth > mydata\->verify_depth) {
+\& preverify_ok = 0;
+\& err = X509_V_ERR_CERT_CHAIN_TOO_LONG;
+\& X509_STORE_CTX_set_error(ctx, err);
+\& }
+\& if (!preverify_ok) {
+\& printf("verify error:num=%d:%s:depth=%d:%s\en", err,
+\& X509_verify_cert_error_string(err), depth, buf);
+\& }
+\& else if (mydata\->verbose_mode)
+\& {
+\& printf("depth=%d:%s\en", depth, buf);
+\& }
+\&
+\& /*
+\& * At this point, err contains the last verification error. We can use
+\& * it for something special
+\& */
+\& if (!preverify_ok && (err == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT))
+\& {
+\& X509_NAME_oneline(X509_get_issuer_name(ctx\->current_cert), buf, 256);
+\& printf("issuer= %s\en", buf);
+\& }
+\&
+\& if (mydata\->always_continue)
+\& return 1;
+\& else
+\& return preverify_ok;
+\& }
+\& ...
+\&
+\& mydata_t mydata;
+\&
+\& ...
+\& mydata_index = SSL_get_ex_new_index(0, "mydata index", NULL, NULL, NULL);
+\&
+\& ...
+\& SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER|SSL_VERIFY_CLIENT_ONCE,
+\& verify_callback);
+\&
+\& /*
+\& * Let the verify_callback catch the verify_depth error so that we get
+\& * an appropriate error in the logfile.
+\& */
+\& SSL_CTX_set_verify_depth(verify_depth + 1);
+\&
+\& /*
+\& * Set up the SSL specific data into "mydata" and store it into th SSL
+\& * structure.
+\& */
+\& mydata.verify_depth = verify_depth; ...
+\& SSL_set_ex_data(ssl, mydata_index, &mydata);
+\&
+\& ...
+\& SSL_accept(ssl); /* check of success left out for clarity */
+\& if (peer = SSL_get_peer_certificate(ssl))
+\& {
+\& if (SSL_get_verify_result(ssl) == X509_V_OK)
+\& {
+\& /* The client sent a certificate which verified OK */
+\& }
+\& }
+.Ve
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIssl\fR\|(3), \fISSL_new\fR\|(3),
+\&\fISSL_CTX_get_verify_mode\fR\|(3),
+\&\fISSL_get_verify_result\fR\|(3),
+\&\fISSL_CTX_load_verify_locations\fR\|(3),
+\&\fISSL_get_peer_certificate\fR\|(3),
+\&\fISSL_CTX_set_cert_verify_callback\fR\|(3),
+\&\fISSL_get_ex_data_X509_STORE_CTX_idx\fR\|(3),
+\&\fISSL_get_ex_new_index\fR\|(3)
diff --git a/secure/lib/libssl/man/SSL_CTX_use_certificate.3 b/secure/lib/libssl/man/SSL_CTX_use_certificate.3
new file mode 100644
index 0000000..358dd6c
--- /dev/null
+++ b/secure/lib/libssl/man/SSL_CTX_use_certificate.3
@@ -0,0 +1,290 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "SSL_CTX_use_certificate 3"
+.TH SSL_CTX_use_certificate 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+SSL_CTX_use_certificate, SSL_CTX_use_certificate_ASN1, SSL_CTX_use_certificate_file, SSL_use_certificate, SSL_use_certificate_ASN1, SSL_use_certificate_file, SSL_CTX_use_certificate_chain_file, SSL_CTX_use_PrivateKey, SSL_CTX_use_PrivateKey_ASN1, SSL_CTX_use_PrivateKey_file, SSL_CTX_use_RSAPrivateKey, SSL_CTX_use_RSAPrivateKey_ASN1, SSL_CTX_use_RSAPrivateKey_file, SSL_use_PrivateKey_file, SSL_use_PrivateKey_ASN1, SSL_use_PrivateKey, SSL_use_RSAPrivateKey, SSL_use_RSAPrivateKey_ASN1, SSL_use_RSAPrivateKey_file, SSL_CTX_check_private_key, SSL_check_private_key \- load certificate and key data
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/ssl.h>
+\&
+\& int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x);
+\& int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, unsigned char *d);
+\& int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type);
+\& int SSL_use_certificate(SSL *ssl, X509 *x);
+\& int SSL_use_certificate_ASN1(SSL *ssl, unsigned char *d, int len);
+\& int SSL_use_certificate_file(SSL *ssl, const char *file, int type);
+\&
+\& int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file);
+\&
+\& int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey);
+\& int SSL_CTX_use_PrivateKey_ASN1(int pk, SSL_CTX *ctx, unsigned char *d,
+\& long len);
+\& int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type);
+\& int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa);
+\& int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, unsigned char *d, long len);
+\& int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type);
+\& int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey);
+\& int SSL_use_PrivateKey_ASN1(int pk,SSL *ssl, unsigned char *d, long len);
+\& int SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type);
+\& int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa);
+\& int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len);
+\& int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type);
+\&
+\& int SSL_CTX_check_private_key(const SSL_CTX *ctx);
+\& int SSL_check_private_key(const SSL *ssl);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+These functions load the certificates and private keys into the \s-1SSL_CTX\s0
+or \s-1SSL\s0 object, respectively.
+.PP
+The SSL_CTX_* class of functions loads the certificates and keys into the
+\&\s-1SSL_CTX\s0 object \fBctx\fR. The information is passed to \s-1SSL\s0 objects \fBssl\fR
+created from \fBctx\fR with \fISSL_new\fR\|(3) by copying, so that
+changes applied to \fBctx\fR do not propagate to already existing \s-1SSL\s0 objects.
+.PP
+The SSL_* class of functions only loads certificates and keys into a
+specific \s-1SSL\s0 object. The specific information is kept, when
+\&\fISSL_clear\fR\|(3) is called for this \s-1SSL\s0 object.
+.PP
+\&\fISSL_CTX_use_certificate()\fR loads the certificate \fBx\fR into \fBctx\fR,
+\&\fISSL_use_certificate()\fR loads \fBx\fR into \fBssl\fR. The rest of the
+certificates needed to form the complete certificate chain can be
+specified using the
+\&\fISSL_CTX_add_extra_chain_cert\fR\|(3)
+function.
+.PP
+\&\fISSL_CTX_use_certificate_ASN1()\fR loads the \s-1ASN1\s0 encoded certificate from
+the memory location \fBd\fR (with length \fBlen\fR) into \fBctx\fR,
+\&\fISSL_use_certificate_ASN1()\fR loads the \s-1ASN1\s0 encoded certificate into \fBssl\fR.
+.PP
+\&\fISSL_CTX_use_certificate_file()\fR loads the first certificate stored in \fBfile\fR
+into \fBctx\fR. The formatting \fBtype\fR of the certificate must be specified
+from the known types \s-1SSL_FILETYPE_PEM\s0, \s-1SSL_FILETYPE_ASN1\s0.
+\&\fISSL_use_certificate_file()\fR loads the certificate from \fBfile\fR into \fBssl\fR.
+See the \s-1NOTES\s0 section on why \fISSL_CTX_use_certificate_chain_file()\fR
+should be preferred.
+.PP
+\&\fISSL_CTX_use_certificate_chain_file()\fR loads a certificate chain from
+\&\fBfile\fR into \fBctx\fR. The certificates must be in \s-1PEM\s0 format and must
+be sorted starting with the subject's certificate (actual client or server
+certificate), followed by intermediate \s-1CA\s0 certificates if applicable, and
+ending at the highest level (root) \s-1CA\s0.
+There is no corresponding function working on a single \s-1SSL\s0 object.
+.PP
+\&\fISSL_CTX_use_PrivateKey()\fR adds \fBpkey\fR as private key to \fBctx\fR.
+\&\fISSL_CTX_use_RSAPrivateKey()\fR adds the private key \fBrsa\fR of type \s-1RSA\s0
+to \fBctx\fR. \fISSL_use_PrivateKey()\fR adds \fBpkey\fR as private key to \fBssl\fR;
+\&\fISSL_use_RSAPrivateKey()\fR adds \fBrsa\fR as private key of type \s-1RSA\s0 to \fBssl\fR.
+If a certificate has already been set and the private does not belong
+to the certificate an error is returned. To change a certificate, private
+key pair the new certificate needs to be set with \fISSL_use_certificate()\fR
+or \fISSL_CTX_use_certificate()\fR before setting the private key with
+\&\fISSL_CTX_use_PrivateKey()\fR or \fISSL_use_PrivateKey()\fR.
+.PP
+\&\fISSL_CTX_use_PrivateKey_ASN1()\fR adds the private key of type \fBpk\fR
+stored at memory location \fBd\fR (length \fBlen\fR) to \fBctx\fR.
+\&\fISSL_CTX_use_RSAPrivateKey_ASN1()\fR adds the private key of type \s-1RSA\s0
+stored at memory location \fBd\fR (length \fBlen\fR) to \fBctx\fR.
+\&\fISSL_use_PrivateKey_ASN1()\fR and \fISSL_use_RSAPrivateKey_ASN1()\fR add the private
+key to \fBssl\fR.
+.PP
+\&\fISSL_CTX_use_PrivateKey_file()\fR adds the first private key found in
+\&\fBfile\fR to \fBctx\fR. The formatting \fBtype\fR of the certificate must be specified
+from the known types \s-1SSL_FILETYPE_PEM\s0, \s-1SSL_FILETYPE_ASN1\s0.
+\&\fISSL_CTX_use_RSAPrivateKey_file()\fR adds the first private \s-1RSA\s0 key found in
+\&\fBfile\fR to \fBctx\fR. \fISSL_use_PrivateKey_file()\fR adds the first private key found
+in \fBfile\fR to \fBssl\fR; \fISSL_use_RSAPrivateKey_file()\fR adds the first private
+\&\s-1RSA\s0 key found to \fBssl\fR.
+.PP
+\&\fISSL_CTX_check_private_key()\fR checks the consistency of a private key with
+the corresponding certificate loaded into \fBctx\fR. If more than one
+key/certificate pair (\s-1RSA/DSA\s0) is installed, the last item installed will
+be checked. If e.g. the last item was a \s-1RSA\s0 certificate or key, the \s-1RSA\s0
+key/certificate pair will be checked. \fISSL_check_private_key()\fR performs
+the same check for \fBssl\fR. If no key/certificate was explicitly added for
+this \fBssl\fR, the last item added into \fBctx\fR will be checked.
+.SH "NOTES"
+.IX Header "NOTES"
+The internal certificate store of OpenSSL can hold two private key/certificate
+pairs at a time: one key/certificate of type \s-1RSA\s0 and one key/certificate
+of type \s-1DSA\s0. The certificate used depends on the cipher select, see
+also \fISSL_CTX_set_cipher_list\fR\|(3).
+.PP
+When reading certificates and private keys from file, files of type
+\&\s-1SSL_FILETYPE_ASN1\s0 (also known as \fB\s-1DER\s0\fR, binary encoding) can only contain
+one certificate or private key, consequently
+\&\fISSL_CTX_use_certificate_chain_file()\fR is only applicable to \s-1PEM\s0 formatting.
+Files of type \s-1SSL_FILETYPE_PEM\s0 can contain more than one item.
+.PP
+\&\fISSL_CTX_use_certificate_chain_file()\fR adds the first certificate found
+in the file to the certificate store. The other certificates are added
+to the store of chain certificates using
+\&\fISSL_CTX_add_extra_chain_cert\fR\|(3).
+There exists only one extra chain store, so that the same chain is appended
+to both types of certificates, \s-1RSA\s0 and \s-1DSA\s0! If it is not intended to use
+both type of certificate at the same time, it is recommended to use the
+\&\fISSL_CTX_use_certificate_chain_file()\fR instead of the
+\&\fISSL_CTX_use_certificate_file()\fR function in order to allow the use of
+complete certificate chains even when no trusted \s-1CA\s0 storage is used or
+when the \s-1CA\s0 issuing the certificate shall not be added to the trusted
+\&\s-1CA\s0 storage.
+.PP
+If additional certificates are needed to complete the chain during the
+\&\s-1TLS\s0 negotiation, \s-1CA\s0 certificates are additionally looked up in the
+locations of trusted \s-1CA\s0 certificates, see
+\&\fISSL_CTX_load_verify_locations\fR\|(3).
+.PP
+The private keys loaded from file can be encrypted. In order to successfully
+load encrypted keys, a function returning the passphrase must have been
+supplied, see
+\&\fISSL_CTX_set_default_passwd_cb\fR\|(3).
+(Certificate files might be encrypted as well from the technical point
+of view, it however does not make sense as the data in the certificate
+is considered public anyway.)
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+On success, the functions return 1.
+Otherwise check out the error stack to find out the reason.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIssl\fR\|(3), \fISSL_new\fR\|(3), \fISSL_clear\fR\|(3),
+\&\fISSL_CTX_load_verify_locations\fR\|(3),
+\&\fISSL_CTX_set_default_passwd_cb\fR\|(3),
+\&\fISSL_CTX_set_cipher_list\fR\|(3),
+\&\fISSL_CTX_set_client_cert_cb\fR\|(3),
+\&\fISSL_CTX_add_extra_chain_cert\fR\|(3)
+.SH "HISTORY"
+.IX Header "HISTORY"
+Support for \s-1DER\s0 encoded private keys (\s-1SSL_FILETYPE_ASN1\s0) in
+\&\fISSL_CTX_use_PrivateKey_file()\fR and \fISSL_use_PrivateKey_file()\fR was added
+in 0.9.8 .
diff --git a/secure/lib/libssl/man/SSL_SESSION_free.3 b/secure/lib/libssl/man/SSL_SESSION_free.3
new file mode 100644
index 0000000..64d9b84
--- /dev/null
+++ b/secure/lib/libssl/man/SSL_SESSION_free.3
@@ -0,0 +1,178 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "SSL_SESSION_free 3"
+.TH SSL_SESSION_free 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+SSL_SESSION_free \- free an allocated SSL_SESSION structure
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/ssl.h>
+\&
+\& void SSL_SESSION_free(SSL_SESSION *session);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\fISSL_SESSION_free()\fR decrements the reference count of \fBsession\fR and removes
+the \fB\s-1SSL_SESSION\s0\fR structure pointed to by \fBsession\fR and frees up the allocated
+memory, if the reference count has reached 0.
+.SH "NOTES"
+.IX Header "NOTES"
+\&\s-1SSL_SESSION\s0 objects are allocated, when a \s-1TLS/SSL\s0 handshake operation
+is successfully completed. Depending on the settings, see
+\&\fISSL_CTX_set_session_cache_mode\fR\|(3),
+the \s-1SSL_SESSION\s0 objects are internally referenced by the \s-1SSL_CTX\s0 and
+linked into its session cache. \s-1SSL\s0 objects may be using the \s-1SSL_SESSION\s0 object;
+as a session may be reused, several \s-1SSL\s0 objects may be using one \s-1SSL_SESSION\s0
+object at the same time. It is therefore crucial to keep the reference
+count (usage information) correct and not delete a \s-1SSL_SESSION\s0 object
+that is still used, as this may lead to program failures due to
+dangling pointers. These failures may also appear delayed, e.g.
+when an \s-1SSL_SESSION\s0 object was completely freed as the reference count
+incorrectly became 0, but it is still referenced in the internal
+session cache and the cache list is processed during a
+\&\fISSL_CTX_flush_sessions\fR\|(3) operation.
+.PP
+\&\fISSL_SESSION_free()\fR must only be called for \s-1SSL_SESSION\s0 objects, for
+which the reference count was explicitly incremented (e.g.
+by calling \fISSL_get1_session()\fR, see \fISSL_get_session\fR\|(3))
+or when the \s-1SSL_SESSION\s0 object was generated outside a \s-1TLS\s0 handshake
+operation, e.g. by using \fId2i_SSL_SESSION\fR\|(3).
+It must not be called on other \s-1SSL_SESSION\s0 objects, as this would cause
+incorrect reference counts and therefore program failures.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+\&\fISSL_SESSION_free()\fR does not provide diagnostic information.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIssl\fR\|(3), \fISSL_get_session\fR\|(3),
+\&\fISSL_CTX_set_session_cache_mode\fR\|(3),
+\&\fISSL_CTX_flush_sessions\fR\|(3),
+ \fId2i_SSL_SESSION\fR\|(3)
diff --git a/secure/lib/libssl/man/SSL_SESSION_get_ex_new_index.3 b/secure/lib/libssl/man/SSL_SESSION_get_ex_new_index.3
new file mode 100644
index 0000000..553e43c
--- /dev/null
+++ b/secure/lib/libssl/man/SSL_SESSION_get_ex_new_index.3
@@ -0,0 +1,185 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "SSL_SESSION_get_ex_new_index 3"
+.TH SSL_SESSION_get_ex_new_index 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+SSL_SESSION_get_ex_new_index, SSL_SESSION_set_ex_data, SSL_SESSION_get_ex_data \- internal application specific data functions
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/ssl.h>
+\&
+\& int SSL_SESSION_get_ex_new_index(long argl, void *argp,
+\& CRYPTO_EX_new *new_func,
+\& CRYPTO_EX_dup *dup_func,
+\& CRYPTO_EX_free *free_func);
+\&
+\& int SSL_SESSION_set_ex_data(SSL_SESSION *session, int idx, void *arg);
+\&
+\& void *SSL_SESSION_get_ex_data(const SSL_SESSION *session, int idx);
+\&
+\& typedef int new_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad,
+\& int idx, long argl, void *argp);
+\& typedef void free_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad,
+\& int idx, long argl, void *argp);
+\& typedef int dup_func(CRYPTO_EX_DATA *to, CRYPTO_EX_DATA *from, void *from_d,
+\& int idx, long argl, void *argp);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+Several OpenSSL structures can have application specific data attached to them.
+These functions are used internally by OpenSSL to manipulate application
+specific data attached to a specific structure.
+.PP
+\&\fISSL_SESSION_get_ex_new_index()\fR is used to register a new index for application
+specific data.
+.PP
+\&\fISSL_SESSION_set_ex_data()\fR is used to store application data at \fBarg\fR for \fBidx\fR
+into the \fBsession\fR object.
+.PP
+\&\fISSL_SESSION_get_ex_data()\fR is used to retrieve the information for \fBidx\fR from
+\&\fBsession\fR.
+.PP
+A detailed description for the \fB*\f(BI_get_ex_new_index()\fB\fR functionality
+can be found in \fIRSA_get_ex_new_index\fR\|(3).
+The \fB*\f(BI_get_ex_data()\fB\fR and \fB*\f(BI_set_ex_data()\fB\fR functionality is described in
+\&\fICRYPTO_set_ex_data\fR\|(3).
+.SH "WARNINGS"
+.IX Header "WARNINGS"
+The application data is only maintained for sessions held in memory. The
+application data is not included when dumping the session with
+\&\fIi2d_SSL_SESSION()\fR (and all functions indirectly calling the dump functions
+like \fIPEM_write_SSL_SESSION()\fR and \fIPEM_write_bio_SSL_SESSION()\fR) and can
+therefore not be restored.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIssl\fR\|(3),
+\&\fIRSA_get_ex_new_index\fR\|(3),
+\&\fICRYPTO_set_ex_data\fR\|(3)
diff --git a/secure/lib/libssl/man/SSL_SESSION_get_time.3 b/secure/lib/libssl/man/SSL_SESSION_get_time.3
new file mode 100644
index 0000000..bdbbb7a
--- /dev/null
+++ b/secure/lib/libssl/man/SSL_SESSION_get_time.3
@@ -0,0 +1,187 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "SSL_SESSION_get_time 3"
+.TH SSL_SESSION_get_time 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+SSL_SESSION_get_time, SSL_SESSION_set_time, SSL_SESSION_get_timeout, SSL_SESSION_set_timeout \- retrieve and manipulate session time and timeout settings
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/ssl.h>
+\&
+\& long SSL_SESSION_get_time(const SSL_SESSION *s);
+\& long SSL_SESSION_set_time(SSL_SESSION *s, long tm);
+\& long SSL_SESSION_get_timeout(const SSL_SESSION *s);
+\& long SSL_SESSION_set_timeout(SSL_SESSION *s, long tm);
+\&
+\& long SSL_get_time(const SSL_SESSION *s);
+\& long SSL_set_time(SSL_SESSION *s, long tm);
+\& long SSL_get_timeout(const SSL_SESSION *s);
+\& long SSL_set_timeout(SSL_SESSION *s, long tm);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\fISSL_SESSION_get_time()\fR returns the time at which the session \fBs\fR was
+established. The time is given in seconds since the Epoch and therefore
+compatible to the time delivered by the \fItime()\fR call.
+.PP
+\&\fISSL_SESSION_set_time()\fR replaces the creation time of the session \fBs\fR with
+the chosen value \fBtm\fR.
+.PP
+\&\fISSL_SESSION_get_timeout()\fR returns the timeout value set for session \fBs\fR
+in seconds.
+.PP
+\&\fISSL_SESSION_set_timeout()\fR sets the timeout value for session \fBs\fR in seconds
+to \fBtm\fR.
+.PP
+The \fISSL_get_time()\fR, \fISSL_set_time()\fR, \fISSL_get_timeout()\fR, and \fISSL_set_timeout()\fR
+functions are synonyms for the SSL_SESSION_*() counterparts.
+.SH "NOTES"
+.IX Header "NOTES"
+Sessions are expired by examining the creation time and the timeout value.
+Both are set at creation time of the session to the actual time and the
+default timeout value at creation, respectively, as set by
+\&\fISSL_CTX_set_timeout\fR\|(3).
+Using these functions it is possible to extend or shorten the lifetime
+of the session.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+\&\fISSL_SESSION_get_time()\fR and \fISSL_SESSION_get_timeout()\fR return the currently
+valid values.
+.PP
+\&\fISSL_SESSION_set_time()\fR and \fISSL_SESSION_set_timeout()\fR return 1 on success.
+.PP
+If any of the function is passed the \s-1NULL\s0 pointer for the session \fBs\fR,
+0 is returned.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIssl\fR\|(3),
+\&\fISSL_CTX_set_timeout\fR\|(3),
+\&\fISSL_get_default_timeout\fR\|(3)
diff --git a/secure/lib/libssl/man/SSL_accept.3 b/secure/lib/libssl/man/SSL_accept.3
new file mode 100644
index 0000000..0c3a6d5
--- /dev/null
+++ b/secure/lib/libssl/man/SSL_accept.3
@@ -0,0 +1,200 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "SSL_accept 3"
+.TH SSL_accept 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+SSL_accept \- wait for a TLS/SSL client to initiate a TLS/SSL handshake
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/ssl.h>
+\&
+\& int SSL_accept(SSL *ssl);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\fISSL_accept()\fR waits for a \s-1TLS/SSL\s0 client to initiate the \s-1TLS/SSL\s0 handshake.
+The communication channel must already have been set and assigned to the
+\&\fBssl\fR by setting an underlying \fB\s-1BIO\s0\fR.
+.SH "NOTES"
+.IX Header "NOTES"
+The behaviour of \fISSL_accept()\fR depends on the underlying \s-1BIO\s0.
+.PP
+If the underlying \s-1BIO\s0 is \fBblocking\fR, \fISSL_accept()\fR will only return once the
+handshake has been finished or an error occurred, except for \s-1SGC\s0 (Server
+Gated Cryptography). For \s-1SGC\s0, \fISSL_accept()\fR may return with \-1, but
+\&\fISSL_get_error()\fR will yield \fB\s-1SSL_ERROR_WANT_READ/WRITE\s0\fR and \fISSL_accept()\fR
+should be called again.
+.PP
+If the underlying \s-1BIO\s0 is \fBnon-blocking\fR, \fISSL_accept()\fR will also return
+when the underlying \s-1BIO\s0 could not satisfy the needs of \fISSL_accept()\fR
+to continue the handshake, indicating the problem by the return value \-1.
+In this case a call to \fISSL_get_error()\fR with the
+return value of \fISSL_accept()\fR will yield \fB\s-1SSL_ERROR_WANT_READ\s0\fR or
+\&\fB\s-1SSL_ERROR_WANT_WRITE\s0\fR. The calling process then must repeat the call after
+taking appropriate action to satisfy the needs of \fISSL_accept()\fR.
+The action depends on the underlying \s-1BIO\s0. When using a non-blocking socket,
+nothing is to be done, but \fIselect()\fR can be used to check for the required
+condition. When using a buffering \s-1BIO\s0, like a \s-1BIO\s0 pair, data must be written
+into or retrieved out of the \s-1BIO\s0 before being able to continue.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+The following return values can occur:
+.IP "1." 4
+The \s-1TLS/SSL\s0 handshake was successfully completed, a \s-1TLS/SSL\s0 connection has been
+established.
+.IP "2." 4
+The \s-1TLS/SSL\s0 handshake was not successful but was shut down controlled and
+by the specifications of the \s-1TLS/SSL\s0 protocol. Call \fISSL_get_error()\fR with the
+return value \fBret\fR to find out the reason.
+.IP "3." 4
+<0
+.Sp
+The \s-1TLS/SSL\s0 handshake was not successful because a fatal error occurred either
+at the protocol level or a connection failure occurred. The shutdown was
+not clean. It can also occur of action is need to continue the operation
+for non-blocking BIOs. Call \fISSL_get_error()\fR with the return value \fBret\fR
+to find out the reason.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fISSL_get_error\fR\|(3), \fISSL_connect\fR\|(3),
+\&\fISSL_shutdown\fR\|(3), \fIssl\fR\|(3), \fIbio\fR\|(3),
+\&\fISSL_set_connect_state\fR\|(3),
+\&\fISSL_do_handshake\fR\|(3),
+\&\fISSL_CTX_new\fR\|(3)
+.SH "POD ERRORS"
+.IX Header "POD ERRORS"
+Hey! \fBThe above document had some coding errors, which are explained below:\fR
+.IP "Around line 52:" 4
+.IX Item "Around line 52:"
+You have '=item 0' instead of the expected '=item 2'
+.IP "Around line 58:" 4
+.IX Item "Around line 58:"
+Expected '=item 3'
diff --git a/secure/lib/libssl/man/SSL_alert_type_string.3 b/secure/lib/libssl/man/SSL_alert_type_string.3
new file mode 100644
index 0000000..2735e4b
--- /dev/null
+++ b/secure/lib/libssl/man/SSL_alert_type_string.3
@@ -0,0 +1,347 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "SSL_alert_type_string 3"
+.TH SSL_alert_type_string 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+SSL_alert_type_string, SSL_alert_type_string_long, SSL_alert_desc_string, SSL_alert_desc_string_long \- get textual description of alert information
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/ssl.h>
+\&
+\& const char *SSL_alert_type_string(int value);
+\& const char *SSL_alert_type_string_long(int value);
+\&
+\& const char *SSL_alert_desc_string(int value);
+\& const char *SSL_alert_desc_string_long(int value);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\fISSL_alert_type_string()\fR returns a one letter string indicating the
+type of the alert specified by \fBvalue\fR.
+.PP
+\&\fISSL_alert_type_string_long()\fR returns a string indicating the type of the alert
+specified by \fBvalue\fR.
+.PP
+\&\fISSL_alert_desc_string()\fR returns a two letter string as a short form
+describing the reason of the alert specified by \fBvalue\fR.
+.PP
+\&\fISSL_alert_desc_string_long()\fR returns a string describing the reason
+of the alert specified by \fBvalue\fR.
+.SH "NOTES"
+.IX Header "NOTES"
+When one side of an \s-1SSL/TLS\s0 communication wants to inform the peer about
+a special situation, it sends an alert. The alert is sent as a special message
+and does not influence the normal data stream (unless its contents results
+in the communication being canceled).
+.PP
+A warning alert is sent, when a non-fatal error condition occurs. The
+\&\*(L"close notify\*(R" alert is sent as a warning alert. Other examples for
+non-fatal errors are certificate errors (\*(L"certificate expired\*(R",
+\&\*(L"unsupported certificate\*(R"), for which a warning alert may be sent.
+(The sending party may however decide to send a fatal error.) The
+receiving side may cancel the connection on reception of a warning
+alert on it discretion.
+.PP
+Several alert messages must be sent as fatal alert messages as specified
+by the \s-1TLS\s0 \s-1RFC\s0. A fatal alert always leads to a connection abort.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+The following strings can occur for \fISSL_alert_type_string()\fR or
+\&\fISSL_alert_type_string_long()\fR:
+.ie n .IP """W""/""warning""" 4
+.el .IP "``W''/``warning''" 4
+.IX Item "W/warning"
+.PD 0
+.ie n .IP """F""/""fatal""" 4
+.el .IP "``F''/``fatal''" 4
+.IX Item "F/fatal"
+.ie n .IP """U""/""unknown""" 4
+.el .IP "``U''/``unknown''" 4
+.IX Item "U/unknown"
+.PD
+This indicates that no support is available for this alert type.
+Probably \fBvalue\fR does not contain a correct alert message.
+.PP
+The following strings can occur for \fISSL_alert_desc_string()\fR or
+\&\fISSL_alert_desc_string_long()\fR:
+.ie n .IP """\s-1CN\s0""/""close notify""" 4
+.el .IP "``\s-1CN\s0''/``close notify''" 4
+.IX Item "CN/close notify"
+The connection shall be closed. This is a warning alert.
+.ie n .IP """\s-1UM\s0""/""unexpected message""" 4
+.el .IP "``\s-1UM\s0''/``unexpected message''" 4
+.IX Item "UM/unexpected message"
+An inappropriate message was received. This alert is always fatal
+and should never be observed in communication between proper
+implementations.
+.ie n .IP """\s-1BM\s0""/""bad record mac""" 4
+.el .IP "``\s-1BM\s0''/``bad record mac''" 4
+.IX Item "BM/bad record mac"
+This alert is returned if a record is received with an incorrect
+\&\s-1MAC\s0. This message is always fatal.
+.ie n .IP """\s-1DF\s0""/""decompression failure""" 4
+.el .IP "``\s-1DF\s0''/``decompression failure''" 4
+.IX Item "DF/decompression failure"
+The decompression function received improper input (e.g. data
+that would expand to excessive length). This message is always
+fatal.
+.ie n .IP """\s-1HF\s0""/""handshake failure""" 4
+.el .IP "``\s-1HF\s0''/``handshake failure''" 4
+.IX Item "HF/handshake failure"
+Reception of a handshake_failure alert message indicates that the
+sender was unable to negotiate an acceptable set of security
+parameters given the options available. This is a fatal error.
+.ie n .IP """\s-1NC\s0""/""no certificate""" 4
+.el .IP "``\s-1NC\s0''/``no certificate''" 4
+.IX Item "NC/no certificate"
+A client, that was asked to send a certificate, does not send a certificate
+(SSLv3 only).
+.ie n .IP """\s-1BC\s0""/""bad certificate""" 4
+.el .IP "``\s-1BC\s0''/``bad certificate''" 4
+.IX Item "BC/bad certificate"
+A certificate was corrupt, contained signatures that did not
+verify correctly, etc
+.ie n .IP """\s-1UC\s0""/""unsupported certificate""" 4
+.el .IP "``\s-1UC\s0''/``unsupported certificate''" 4
+.IX Item "UC/unsupported certificate"
+A certificate was of an unsupported type.
+.ie n .IP """\s-1CR\s0""/""certificate revoked""" 4
+.el .IP "``\s-1CR\s0''/``certificate revoked''" 4
+.IX Item "CR/certificate revoked"
+A certificate was revoked by its signer.
+.ie n .IP """\s-1CE\s0""/""certificate expired""" 4
+.el .IP "``\s-1CE\s0''/``certificate expired''" 4
+.IX Item "CE/certificate expired"
+A certificate has expired or is not currently valid.
+.ie n .IP """\s-1CU\s0""/""certificate unknown""" 4
+.el .IP "``\s-1CU\s0''/``certificate unknown''" 4
+.IX Item "CU/certificate unknown"
+Some other (unspecified) issue arose in processing the
+certificate, rendering it unacceptable.
+.ie n .IP """\s-1IP\s0""/""illegal parameter""" 4
+.el .IP "``\s-1IP\s0''/``illegal parameter''" 4
+.IX Item "IP/illegal parameter"
+A field in the handshake was out of range or inconsistent with
+other fields. This is always fatal.
+.ie n .IP """\s-1DC\s0""/""decryption failed""" 4
+.el .IP "``\s-1DC\s0''/``decryption failed''" 4
+.IX Item "DC/decryption failed"
+A TLSCiphertext decrypted in an invalid way: either it wasn't an
+even multiple of the block length or its padding values, when
+checked, weren't correct. This message is always fatal.
+.ie n .IP """\s-1RO\s0""/""record overflow""" 4
+.el .IP "``\s-1RO\s0''/``record overflow''" 4
+.IX Item "RO/record overflow"
+A TLSCiphertext record was received which had a length more than
+2^14+2048 bytes, or a record decrypted to a TLSCompressed record
+with more than 2^14+1024 bytes. This message is always fatal.
+.ie n .IP """\s-1CA\s0""/""unknown \s-1CA\s0""" 4
+.el .IP "``\s-1CA\s0''/``unknown \s-1CA\s0''" 4
+.IX Item "CA/unknown CA"
+A valid certificate chain or partial chain was received, but the
+certificate was not accepted because the \s-1CA\s0 certificate could not
+be located or couldn't be matched with a known, trusted \s-1CA\s0. This
+message is always fatal.
+.ie n .IP """\s-1AD\s0""/""access denied""" 4
+.el .IP "``\s-1AD\s0''/``access denied''" 4
+.IX Item "AD/access denied"
+A valid certificate was received, but when access control was
+applied, the sender decided not to proceed with negotiation.
+This message is always fatal.
+.ie n .IP """\s-1DE\s0""/""decode error""" 4
+.el .IP "``\s-1DE\s0''/``decode error''" 4
+.IX Item "DE/decode error"
+A message could not be decoded because some field was out of the
+specified range or the length of the message was incorrect. This
+message is always fatal.
+.ie n .IP """\s-1CY\s0""/""decrypt error""" 4
+.el .IP "``\s-1CY\s0''/``decrypt error''" 4
+.IX Item "CY/decrypt error"
+A handshake cryptographic operation failed, including being
+unable to correctly verify a signature, decrypt a key exchange,
+or validate a finished message.
+.ie n .IP """\s-1ER\s0""/""export restriction""" 4
+.el .IP "``\s-1ER\s0''/``export restriction''" 4
+.IX Item "ER/export restriction"
+A negotiation not in compliance with export restrictions was
+detected; for example, attempting to transfer a 1024 bit
+ephemeral \s-1RSA\s0 key for the \s-1RSA_EXPORT\s0 handshake method. This
+message is always fatal.
+.ie n .IP """\s-1PV\s0""/""protocol version""" 4
+.el .IP "``\s-1PV\s0''/``protocol version''" 4
+.IX Item "PV/protocol version"
+The protocol version the client has attempted to negotiate is
+recognized, but not supported. (For example, old protocol
+versions might be avoided for security reasons). This message is
+always fatal.
+.ie n .IP """\s-1IS\s0""/""insufficient security""" 4
+.el .IP "``\s-1IS\s0''/``insufficient security''" 4
+.IX Item "IS/insufficient security"
+Returned instead of handshake_failure when a negotiation has
+failed specifically because the server requires ciphers more
+secure than those supported by the client. This message is always
+fatal.
+.ie n .IP """\s-1IE\s0""/""internal error""" 4
+.el .IP "``\s-1IE\s0''/``internal error''" 4
+.IX Item "IE/internal error"
+An internal error unrelated to the peer or the correctness of the
+protocol makes it impossible to continue (such as a memory
+allocation failure). This message is always fatal.
+.ie n .IP """\s-1US\s0""/""user canceled""" 4
+.el .IP "``\s-1US\s0''/``user canceled''" 4
+.IX Item "US/user canceled"
+This handshake is being canceled for some reason unrelated to a
+protocol failure. If the user cancels an operation after the
+handshake is complete, just closing the connection by sending a
+close_notify is more appropriate. This alert should be followed
+by a close_notify. This message is generally a warning.
+.ie n .IP """\s-1NR\s0""/""no renegotiation""" 4
+.el .IP "``\s-1NR\s0''/``no renegotiation''" 4
+.IX Item "NR/no renegotiation"
+Sent by the client in response to a hello request or by the
+server in response to a client hello after initial handshaking.
+Either of these would normally lead to renegotiation; when that
+is not appropriate, the recipient should respond with this alert;
+at that point, the original requester can decide whether to
+proceed with the connection. One case where this would be
+appropriate would be where a server has spawned a process to
+satisfy a request; the process might receive security parameters
+(key length, authentication, etc.) at startup and it might be
+difficult to communicate changes to these parameters after that
+point. This message is always a warning.
+.ie n .IP """\s-1UK\s0""/""unknown""" 4
+.el .IP "``\s-1UK\s0''/``unknown''" 4
+.IX Item "UK/unknown"
+This indicates that no description is available for this alert type.
+Probably \fBvalue\fR does not contain a correct alert message.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIssl\fR\|(3), \fISSL_CTX_set_info_callback\fR\|(3)
diff --git a/secure/lib/libssl/man/SSL_clear.3 b/secure/lib/libssl/man/SSL_clear.3
new file mode 100644
index 0000000..25bca22
--- /dev/null
+++ b/secure/lib/libssl/man/SSL_clear.3
@@ -0,0 +1,185 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "SSL_clear 3"
+.TH SSL_clear 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+SSL_clear \- reset SSL object to allow another connection
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/ssl.h>
+\&
+\& int SSL_clear(SSL *ssl);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+Reset \fBssl\fR to allow another connection. All settings (method, ciphers,
+BIOs) are kept.
+.SH "NOTES"
+.IX Header "NOTES"
+SSL_clear is used to prepare an \s-1SSL\s0 object for a new connection. While all
+settings are kept, a side effect is the handling of the current \s-1SSL\s0 session.
+If a session is still \fBopen\fR, it is considered bad and will be removed
+from the session cache, as required by \s-1RFC2246\s0. A session is considered open,
+if \fISSL_shutdown\fR\|(3) was not called for the connection
+or at least \fISSL_set_shutdown\fR\|(3) was used to
+set the \s-1SSL_SENT_SHUTDOWN\s0 state.
+.PP
+If a session was closed cleanly, the session object will be kept and all
+settings corresponding. This explicitly means, that e.g. the special method
+used during the session will be kept for the next handshake. So if the
+session was a TLSv1 session, a \s-1SSL\s0 client object will use a TLSv1 client
+method for the next handshake and a \s-1SSL\s0 server object will use a TLSv1
+server method, even if SSLv23_*_methods were chosen on startup. This
+will might lead to connection failures (see \fISSL_new\fR\|(3))
+for a description of the method's properties.
+.SH "WARNINGS"
+.IX Header "WARNINGS"
+\&\fISSL_clear()\fR resets the \s-1SSL\s0 object to allow for another connection. The
+reset operation however keeps several settings of the last sessions
+(some of these settings were made automatically during the last
+handshake). It only makes sense when opening a new session (or reusing
+an old one) with the same peer that shares these settings.
+\&\fISSL_clear()\fR is not a short form for the sequence
+\&\fISSL_free\fR\|(3); \fISSL_new\fR\|(3); .
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+The following return values can occur:
+.IP "0" 4
+The \fISSL_clear()\fR operation could not be performed. Check the error stack to
+find out the reason.
+.IP "1" 4
+.IX Item "1"
+The \fISSL_clear()\fR operation was successful.
+.PP
+\&\fISSL_new\fR\|(3), \fISSL_free\fR\|(3),
+\&\fISSL_shutdown\fR\|(3), \fISSL_set_shutdown\fR\|(3),
+\&\fISSL_CTX_set_options\fR\|(3), \fIssl\fR\|(3),
+\&\fISSL_CTX_set_client_cert_cb\fR\|(3)
diff --git a/secure/lib/libssl/man/SSL_connect.3 b/secure/lib/libssl/man/SSL_connect.3
new file mode 100644
index 0000000..a51b65c
--- /dev/null
+++ b/secure/lib/libssl/man/SSL_connect.3
@@ -0,0 +1,197 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "SSL_connect 3"
+.TH SSL_connect 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+SSL_connect \- initiate the TLS/SSL handshake with an TLS/SSL server
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/ssl.h>
+\&
+\& int SSL_connect(SSL *ssl);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\fISSL_connect()\fR initiates the \s-1TLS/SSL\s0 handshake with a server. The communication
+channel must already have been set and assigned to the \fBssl\fR by setting an
+underlying \fB\s-1BIO\s0\fR.
+.SH "NOTES"
+.IX Header "NOTES"
+The behaviour of \fISSL_connect()\fR depends on the underlying \s-1BIO\s0.
+.PP
+If the underlying \s-1BIO\s0 is \fBblocking\fR, \fISSL_connect()\fR will only return once the
+handshake has been finished or an error occurred.
+.PP
+If the underlying \s-1BIO\s0 is \fBnon-blocking\fR, \fISSL_connect()\fR will also return
+when the underlying \s-1BIO\s0 could not satisfy the needs of \fISSL_connect()\fR
+to continue the handshake, indicating the problem by the return value \-1.
+In this case a call to \fISSL_get_error()\fR with the
+return value of \fISSL_connect()\fR will yield \fB\s-1SSL_ERROR_WANT_READ\s0\fR or
+\&\fB\s-1SSL_ERROR_WANT_WRITE\s0\fR. The calling process then must repeat the call after
+taking appropriate action to satisfy the needs of \fISSL_connect()\fR.
+The action depends on the underlying \s-1BIO\s0. When using a non-blocking socket,
+nothing is to be done, but \fIselect()\fR can be used to check for the required
+condition. When using a buffering \s-1BIO\s0, like a \s-1BIO\s0 pair, data must be written
+into or retrieved out of the \s-1BIO\s0 before being able to continue.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+The following return values can occur:
+.IP "1." 4
+The \s-1TLS/SSL\s0 handshake was successfully completed, a \s-1TLS/SSL\s0 connection has been
+established.
+.IP "2." 4
+The \s-1TLS/SSL\s0 handshake was not successful but was shut down controlled and
+by the specifications of the \s-1TLS/SSL\s0 protocol. Call \fISSL_get_error()\fR with the
+return value \fBret\fR to find out the reason.
+.IP "3." 4
+<0
+.Sp
+The \s-1TLS/SSL\s0 handshake was not successful, because a fatal error occurred either
+at the protocol level or a connection failure occurred. The shutdown was
+not clean. It can also occur of action is need to continue the operation
+for non-blocking BIOs. Call \fISSL_get_error()\fR with the return value \fBret\fR
+to find out the reason.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fISSL_get_error\fR\|(3), \fISSL_accept\fR\|(3),
+\&\fISSL_shutdown\fR\|(3), \fIssl\fR\|(3), \fIbio\fR\|(3),
+\&\fISSL_set_connect_state\fR\|(3),
+\&\fISSL_do_handshake\fR\|(3),
+\&\fISSL_CTX_new\fR\|(3)
+.SH "POD ERRORS"
+.IX Header "POD ERRORS"
+Hey! \fBThe above document had some coding errors, which are explained below:\fR
+.IP "Around line 49:" 4
+.IX Item "Around line 49:"
+You have '=item 0' instead of the expected '=item 2'
+.IP "Around line 55:" 4
+.IX Item "Around line 55:"
+Expected '=item 3'
diff --git a/secure/lib/libssl/man/SSL_do_handshake.3 b/secure/lib/libssl/man/SSL_do_handshake.3
new file mode 100644
index 0000000..664c22f
--- /dev/null
+++ b/secure/lib/libssl/man/SSL_do_handshake.3
@@ -0,0 +1,199 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "SSL_do_handshake 3"
+.TH SSL_do_handshake 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+SSL_do_handshake \- perform a TLS/SSL handshake
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/ssl.h>
+\&
+\& int SSL_do_handshake(SSL *ssl);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\fISSL_do_handshake()\fR will wait for a \s-1SSL/TLS\s0 handshake to take place. If the
+connection is in client mode, the handshake will be started. The handshake
+routines may have to be explicitly set in advance using either
+\&\fISSL_set_connect_state\fR\|(3) or
+\&\fISSL_set_accept_state\fR\|(3).
+.SH "NOTES"
+.IX Header "NOTES"
+The behaviour of \fISSL_do_handshake()\fR depends on the underlying \s-1BIO\s0.
+.PP
+If the underlying \s-1BIO\s0 is \fBblocking\fR, \fISSL_do_handshake()\fR will only return
+once the handshake has been finished or an error occurred, except for \s-1SGC\s0
+(Server Gated Cryptography). For \s-1SGC\s0, \fISSL_do_handshake()\fR may return with \-1,
+but \fISSL_get_error()\fR will yield \fB\s-1SSL_ERROR_WANT_READ/WRITE\s0\fR and
+\&\fISSL_do_handshake()\fR should be called again.
+.PP
+If the underlying \s-1BIO\s0 is \fBnon-blocking\fR, \fISSL_do_handshake()\fR will also return
+when the underlying \s-1BIO\s0 could not satisfy the needs of \fISSL_do_handshake()\fR
+to continue the handshake. In this case a call to \fISSL_get_error()\fR with the
+return value of \fISSL_do_handshake()\fR will yield \fB\s-1SSL_ERROR_WANT_READ\s0\fR or
+\&\fB\s-1SSL_ERROR_WANT_WRITE\s0\fR. The calling process then must repeat the call after
+taking appropriate action to satisfy the needs of \fISSL_do_handshake()\fR.
+The action depends on the underlying \s-1BIO\s0. When using a non-blocking socket,
+nothing is to be done, but \fIselect()\fR can be used to check for the required
+condition. When using a buffering \s-1BIO\s0, like a \s-1BIO\s0 pair, data must be written
+into or retrieved out of the \s-1BIO\s0 before being able to continue.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+The following return values can occur:
+.IP "1." 4
+The \s-1TLS/SSL\s0 handshake was successfully completed, a \s-1TLS/SSL\s0 connection has been
+established.
+.IP "2." 4
+The \s-1TLS/SSL\s0 handshake was not successful but was shut down controlled and
+by the specifications of the \s-1TLS/SSL\s0 protocol. Call \fISSL_get_error()\fR with the
+return value \fBret\fR to find out the reason.
+.IP "3." 4
+<0
+.Sp
+The \s-1TLS/SSL\s0 handshake was not successful because a fatal error occurred either
+at the protocol level or a connection failure occurred. The shutdown was
+not clean. It can also occur of action is need to continue the operation
+for non-blocking BIOs. Call \fISSL_get_error()\fR with the return value \fBret\fR
+to find out the reason.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fISSL_get_error\fR\|(3), \fISSL_connect\fR\|(3),
+\&\fISSL_accept\fR\|(3), \fIssl\fR\|(3), \fIbio\fR\|(3),
+\&\fISSL_set_connect_state\fR\|(3)
+.SH "POD ERRORS"
+.IX Header "POD ERRORS"
+Hey! \fBThe above document had some coding errors, which are explained below:\fR
+.IP "Around line 53:" 4
+.IX Item "Around line 53:"
+You have '=item 0' instead of the expected '=item 2'
+.IP "Around line 59:" 4
+.IX Item "Around line 59:"
+Expected '=item 3'
diff --git a/secure/lib/libssl/man/SSL_free.3 b/secure/lib/libssl/man/SSL_free.3
new file mode 100644
index 0000000..d035365
--- /dev/null
+++ b/secure/lib/libssl/man/SSL_free.3
@@ -0,0 +1,168 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "SSL_free 3"
+.TH SSL_free 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+SSL_free \- free an allocated SSL structure
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/ssl.h>
+\&
+\& void SSL_free(SSL *ssl);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\fISSL_free()\fR decrements the reference count of \fBssl\fR, and removes the \s-1SSL\s0
+structure pointed to by \fBssl\fR and frees up the allocated memory if the
+reference count has reached 0.
+.SH "NOTES"
+.IX Header "NOTES"
+\&\fISSL_free()\fR also calls the \fIfree()\fRing procedures for indirectly affected items, if
+applicable: the buffering \s-1BIO\s0, the read and write BIOs,
+cipher lists specially created for this \fBssl\fR, the \fB\s-1SSL_SESSION\s0\fR.
+Do not explicitly free these indirectly freed up items before or after
+calling \fISSL_free()\fR, as trying to free things twice may lead to program
+failure.
+.PP
+The ssl session has reference counts from two users: the \s-1SSL\s0 object, for
+which the reference count is removed by \fISSL_free()\fR and the internal
+session cache. If the session is considered bad, because
+\&\fISSL_shutdown\fR\|(3) was not called for the connection
+and \fISSL_set_shutdown\fR\|(3) was not used to set the
+\&\s-1SSL_SENT_SHUTDOWN\s0 state, the session will also be removed
+from the session cache as required by \s-1RFC2246\s0.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+\&\fISSL_free()\fR does not provide diagnostic information.
+.PP
+\&\fISSL_new\fR\|(3), \fISSL_clear\fR\|(3),
+\&\fISSL_shutdown\fR\|(3), \fISSL_set_shutdown\fR\|(3),
+\&\fIssl\fR\|(3)
diff --git a/secure/lib/libssl/man/SSL_get_SSL_CTX.3 b/secure/lib/libssl/man/SSL_get_SSL_CTX.3
new file mode 100644
index 0000000..5f063e1
--- /dev/null
+++ b/secure/lib/libssl/man/SSL_get_SSL_CTX.3
@@ -0,0 +1,150 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "SSL_get_SSL_CTX 3"
+.TH SSL_get_SSL_CTX 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+SSL_get_SSL_CTX \- get the SSL_CTX from which an SSL is created
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/ssl.h>
+\&
+\& SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\fISSL_get_SSL_CTX()\fR returns a pointer to the \s-1SSL_CTX\s0 object, from which
+\&\fBssl\fR was created with \fISSL_new\fR\|(3).
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+The pointer to the \s-1SSL_CTX\s0 object is returned.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIssl\fR\|(3), \fISSL_new\fR\|(3)
diff --git a/secure/lib/libssl/man/SSL_get_ciphers.3 b/secure/lib/libssl/man/SSL_get_ciphers.3
new file mode 100644
index 0000000..56ea6e8
--- /dev/null
+++ b/secure/lib/libssl/man/SSL_get_ciphers.3
@@ -0,0 +1,165 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "SSL_get_ciphers 3"
+.TH SSL_get_ciphers 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+SSL_get_ciphers, SSL_get_cipher_list \- get list of available SSL_CIPHERs
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/ssl.h>
+\&
+\& STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *ssl);
+\& const char *SSL_get_cipher_list(const SSL *ssl, int priority);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\fISSL_get_ciphers()\fR returns the stack of available SSL_CIPHERs for \fBssl\fR,
+sorted by preference. If \fBssl\fR is \s-1NULL\s0 or no ciphers are available, \s-1NULL\s0
+is returned.
+.PP
+\&\fISSL_get_cipher_list()\fR returns a pointer to the name of the \s-1SSL_CIPHER\s0
+listed for \fBssl\fR with \fBpriority\fR. If \fBssl\fR is \s-1NULL\s0, no ciphers are
+available, or there are less ciphers than \fBpriority\fR available, \s-1NULL\s0
+is returned.
+.SH "NOTES"
+.IX Header "NOTES"
+The details of the ciphers obtained by \fISSL_get_ciphers()\fR can be obtained using
+the \fISSL_CIPHER_get_name\fR\|(3) family of functions.
+.PP
+Call \fISSL_get_cipher_list()\fR with \fBpriority\fR starting from 0 to obtain the
+sorted list of available ciphers, until \s-1NULL\s0 is returned.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+See \s-1DESCRIPTION\s0
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIssl\fR\|(3), \fISSL_CTX_set_cipher_list\fR\|(3),
+\&\fISSL_CIPHER_get_name\fR\|(3)
diff --git a/secure/lib/libssl/man/SSL_get_client_CA_list.3 b/secure/lib/libssl/man/SSL_get_client_CA_list.3
new file mode 100644
index 0000000..3ae3739
--- /dev/null
+++ b/secure/lib/libssl/man/SSL_get_client_CA_list.3
@@ -0,0 +1,171 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "SSL_get_client_CA_list 3"
+.TH SSL_get_client_CA_list 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+SSL_get_client_CA_list, SSL_CTX_get_client_CA_list \- get list of client CAs
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/ssl.h>
+\&
+\& STACK_OF(X509_NAME) *SSL_get_client_CA_list(const SSL *s);
+\& STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(const SSL_CTX *ctx);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\fISSL_CTX_get_client_CA_list()\fR returns the list of client CAs explicitly set for
+\&\fBctx\fR using \fISSL_CTX_set_client_CA_list\fR\|(3).
+.PP
+\&\fISSL_get_client_CA_list()\fR returns the list of client CAs explicitly
+set for \fBssl\fR using \fISSL_set_client_CA_list()\fR or \fBssl\fR's \s-1SSL_CTX\s0 object with
+\&\fISSL_CTX_set_client_CA_list\fR\|(3), when in
+server mode. In client mode, SSL_get_client_CA_list returns the list of
+client CAs sent from the server, if any.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+\&\fISSL_CTX_set_client_CA_list()\fR and \fISSL_set_client_CA_list()\fR do not return
+diagnostic information.
+.PP
+\&\fISSL_CTX_add_client_CA()\fR and \fISSL_add_client_CA()\fR have the following return
+values:
+.IP "\s-1STACK_OF\s0(X509_NAMES)" 4
+.IX Item "STACK_OF(X509_NAMES)"
+List of \s-1CA\s0 names explicitly set (for \fBctx\fR or in server mode) or send
+by the server (client mode).
+.IP "\s-1NULL\s0" 4
+.IX Item "NULL"
+No client \s-1CA\s0 list was explicitly set (for \fBctx\fR or in server mode) or
+the server did not send a list of CAs (client mode).
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIssl\fR\|(3),
+\&\fISSL_CTX_set_client_CA_list\fR\|(3),
+\&\fISSL_CTX_set_client_cert_cb\fR\|(3)
diff --git a/secure/lib/libssl/man/SSL_get_current_cipher.3 b/secure/lib/libssl/man/SSL_get_current_cipher.3
new file mode 100644
index 0000000..d08981e
--- /dev/null
+++ b/secure/lib/libssl/man/SSL_get_current_cipher.3
@@ -0,0 +1,167 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "SSL_get_current_cipher 3"
+.TH SSL_get_current_cipher 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+SSL_get_current_cipher, SSL_get_cipher, SSL_get_cipher_name,
+SSL_get_cipher_bits, SSL_get_cipher_version \- get SSL_CIPHER of a connection
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/ssl.h>
+\&
+\& SSL_CIPHER *SSL_get_current_cipher(const SSL *ssl);
+\& #define SSL_get_cipher(s) \e
+\& SSL_CIPHER_get_name(SSL_get_current_cipher(s))
+\& #define SSL_get_cipher_name(s) \e
+\& SSL_CIPHER_get_name(SSL_get_current_cipher(s))
+\& #define SSL_get_cipher_bits(s,np) \e
+\& SSL_CIPHER_get_bits(SSL_get_current_cipher(s),np)
+\& #define SSL_get_cipher_version(s) \e
+\& SSL_CIPHER_get_version(SSL_get_current_cipher(s))
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\fISSL_get_current_cipher()\fR returns a pointer to an \s-1SSL_CIPHER\s0 object containing
+the description of the actually used cipher of a connection established with
+the \fBssl\fR object.
+.PP
+\&\fISSL_get_cipher()\fR and \fISSL_get_cipher_name()\fR are identical macros to obtain the
+name of the currently used cipher. \fISSL_get_cipher_bits()\fR is a
+macro to obtain the number of secret/algorithm bits used and
+\&\fISSL_get_cipher_version()\fR returns the protocol name.
+See \fISSL_CIPHER_get_name\fR\|(3) for more details.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+\&\fISSL_get_current_cipher()\fR returns the cipher actually used or \s-1NULL\s0, when
+no session has been established.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIssl\fR\|(3), \fISSL_CIPHER_get_name\fR\|(3)
diff --git a/secure/lib/libssl/man/SSL_get_default_timeout.3 b/secure/lib/libssl/man/SSL_get_default_timeout.3
new file mode 100644
index 0000000..4c1d965
--- /dev/null
+++ b/secure/lib/libssl/man/SSL_get_default_timeout.3
@@ -0,0 +1,164 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "SSL_get_default_timeout 3"
+.TH SSL_get_default_timeout 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+SSL_get_default_timeout \- get default session timeout value
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/ssl.h>
+\&
+\& long SSL_get_default_timeout(const SSL *ssl);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\fISSL_get_default_timeout()\fR returns the default timeout value assigned to
+\&\s-1SSL_SESSION\s0 objects negotiated for the protocol valid for \fBssl\fR.
+.SH "NOTES"
+.IX Header "NOTES"
+Whenever a new session is negotiated, it is assigned a timeout value,
+after which it will not be accepted for session reuse. If the timeout
+value was not explicitly set using
+\&\fISSL_CTX_set_timeout\fR\|(3), the hardcoded default
+timeout for the protocol will be used.
+.PP
+\&\fISSL_get_default_timeout()\fR return this hardcoded value, which is 300 seconds
+for all currently supported protocols (SSLv2, SSLv3, and TLSv1).
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+See description.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIssl\fR\|(3),
+\&\fISSL_CTX_set_session_cache_mode\fR\|(3),
+\&\fISSL_SESSION_get_time\fR\|(3),
+\&\fISSL_CTX_flush_sessions\fR\|(3),
+\&\fISSL_get_default_timeout\fR\|(3)
diff --git a/secure/lib/libssl/man/SSL_get_error.3 b/secure/lib/libssl/man/SSL_get_error.3
new file mode 100644
index 0000000..1289682
--- /dev/null
+++ b/secure/lib/libssl/man/SSL_get_error.3
@@ -0,0 +1,226 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "SSL_get_error 3"
+.TH SSL_get_error 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+SSL_get_error \- obtain result code for TLS/SSL I/O operation
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/ssl.h>
+\&
+\& int SSL_get_error(const SSL *ssl, int ret);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\fISSL_get_error()\fR returns a result code (suitable for the C \*(L"switch\*(R"
+statement) for a preceding call to \fISSL_connect()\fR, \fISSL_accept()\fR, \fISSL_do_handshake()\fR,
+\&\fISSL_read()\fR, \fISSL_peek()\fR, or \fISSL_write()\fR on \fBssl\fR. The value returned by
+that \s-1TLS/SSL\s0 I/O function must be passed to \fISSL_get_error()\fR in parameter
+\&\fBret\fR.
+.PP
+In addition to \fBssl\fR and \fBret\fR, \fISSL_get_error()\fR inspects the
+current thread's OpenSSL error queue. Thus, \fISSL_get_error()\fR must be
+used in the same thread that performed the \s-1TLS/SSL\s0 I/O operation, and no
+other OpenSSL function calls should appear in between. The current
+thread's error queue must be empty before the \s-1TLS/SSL\s0 I/O operation is
+attempted, or \fISSL_get_error()\fR will not work reliably.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+The following return values can currently occur:
+.IP "\s-1SSL_ERROR_NONE\s0" 4
+.IX Item "SSL_ERROR_NONE"
+The \s-1TLS/SSL\s0 I/O operation completed. This result code is returned
+if and only if \fBret > 0\fR.
+.IP "\s-1SSL_ERROR_ZERO_RETURN\s0" 4
+.IX Item "SSL_ERROR_ZERO_RETURN"
+The \s-1TLS/SSL\s0 connection has been closed. If the protocol version is \s-1SSL\s0 3.0
+or \s-1TLS\s0 1.0, this result code is returned only if a closure
+alert has occurred in the protocol, i.e. if the connection has been
+closed cleanly. Note that in this case \fB\s-1SSL_ERROR_ZERO_RETURN\s0\fR
+does not necessarily indicate that the underlying transport
+has been closed.
+.IP "\s-1SSL_ERROR_WANT_READ\s0, \s-1SSL_ERROR_WANT_WRITE\s0" 4
+.IX Item "SSL_ERROR_WANT_READ, SSL_ERROR_WANT_WRITE"
+The operation did not complete; the same \s-1TLS/SSL\s0 I/O function should be
+called again later. If, by then, the underlying \fB\s-1BIO\s0\fR has data
+available for reading (if the result code is \fB\s-1SSL_ERROR_WANT_READ\s0\fR)
+or allows writing data (\fB\s-1SSL_ERROR_WANT_WRITE\s0\fR), then some \s-1TLS/SSL\s0
+protocol progress will take place, i.e. at least part of an \s-1TLS/SSL\s0
+record will be read or written. Note that the retry may again lead to
+a \fB\s-1SSL_ERROR_WANT_READ\s0\fR or \fB\s-1SSL_ERROR_WANT_WRITE\s0\fR condition.
+There is no fixed upper limit for the number of iterations that
+may be necessary until progress becomes visible at application
+protocol level.
+.Sp
+For socket \fB\s-1BIO\s0\fRs (e.g. when \fISSL_set_fd()\fR was used), \fIselect()\fR or
+\&\fIpoll()\fR on the underlying socket can be used to find out when the
+\&\s-1TLS/SSL\s0 I/O function should be retried.
+.Sp
+Caveat: Any \s-1TLS/SSL\s0 I/O function can lead to either of
+\&\fB\s-1SSL_ERROR_WANT_READ\s0\fR and \fB\s-1SSL_ERROR_WANT_WRITE\s0\fR. In particular,
+\&\fISSL_read()\fR or \fISSL_peek()\fR may want to write data and \fISSL_write()\fR may want
+to read data. This is mainly because \s-1TLS/SSL\s0 handshakes may occur at any
+time during the protocol (initiated by either the client or the server);
+\&\fISSL_read()\fR, \fISSL_peek()\fR, and \fISSL_write()\fR will handle any pending handshakes.
+.IP "\s-1SSL_ERROR_WANT_CONNECT\s0, \s-1SSL_ERROR_WANT_ACCEPT\s0" 4
+.IX Item "SSL_ERROR_WANT_CONNECT, SSL_ERROR_WANT_ACCEPT"
+The operation did not complete; the same \s-1TLS/SSL\s0 I/O function should be
+called again later. The underlying \s-1BIO\s0 was not connected yet to the peer
+and the call would block in \fIconnect()\fR/\fIaccept()\fR. The \s-1SSL\s0 function should be
+called again when the connection is established. These messages can only
+appear with a \fIBIO_s_connect()\fR or \fIBIO_s_accept()\fR \s-1BIO\s0, respectively.
+In order to find out, when the connection has been successfully established,
+on many platforms \fIselect()\fR or \fIpoll()\fR for writing on the socket file descriptor
+can be used.
+.IP "\s-1SSL_ERROR_WANT_X509_LOOKUP\s0" 4
+.IX Item "SSL_ERROR_WANT_X509_LOOKUP"
+The operation did not complete because an application callback set by
+\&\fISSL_CTX_set_client_cert_cb()\fR has asked to be called again.
+The \s-1TLS/SSL\s0 I/O function should be called again later.
+Details depend on the application.
+.IP "\s-1SSL_ERROR_SYSCALL\s0" 4
+.IX Item "SSL_ERROR_SYSCALL"
+Some I/O error occurred. The OpenSSL error queue may contain more
+information on the error. If the error queue is empty
+(i.e. \fIERR_get_error()\fR returns 0), \fBret\fR can be used to find out more
+about the error: If \fBret == 0\fR, an \s-1EOF\s0 was observed that violates
+the protocol. If \fBret == \-1\fR, the underlying \fB\s-1BIO\s0\fR reported an
+I/O error (for socket I/O on Unix systems, consult \fBerrno\fR for details).
+.IP "\s-1SSL_ERROR_SSL\s0" 4
+.IX Item "SSL_ERROR_SSL"
+A failure in the \s-1SSL\s0 library occurred, usually a protocol error. The
+OpenSSL error queue contains more information on the error.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIssl\fR\|(3), \fIerr\fR\|(3)
+.SH "HISTORY"
+.IX Header "HISTORY"
+\&\fISSL_get_error()\fR was added in SSLeay 0.8.
diff --git a/secure/lib/libssl/man/SSL_get_ex_data_X509_STORE_CTX_idx.3 b/secure/lib/libssl/man/SSL_get_ex_data_X509_STORE_CTX_idx.3
new file mode 100644
index 0000000..a81f4de
--- /dev/null
+++ b/secure/lib/libssl/man/SSL_get_ex_data_X509_STORE_CTX_idx.3
@@ -0,0 +1,178 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "SSL_get_ex_data_X509_STORE_CTX_idx 3"
+.TH SSL_get_ex_data_X509_STORE_CTX_idx 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+SSL_get_ex_data_X509_STORE_CTX_idx \- get ex_data index to access SSL structure
+from X509_STORE_CTX
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/ssl.h>
+\&
+\& int SSL_get_ex_data_X509_STORE_CTX_idx(void);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\fISSL_get_ex_data_X509_STORE_CTX_idx()\fR returns the index number under which
+the pointer to the \s-1SSL\s0 object is stored into the X509_STORE_CTX object.
+.SH "NOTES"
+.IX Header "NOTES"
+Whenever a X509_STORE_CTX object is created for the verification of the
+peers certificate during a handshake, a pointer to the \s-1SSL\s0 object is
+stored into the X509_STORE_CTX object to identify the connection affected.
+To retrieve this pointer the \fIX509_STORE_CTX_get_ex_data()\fR function can
+be used with the correct index. This index is globally the same for all
+X509_STORE_CTX objects and can be retrieved using
+\&\fISSL_get_ex_data_X509_STORE_CTX_idx()\fR. The index value is set when
+\&\fISSL_get_ex_data_X509_STORE_CTX_idx()\fR is first called either by the application
+program directly or indirectly during other \s-1SSL\s0 setup functions or during
+the handshake.
+.PP
+The value depends on other index values defined for X509_STORE_CTX objects
+before the \s-1SSL\s0 index is created.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+.IP ">=0" 4
+.IX Item ">=0"
+The index value to access the pointer.
+.IP "<0" 4
+.IX Item "<0"
+An error occurred, check the error stack for a detailed error message.
+.SH "EXAMPLES"
+.IX Header "EXAMPLES"
+The index returned from \fISSL_get_ex_data_X509_STORE_CTX_idx()\fR allows to
+access the \s-1SSL\s0 object for the connection to be accessed during the
+\&\fIverify_callback()\fR when checking the peers certificate. Please check
+the example in \fISSL_CTX_set_verify\fR\|(3),
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIssl\fR\|(3), \fISSL_CTX_set_verify\fR\|(3),
+\&\fICRYPTO_set_ex_data\fR\|(3)
diff --git a/secure/lib/libssl/man/SSL_get_ex_new_index.3 b/secure/lib/libssl/man/SSL_get_ex_new_index.3
new file mode 100644
index 0000000..4896c63
--- /dev/null
+++ b/secure/lib/libssl/man/SSL_get_ex_new_index.3
@@ -0,0 +1,183 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "SSL_get_ex_new_index 3"
+.TH SSL_get_ex_new_index 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+SSL_get_ex_new_index, SSL_set_ex_data, SSL_get_ex_data \- internal application specific data functions
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/ssl.h>
+\&
+\& int SSL_get_ex_new_index(long argl, void *argp,
+\& CRYPTO_EX_new *new_func,
+\& CRYPTO_EX_dup *dup_func,
+\& CRYPTO_EX_free *free_func);
+\&
+\& int SSL_set_ex_data(SSL *ssl, int idx, void *arg);
+\&
+\& void *SSL_get_ex_data(const SSL *ssl, int idx);
+\&
+\& typedef int new_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad,
+\& int idx, long argl, void *argp);
+\& typedef void free_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad,
+\& int idx, long argl, void *argp);
+\& typedef int dup_func(CRYPTO_EX_DATA *to, CRYPTO_EX_DATA *from, void *from_d,
+\& int idx, long argl, void *argp);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+Several OpenSSL structures can have application specific data attached to them.
+These functions are used internally by OpenSSL to manipulate application
+specific data attached to a specific structure.
+.PP
+\&\fISSL_get_ex_new_index()\fR is used to register a new index for application
+specific data.
+.PP
+\&\fISSL_set_ex_data()\fR is used to store application data at \fBarg\fR for \fBidx\fR into
+the \fBssl\fR object.
+.PP
+\&\fISSL_get_ex_data()\fR is used to retrieve the information for \fBidx\fR from
+\&\fBssl\fR.
+.PP
+A detailed description for the \fB*\f(BI_get_ex_new_index()\fB\fR functionality
+can be found in \fIRSA_get_ex_new_index\fR\|(3).
+The \fB*\f(BI_get_ex_data()\fB\fR and \fB*\f(BI_set_ex_data()\fB\fR functionality is described in
+\&\fICRYPTO_set_ex_data\fR\|(3).
+.SH "EXAMPLES"
+.IX Header "EXAMPLES"
+An example on how to use the functionality is included in the example
+\&\fIverify_callback()\fR in \fISSL_CTX_set_verify\fR\|(3).
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIssl\fR\|(3),
+\&\fIRSA_get_ex_new_index\fR\|(3),
+\&\fICRYPTO_set_ex_data\fR\|(3),
+\&\fISSL_CTX_set_verify\fR\|(3)
diff --git a/secure/lib/libssl/man/SSL_get_fd.3 b/secure/lib/libssl/man/SSL_get_fd.3
new file mode 100644
index 0000000..ac7f7ea
--- /dev/null
+++ b/secure/lib/libssl/man/SSL_get_fd.3
@@ -0,0 +1,162 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "SSL_get_fd 3"
+.TH SSL_get_fd 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+SSL_get_fd \- get file descriptor linked to an SSL object
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/ssl.h>
+\&
+\& int SSL_get_fd(const SSL *ssl);
+\& int SSL_get_rfd(const SSL *ssl);
+\& int SSL_get_wfd(const SSL *ssl);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\fISSL_get_fd()\fR returns the file descriptor which is linked to \fBssl\fR.
+\&\fISSL_get_rfd()\fR and \fISSL_get_wfd()\fR return the file descriptors for the
+read or the write channel, which can be different. If the read and the
+write channel are different, \fISSL_get_fd()\fR will return the file descriptor
+of the read channel.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+The following return values can occur:
+.IP "\-1" 4
+.IX Item "-1"
+The operation failed, because the underlying \s-1BIO\s0 is not of the correct type
+(suitable for file descriptors).
+.IP ">=0" 4
+.IX Item ">=0"
+The file descriptor linked to \fBssl\fR.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fISSL_set_fd\fR\|(3), \fIssl\fR\|(3) , \fIbio\fR\|(3)
diff --git a/secure/lib/libssl/man/SSL_get_peer_cert_chain.3 b/secure/lib/libssl/man/SSL_get_peer_cert_chain.3
new file mode 100644
index 0000000..8ac8a69
--- /dev/null
+++ b/secure/lib/libssl/man/SSL_get_peer_cert_chain.3
@@ -0,0 +1,169 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "SSL_get_peer_cert_chain 3"
+.TH SSL_get_peer_cert_chain 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+SSL_get_peer_cert_chain \- get the X509 certificate chain of the peer
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/ssl.h>
+\&
+\& STACKOF(X509) *SSL_get_peer_cert_chain(const SSL *ssl);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\fISSL_get_peer_cert_chain()\fR returns a pointer to \s-1STACKOF\s0(X509) certificates
+forming the certificate chain of the peer. If called on the client side,
+the stack also contains the peer's certificate; if called on the server
+side, the peer's certificate must be obtained separately using
+\&\fISSL_get_peer_certificate\fR\|(3).
+If the peer did not present a certificate, \s-1NULL\s0 is returned.
+.SH "NOTES"
+.IX Header "NOTES"
+The peer certificate chain is not necessarily available after reusing
+a session, in which case a \s-1NULL\s0 pointer is returned.
+.PP
+The reference count of the \s-1STACKOF\s0(X509) object is not incremented.
+If the corresponding session is freed, the pointer must not be used
+any longer.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+The following return values can occur:
+.IP "\s-1NULL\s0" 4
+.IX Item "NULL"
+No certificate was presented by the peer or no connection was established
+or the certificate chain is no longer available when a session is reused.
+.IP "Pointer to a \s-1STACKOF\s0(X509)" 4
+.IX Item "Pointer to a STACKOF(X509)"
+The return value points to the certificate chain presented by the peer.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIssl\fR\|(3), \fISSL_get_peer_certificate\fR\|(3)
diff --git a/secure/lib/libssl/man/SSL_get_peer_certificate.3 b/secure/lib/libssl/man/SSL_get_peer_certificate.3
new file mode 100644
index 0000000..26a51d8
--- /dev/null
+++ b/secure/lib/libssl/man/SSL_get_peer_certificate.3
@@ -0,0 +1,172 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "SSL_get_peer_certificate 3"
+.TH SSL_get_peer_certificate 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+SSL_get_peer_certificate \- get the X509 certificate of the peer
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/ssl.h>
+\&
+\& X509 *SSL_get_peer_certificate(const SSL *ssl);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\fISSL_get_peer_certificate()\fR returns a pointer to the X509 certificate the
+peer presented. If the peer did not present a certificate, \s-1NULL\s0 is returned.
+.SH "NOTES"
+.IX Header "NOTES"
+Due to the protocol definition, a \s-1TLS/SSL\s0 server will always send a
+certificate, if present. A client will only send a certificate when
+explicitly requested to do so by the server (see
+\&\fISSL_CTX_set_verify\fR\|(3)). If an anonymous cipher
+is used, no certificates are sent.
+.PP
+That a certificate is returned does not indicate information about the
+verification state, use \fISSL_get_verify_result\fR\|(3)
+to check the verification state.
+.PP
+The reference count of the X509 object is incremented by one, so that it
+will not be destroyed when the session containing the peer certificate is
+freed. The X509 object must be explicitly freed using \fIX509_free()\fR.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+The following return values can occur:
+.IP "\s-1NULL\s0" 4
+.IX Item "NULL"
+No certificate was presented by the peer or no connection was established.
+.IP "Pointer to an X509 certificate" 4
+.IX Item "Pointer to an X509 certificate"
+The return value points to the certificate presented by the peer.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIssl\fR\|(3), \fISSL_get_verify_result\fR\|(3),
+\&\fISSL_CTX_set_verify\fR\|(3)
diff --git a/secure/lib/libssl/man/SSL_get_rbio.3 b/secure/lib/libssl/man/SSL_get_rbio.3
new file mode 100644
index 0000000..630a26e
--- /dev/null
+++ b/secure/lib/libssl/man/SSL_get_rbio.3
@@ -0,0 +1,158 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "SSL_get_rbio 3"
+.TH SSL_get_rbio 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+SSL_get_rbio \- get BIO linked to an SSL object
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/ssl.h>
+\&
+\& BIO *SSL_get_rbio(SSL *ssl);
+\& BIO *SSL_get_wbio(SSL *ssl);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\fISSL_get_rbio()\fR and \fISSL_get_wbio()\fR return pointers to the BIOs for the
+read or the write channel, which can be different. The reference count
+of the \s-1BIO\s0 is not incremented.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+The following return values can occur:
+.IP "\s-1NULL\s0" 4
+.IX Item "NULL"
+No \s-1BIO\s0 was connected to the \s-1SSL\s0 object
+.IP "Any other pointer" 4
+.IX Item "Any other pointer"
+The \s-1BIO\s0 linked to \fBssl\fR.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fISSL_set_bio\fR\|(3), \fIssl\fR\|(3) , \fIbio\fR\|(3)
diff --git a/secure/lib/libssl/man/SSL_get_session.3 b/secure/lib/libssl/man/SSL_get_session.3
new file mode 100644
index 0000000..3e4d913
--- /dev/null
+++ b/secure/lib/libssl/man/SSL_get_session.3
@@ -0,0 +1,190 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "SSL_get_session 3"
+.TH SSL_get_session 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+SSL_get_session \- retrieve TLS/SSL session data
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/ssl.h>
+\&
+\& SSL_SESSION *SSL_get_session(const SSL *ssl);
+\& SSL_SESSION *SSL_get0_session(const SSL *ssl);
+\& SSL_SESSION *SSL_get1_session(SSL *ssl);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\fISSL_get_session()\fR returns a pointer to the \fB\s-1SSL_SESSION\s0\fR actually used in
+\&\fBssl\fR. The reference count of the \fB\s-1SSL_SESSION\s0\fR is not incremented, so
+that the pointer can become invalid by other operations.
+.PP
+\&\fISSL_get0_session()\fR is the same as \fISSL_get_session()\fR.
+.PP
+\&\fISSL_get1_session()\fR is the same as \fISSL_get_session()\fR, but the reference
+count of the \fB\s-1SSL_SESSION\s0\fR is incremented by one.
+.SH "NOTES"
+.IX Header "NOTES"
+The ssl session contains all information required to re-establish the
+connection without a new handshake.
+.PP
+\&\fISSL_get0_session()\fR returns a pointer to the actual session. As the
+reference counter is not incremented, the pointer is only valid while
+the connection is in use. If \fISSL_clear\fR\|(3) or
+\&\fISSL_free\fR\|(3) is called, the session may be removed completely
+(if considered bad), and the pointer obtained will become invalid. Even
+if the session is valid, it can be removed at any time due to timeout
+during \fISSL_CTX_flush_sessions\fR\|(3).
+.PP
+If the data is to be kept, \fISSL_get1_session()\fR will increment the reference
+count, so that the session will not be implicitly removed by other operations
+but stays in memory. In order to remove the session
+\&\fISSL_SESSION_free\fR\|(3) must be explicitly called once
+to decrement the reference count again.
+.PP
+\&\s-1SSL_SESSION\s0 objects keep internal link information about the session cache
+list, when being inserted into one \s-1SSL_CTX\s0 object's session cache.
+One \s-1SSL_SESSION\s0 object, regardless of its reference count, must therefore
+only be used with one \s-1SSL_CTX\s0 object (and the \s-1SSL\s0 objects created
+from this \s-1SSL_CTX\s0 object).
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+The following return values can occur:
+.IP "\s-1NULL\s0" 4
+.IX Item "NULL"
+There is no session available in \fBssl\fR.
+.IP "Pointer to an \s-1SSL\s0" 4
+.IX Item "Pointer to an SSL"
+The return value points to the data of an \s-1SSL\s0 session.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIssl\fR\|(3), \fISSL_free\fR\|(3),
+\&\fISSL_clear\fR\|(3),
+\&\fISSL_SESSION_free\fR\|(3)
diff --git a/secure/lib/libssl/man/SSL_get_verify_result.3 b/secure/lib/libssl/man/SSL_get_verify_result.3
new file mode 100644
index 0000000..5ce0d4c
--- /dev/null
+++ b/secure/lib/libssl/man/SSL_get_verify_result.3
@@ -0,0 +1,173 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "SSL_get_verify_result 3"
+.TH SSL_get_verify_result 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+SSL_get_verify_result \- get result of peer certificate verification
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/ssl.h>
+\&
+\& long SSL_get_verify_result(const SSL *ssl);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\fISSL_get_verify_result()\fR returns the result of the verification of the
+X509 certificate presented by the peer, if any.
+.SH "NOTES"
+.IX Header "NOTES"
+\&\fISSL_get_verify_result()\fR can only return one error code while the verification
+of a certificate can fail because of many reasons at the same time. Only
+the last verification error that occurred during the processing is available
+from \fISSL_get_verify_result()\fR.
+.PP
+The verification result is part of the established session and is restored
+when a session is reused.
+.SH "BUGS"
+.IX Header "BUGS"
+If no peer certificate was presented, the returned result code is
+X509_V_OK. This is because no verification error occurred, it does however
+not indicate success. \fISSL_get_verify_result()\fR is only useful in connection
+with \fISSL_get_peer_certificate\fR\|(3).
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+The following return values can currently occur:
+.IP "X509_V_OK" 4
+.IX Item "X509_V_OK"
+The verification succeeded or no peer certificate was presented.
+.IP "Any other value" 4
+.IX Item "Any other value"
+Documented in \fIverify\fR\|(1).
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIssl\fR\|(3), \fISSL_set_verify_result\fR\|(3),
+\&\fISSL_get_peer_certificate\fR\|(3),
+\&\fIverify\fR\|(1)
diff --git a/secure/lib/libssl/man/SSL_get_version.3 b/secure/lib/libssl/man/SSL_get_version.3
new file mode 100644
index 0000000..b52d556
--- /dev/null
+++ b/secure/lib/libssl/man/SSL_get_version.3
@@ -0,0 +1,162 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "SSL_get_version 3"
+.TH SSL_get_version 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+SSL_get_version \- get the protocol version of a connection.
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/ssl.h>
+\&
+\& const char *SSL_get_version(const SSL *ssl);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\fISSL_get_cipher_version()\fR returns the name of the protocol used for the
+connection \fBssl\fR.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+The following strings can occur:
+.IP "SSLv2" 4
+.IX Item "SSLv2"
+The connection uses the SSLv2 protocol.
+.IP "SSLv3" 4
+.IX Item "SSLv3"
+The connection uses the SSLv3 protocol.
+.IP "TLSv1" 4
+.IX Item "TLSv1"
+The connection uses the TLSv1 protocol.
+.IP "unknown" 4
+.IX Item "unknown"
+This indicates that no version has been set (no connection established).
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIssl\fR\|(3)
diff --git a/secure/lib/libssl/man/SSL_library_init.3 b/secure/lib/libssl/man/SSL_library_init.3
new file mode 100644
index 0000000..abed958
--- /dev/null
+++ b/secure/lib/libssl/man/SSL_library_init.3
@@ -0,0 +1,178 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "SSL_library_init 3"
+.TH SSL_library_init 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+SSL_library_init, OpenSSL_add_ssl_algorithms, SSLeay_add_ssl_algorithms
+\&\- initialize SSL library by registering algorithms
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/ssl.h>
+\&
+\& int SSL_library_init(void);
+\& #define OpenSSL_add_ssl_algorithms() SSL_library_init()
+\& #define SSLeay_add_ssl_algorithms() SSL_library_init()
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\fISSL_library_init()\fR registers the available \s-1SSL/TLS\s0 ciphers and digests.
+.PP
+\&\fIOpenSSL_add_ssl_algorithms()\fR and \fISSLeay_add_ssl_algorithms()\fR are synonyms
+for \fISSL_library_init()\fR.
+.SH "NOTES"
+.IX Header "NOTES"
+\&\fISSL_library_init()\fR must be called before any other action takes place.
+.SH "WARNING"
+.IX Header "WARNING"
+\&\fISSL_library_init()\fR adds ciphers and digests used directly and indirectly by
+\&\s-1SSL/TLS\s0.
+.SH "EXAMPLES"
+.IX Header "EXAMPLES"
+A typical \s-1TLS/SSL\s0 application will start with the library initialization,
+and provide readable error messages.
+.PP
+.Vb 2
+\& SSL_load_error_strings(); /* readable error messages */
+\& SSL_library_init(); /* initialize library */
+.Ve
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+\&\fISSL_library_init()\fR always returns \*(L"1\*(R", so it is safe to discard the return
+value.
+.SH "NOTES"
+.IX Header "NOTES"
+OpenSSL 0.9.8o and 1.0.0a and later added \s-1SHA2\s0 algorithms to \fISSL_library_init()\fR.
+Applications which need to use \s-1SHA2\s0 in earlier versions of OpenSSL should call
+\&\fIOpenSSL_add_all_algorithms()\fR as well.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIssl\fR\|(3), \fISSL_load_error_strings\fR\|(3),
+\&\fIRAND_add\fR\|(3)
diff --git a/secure/lib/libssl/man/SSL_load_client_CA_file.3 b/secure/lib/libssl/man/SSL_load_client_CA_file.3
new file mode 100644
index 0000000..154b3e7
--- /dev/null
+++ b/secure/lib/libssl/man/SSL_load_client_CA_file.3
@@ -0,0 +1,180 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "SSL_load_client_CA_file 3"
+.TH SSL_load_client_CA_file 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+SSL_load_client_CA_file \- load certificate names from file
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/ssl.h>
+\&
+\& STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\fISSL_load_client_CA_file()\fR reads certificates from \fBfile\fR and returns
+a \s-1STACK_OF\s0(X509_NAME) with the subject names found.
+.SH "NOTES"
+.IX Header "NOTES"
+\&\fISSL_load_client_CA_file()\fR reads a file of \s-1PEM\s0 formatted certificates and
+extracts the X509_NAMES of the certificates found. While the name suggests
+the specific usage as support function for
+\&\fISSL_CTX_set_client_CA_list\fR\|(3),
+it is not limited to \s-1CA\s0 certificates.
+.SH "EXAMPLES"
+.IX Header "EXAMPLES"
+Load names of CAs from file and use it as a client \s-1CA\s0 list:
+.PP
+.Vb 2
+\& SSL_CTX *ctx;
+\& STACK_OF(X509_NAME) *cert_names;
+\&
+\& ...
+\& cert_names = SSL_load_client_CA_file("/path/to/CAfile.pem");
+\& if (cert_names != NULL)
+\& SSL_CTX_set_client_CA_list(ctx, cert_names);
+\& else
+\& error_handling();
+\& ...
+.Ve
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+The following return values can occur:
+.IP "\s-1NULL\s0" 4
+.IX Item "NULL"
+The operation failed, check out the error stack for the reason.
+.IP "Pointer to \s-1STACK_OF\s0(X509_NAME)" 4
+.IX Item "Pointer to STACK_OF(X509_NAME)"
+Pointer to the subject names of the successfully read certificates.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIssl\fR\|(3),
+\&\fISSL_CTX_set_client_CA_list\fR\|(3)
diff --git a/secure/lib/libssl/man/SSL_new.3 b/secure/lib/libssl/man/SSL_new.3
new file mode 100644
index 0000000..b20687d
--- /dev/null
+++ b/secure/lib/libssl/man/SSL_new.3
@@ -0,0 +1,162 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "SSL_new 3"
+.TH SSL_new 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+SSL_new \- create a new SSL structure for a connection
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/ssl.h>
+\&
+\& SSL *SSL_new(SSL_CTX *ctx);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\fISSL_new()\fR creates a new \fB\s-1SSL\s0\fR structure which is needed to hold the
+data for a \s-1TLS/SSL\s0 connection. The new structure inherits the settings
+of the underlying context \fBctx\fR: connection method (SSLv2/v3/TLSv1),
+options, verification settings, timeout settings.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+The following return values can occur:
+.IP "\s-1NULL\s0" 4
+.IX Item "NULL"
+The creation of a new \s-1SSL\s0 structure failed. Check the error stack to
+find out the reason.
+.IP "Pointer to an \s-1SSL\s0 structure" 4
+.IX Item "Pointer to an SSL structure"
+The return value points to an allocated \s-1SSL\s0 structure.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fISSL_free\fR\|(3), \fISSL_clear\fR\|(3),
+\&\fISSL_CTX_set_options\fR\|(3),
+\&\fISSL_get_SSL_CTX\fR\|(3),
+\&\fIssl\fR\|(3)
diff --git a/secure/lib/libssl/man/SSL_pending.3 b/secure/lib/libssl/man/SSL_pending.3
new file mode 100644
index 0000000..fb98f0e
--- /dev/null
+++ b/secure/lib/libssl/man/SSL_pending.3
@@ -0,0 +1,165 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "SSL_pending 3"
+.TH SSL_pending 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+SSL_pending \- obtain number of readable bytes buffered in an SSL object
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/ssl.h>
+\&
+\& int SSL_pending(const SSL *ssl);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\fISSL_pending()\fR returns the number of bytes which are available inside
+\&\fBssl\fR for immediate read.
+.SH "NOTES"
+.IX Header "NOTES"
+Data are received in blocks from the peer. Therefore data can be buffered
+inside \fBssl\fR and are ready for immediate retrieval with
+\&\fISSL_read\fR\|(3).
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+The number of bytes pending is returned.
+.SH "BUGS"
+.IX Header "BUGS"
+\&\fISSL_pending()\fR takes into account only bytes from the \s-1TLS/SSL\s0 record
+that is currently being processed (if any). If the \fB\s-1SSL\s0\fR object's
+\&\fIread_ahead\fR flag is set, additional protocol bytes may have been
+read containing more \s-1TLS/SSL\s0 records; these are ignored by
+\&\fISSL_pending()\fR.
+.PP
+Up to OpenSSL 0.9.6, \fISSL_pending()\fR does not check if the record type
+of pending data is application data.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fISSL_read\fR\|(3), \fIssl\fR\|(3)
diff --git a/secure/lib/libssl/man/SSL_read.3 b/secure/lib/libssl/man/SSL_read.3
new file mode 100644
index 0000000..69383c5
--- /dev/null
+++ b/secure/lib/libssl/man/SSL_read.3
@@ -0,0 +1,238 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "SSL_read 3"
+.TH SSL_read 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+SSL_read \- read bytes from a TLS/SSL connection.
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/ssl.h>
+\&
+\& int SSL_read(SSL *ssl, void *buf, int num);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\fISSL_read()\fR tries to read \fBnum\fR bytes from the specified \fBssl\fR into the
+buffer \fBbuf\fR.
+.SH "NOTES"
+.IX Header "NOTES"
+If necessary, \fISSL_read()\fR will negotiate a \s-1TLS/SSL\s0 session, if
+not already explicitly performed by \fISSL_connect\fR\|(3) or
+\&\fISSL_accept\fR\|(3). If the
+peer requests a re-negotiation, it will be performed transparently during
+the \fISSL_read()\fR operation. The behaviour of \fISSL_read()\fR depends on the
+underlying \s-1BIO\s0.
+.PP
+For the transparent negotiation to succeed, the \fBssl\fR must have been
+initialized to client or server mode. This is being done by calling
+\&\fISSL_set_connect_state\fR\|(3) or \fISSL_set_accept_state()\fR
+before the first call to an \fISSL_read()\fR or \fISSL_write\fR\|(3)
+function.
+.PP
+\&\fISSL_read()\fR works based on the \s-1SSL/TLS\s0 records. The data are received in
+records (with a maximum record size of 16kB for SSLv3/TLSv1). Only when a
+record has been completely received, it can be processed (decryption and
+check of integrity). Therefore data that was not retrieved at the last
+call of \fISSL_read()\fR can still be buffered inside the \s-1SSL\s0 layer and will be
+retrieved on the next call to \fISSL_read()\fR. If \fBnum\fR is higher than the
+number of bytes buffered, \fISSL_read()\fR will return with the bytes buffered.
+If no more bytes are in the buffer, \fISSL_read()\fR will trigger the processing
+of the next record. Only when the record has been received and processed
+completely, \fISSL_read()\fR will return reporting success. At most the contents
+of the record will be returned. As the size of an \s-1SSL/TLS\s0 record may exceed
+the maximum packet size of the underlying transport (e.g. \s-1TCP\s0), it may
+be necessary to read several packets from the transport layer before the
+record is complete and \fISSL_read()\fR can succeed.
+.PP
+If the underlying \s-1BIO\s0 is \fBblocking\fR, \fISSL_read()\fR will only return, once the
+read operation has been finished or an error occurred, except when a
+renegotiation take place, in which case a \s-1SSL_ERROR_WANT_READ\s0 may occur.
+This behaviour can be controlled with the \s-1SSL_MODE_AUTO_RETRY\s0 flag of the
+\&\fISSL_CTX_set_mode\fR\|(3) call.
+.PP
+If the underlying \s-1BIO\s0 is \fBnon-blocking\fR, \fISSL_read()\fR will also return
+when the underlying \s-1BIO\s0 could not satisfy the needs of \fISSL_read()\fR
+to continue the operation. In this case a call to
+\&\fISSL_get_error\fR\|(3) with the
+return value of \fISSL_read()\fR will yield \fB\s-1SSL_ERROR_WANT_READ\s0\fR or
+\&\fB\s-1SSL_ERROR_WANT_WRITE\s0\fR. As at any time a re-negotiation is possible, a
+call to \fISSL_read()\fR can also cause write operations! The calling process
+then must repeat the call after taking appropriate action to satisfy the
+needs of \fISSL_read()\fR. The action depends on the underlying \s-1BIO\s0. When using a
+non-blocking socket, nothing is to be done, but \fIselect()\fR can be used to check
+for the required condition. When using a buffering \s-1BIO\s0, like a \s-1BIO\s0 pair, data
+must be written into or retrieved out of the \s-1BIO\s0 before being able to continue.
+.PP
+\&\fISSL_pending\fR\|(3) can be used to find out whether there
+are buffered bytes available for immediate retrieval. In this case
+\&\fISSL_read()\fR can be called without blocking or actually receiving new
+data from the underlying socket.
+.SH "WARNING"
+.IX Header "WARNING"
+When an \fISSL_read()\fR operation has to be repeated because of
+\&\fB\s-1SSL_ERROR_WANT_READ\s0\fR or \fB\s-1SSL_ERROR_WANT_WRITE\s0\fR, it must be repeated
+with the same arguments.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+The following return values can occur:
+.IP ">0" 4
+.IX Item ">0"
+The read operation was successful; the return value is the number of
+bytes actually read from the \s-1TLS/SSL\s0 connection.
+.IP "0" 4
+The read operation was not successful. The reason may either be a clean
+shutdown due to a \*(L"close notify\*(R" alert sent by the peer (in which case
+the \s-1SSL_RECEIVED_SHUTDOWN\s0 flag in the ssl shutdown state is set
+(see \fISSL_shutdown\fR\|(3),
+\&\fISSL_set_shutdown\fR\|(3)). It is also possible, that
+the peer simply shut down the underlying transport and the shutdown is
+incomplete. Call \fISSL_get_error()\fR with the return value \fBret\fR to find out,
+whether an error occurred or the connection was shut down cleanly
+(\s-1SSL_ERROR_ZERO_RETURN\s0).
+.Sp
+SSLv2 (deprecated) does not support a shutdown alert protocol, so it can
+only be detected, whether the underlying connection was closed. It cannot
+be checked, whether the closure was initiated by the peer or by something
+else.
+.IP "<0" 4
+.IX Item "<0"
+The read operation was not successful, because either an error occurred
+or action must be taken by the calling process. Call \fISSL_get_error()\fR with the
+return value \fBret\fR to find out the reason.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fISSL_get_error\fR\|(3), \fISSL_write\fR\|(3),
+\&\fISSL_CTX_set_mode\fR\|(3), \fISSL_CTX_new\fR\|(3),
+\&\fISSL_connect\fR\|(3), \fISSL_accept\fR\|(3)
+\&\fISSL_set_connect_state\fR\|(3),
+\&\fISSL_pending\fR\|(3),
+\&\fISSL_shutdown\fR\|(3), \fISSL_set_shutdown\fR\|(3),
+\&\fIssl\fR\|(3), \fIbio\fR\|(3)
diff --git a/secure/lib/libssl/man/SSL_rstate_string.3 b/secure/lib/libssl/man/SSL_rstate_string.3
new file mode 100644
index 0000000..694b38f
--- /dev/null
+++ b/secure/lib/libssl/man/SSL_rstate_string.3
@@ -0,0 +1,178 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "SSL_rstate_string 3"
+.TH SSL_rstate_string 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+SSL_rstate_string, SSL_rstate_string_long \- get textual description of state of an SSL object during read operation
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/ssl.h>
+\&
+\& const char *SSL_rstate_string(SSL *ssl);
+\& const char *SSL_rstate_string_long(SSL *ssl);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\fISSL_rstate_string()\fR returns a 2 letter string indicating the current read state
+of the \s-1SSL\s0 object \fBssl\fR.
+.PP
+\&\fISSL_rstate_string_long()\fR returns a string indicating the current read state of
+the \s-1SSL\s0 object \fBssl\fR.
+.SH "NOTES"
+.IX Header "NOTES"
+When performing a read operation, the \s-1SSL/TLS\s0 engine must parse the record,
+consisting of header and body. When working in a blocking environment,
+SSL_rstate_string[_long]() should always return \*(L"\s-1RD\s0\*(R"/\*(L"read done\*(R".
+.PP
+This function should only seldom be needed in applications.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+\&\fISSL_rstate_string()\fR and \fISSL_rstate_string_long()\fR can return the following
+values:
+.ie n .IP """\s-1RH\s0""/""read header""" 4
+.el .IP "``\s-1RH\s0''/``read header''" 4
+.IX Item "RH/read header"
+The header of the record is being evaluated.
+.ie n .IP """\s-1RB\s0""/""read body""" 4
+.el .IP "``\s-1RB\s0''/``read body''" 4
+.IX Item "RB/read body"
+The body of the record is being evaluated.
+.ie n .IP """\s-1RD\s0""/""read done""" 4
+.el .IP "``\s-1RD\s0''/``read done''" 4
+.IX Item "RD/read done"
+The record has been completely processed.
+.ie n .IP """unknown""/""unknown""" 4
+.el .IP "``unknown''/``unknown''" 4
+.IX Item "unknown/unknown"
+The read state is unknown. This should never happen.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIssl\fR\|(3)
diff --git a/secure/lib/libssl/man/SSL_session_reused.3 b/secure/lib/libssl/man/SSL_session_reused.3
new file mode 100644
index 0000000..b6f2b0f
--- /dev/null
+++ b/secure/lib/libssl/man/SSL_session_reused.3
@@ -0,0 +1,161 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "SSL_session_reused 3"
+.TH SSL_session_reused 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+SSL_session_reused \- query whether a reused session was negotiated during handshake
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/ssl.h>
+\&
+\& int SSL_session_reused(SSL *ssl);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+Query, whether a reused session was negotiated during the handshake.
+.SH "NOTES"
+.IX Header "NOTES"
+During the negotiation, a client can propose to reuse a session. The server
+then looks up the session in its cache. If both client and server agree
+on the session, it will be reused and a flag is being set that can be
+queried by the application.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+The following return values can occur:
+.IP "0" 4
+A new session was negotiated.
+.IP "1" 4
+.IX Item "1"
+A session was reused.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIssl\fR\|(3), \fISSL_set_session\fR\|(3),
+\&\fISSL_CTX_set_session_cache_mode\fR\|(3)
diff --git a/secure/lib/libssl/man/SSL_set_bio.3 b/secure/lib/libssl/man/SSL_set_bio.3
new file mode 100644
index 0000000..57b8d30
--- /dev/null
+++ b/secure/lib/libssl/man/SSL_set_bio.3
@@ -0,0 +1,158 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "SSL_set_bio 3"
+.TH SSL_set_bio 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+SSL_set_bio \- connect the SSL object with a BIO
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/ssl.h>
+\&
+\& void SSL_set_bio(SSL *ssl, BIO *rbio, BIO *wbio);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\fISSL_set_bio()\fR connects the BIOs \fBrbio\fR and \fBwbio\fR for the read and write
+operations of the \s-1TLS/SSL\s0 (encrypted) side of \fBssl\fR.
+.PP
+The \s-1SSL\s0 engine inherits the behaviour of \fBrbio\fR and \fBwbio\fR, respectively.
+If a \s-1BIO\s0 is non-blocking, the \fBssl\fR will also have non-blocking behaviour.
+.PP
+If there was already a \s-1BIO\s0 connected to \fBssl\fR, \fIBIO_free()\fR will be called
+(for both the reading and writing side, if different).
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+\&\fISSL_set_bio()\fR cannot fail.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fISSL_get_rbio\fR\|(3),
+\&\fISSL_connect\fR\|(3), \fISSL_accept\fR\|(3),
+\&\fISSL_shutdown\fR\|(3), \fIssl\fR\|(3), \fIbio\fR\|(3)
diff --git a/secure/lib/libssl/man/SSL_set_connect_state.3 b/secure/lib/libssl/man/SSL_set_connect_state.3
new file mode 100644
index 0000000..1b681a0
--- /dev/null
+++ b/secure/lib/libssl/man/SSL_set_connect_state.3
@@ -0,0 +1,178 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "SSL_set_connect_state 3"
+.TH SSL_set_connect_state 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+SSL_set_connect_state, SSL_get_accept_state \- prepare SSL object to work in client or server mode
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/ssl.h>
+\&
+\& void SSL_set_connect_state(SSL *ssl);
+\&
+\& void SSL_set_accept_state(SSL *ssl);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\fISSL_set_connect_state()\fR sets \fBssl\fR to work in client mode.
+.PP
+\&\fISSL_set_accept_state()\fR sets \fBssl\fR to work in server mode.
+.SH "NOTES"
+.IX Header "NOTES"
+When the \s-1SSL_CTX\s0 object was created with \fISSL_CTX_new\fR\|(3),
+it was either assigned a dedicated client method, a dedicated server
+method, or a generic method, that can be used for both client and
+server connections. (The method might have been changed with
+\&\fISSL_CTX_set_ssl_version\fR\|(3) or
+\&\fISSL_set_ssl_method()\fR.)
+.PP
+When beginning a new handshake, the \s-1SSL\s0 engine must know whether it must
+call the connect (client) or accept (server) routines. Even though it may
+be clear from the method chosen, whether client or server mode was
+requested, the handshake routines must be explicitly set.
+.PP
+When using the \fISSL_connect\fR\|(3) or
+\&\fISSL_accept\fR\|(3) routines, the correct handshake
+routines are automatically set. When performing a transparent negotiation
+using \fISSL_write\fR\|(3) or \fISSL_read\fR\|(3), the
+handshake routines must be explicitly set in advance using either
+\&\fISSL_set_connect_state()\fR or \fISSL_set_accept_state()\fR.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+\&\fISSL_set_connect_state()\fR and \fISSL_set_accept_state()\fR do not return diagnostic
+information.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIssl\fR\|(3), \fISSL_new\fR\|(3), \fISSL_CTX_new\fR\|(3),
+\&\fISSL_connect\fR\|(3), \fISSL_accept\fR\|(3),
+\&\fISSL_write\fR\|(3), \fISSL_read\fR\|(3),
+\&\fISSL_do_handshake\fR\|(3),
+\&\fISSL_CTX_set_ssl_version\fR\|(3)
diff --git a/secure/lib/libssl/man/SSL_set_fd.3 b/secure/lib/libssl/man/SSL_set_fd.3
new file mode 100644
index 0000000..3f9fddb
--- /dev/null
+++ b/secure/lib/libssl/man/SSL_set_fd.3
@@ -0,0 +1,171 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "SSL_set_fd 3"
+.TH SSL_set_fd 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+SSL_set_fd \- connect the SSL object with a file descriptor
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/ssl.h>
+\&
+\& int SSL_set_fd(SSL *ssl, int fd);
+\& int SSL_set_rfd(SSL *ssl, int fd);
+\& int SSL_set_wfd(SSL *ssl, int fd);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\fISSL_set_fd()\fR sets the file descriptor \fBfd\fR as the input/output facility
+for the \s-1TLS/SSL\s0 (encrypted) side of \fBssl\fR. \fBfd\fR will typically be the
+socket file descriptor of a network connection.
+.PP
+When performing the operation, a \fBsocket \s-1BIO\s0\fR is automatically created to
+interface between the \fBssl\fR and \fBfd\fR. The \s-1BIO\s0 and hence the \s-1SSL\s0 engine
+inherit the behaviour of \fBfd\fR. If \fBfd\fR is non-blocking, the \fBssl\fR will
+also have non-blocking behaviour.
+.PP
+If there was already a \s-1BIO\s0 connected to \fBssl\fR, \fIBIO_free()\fR will be called
+(for both the reading and writing side, if different).
+.PP
+\&\fISSL_set_rfd()\fR and \fISSL_set_wfd()\fR perform the respective action, but only
+for the read channel or the write channel, which can be set independently.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+The following return values can occur:
+.IP "0" 4
+The operation failed. Check the error stack to find out why.
+.IP "1" 4
+.IX Item "1"
+The operation succeeded.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fISSL_get_fd\fR\|(3), \fISSL_set_bio\fR\|(3),
+\&\fISSL_connect\fR\|(3), \fISSL_accept\fR\|(3),
+\&\fISSL_shutdown\fR\|(3), \fIssl\fR\|(3) , \fIbio\fR\|(3)
diff --git a/secure/lib/libssl/man/SSL_set_session.3 b/secure/lib/libssl/man/SSL_set_session.3
new file mode 100644
index 0000000..7e8c70c
--- /dev/null
+++ b/secure/lib/libssl/man/SSL_set_session.3
@@ -0,0 +1,173 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "SSL_set_session 3"
+.TH SSL_set_session 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+SSL_set_session \- set a TLS/SSL session to be used during TLS/SSL connect
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/ssl.h>
+\&
+\& int SSL_set_session(SSL *ssl, SSL_SESSION *session);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\fISSL_set_session()\fR sets \fBsession\fR to be used when the \s-1TLS/SSL\s0 connection
+is to be established. \fISSL_set_session()\fR is only useful for \s-1TLS/SSL\s0 clients.
+When the session is set, the reference count of \fBsession\fR is incremented
+by 1. If the session is not reused, the reference count is decremented
+again during \fISSL_connect()\fR. Whether the session was reused can be queried
+with the \fISSL_session_reused\fR\|(3) call.
+.PP
+If there is already a session set inside \fBssl\fR (because it was set with
+\&\fISSL_set_session()\fR before or because the same \fBssl\fR was already used for
+a connection), \fISSL_SESSION_free()\fR will be called for that session.
+.SH "NOTES"
+.IX Header "NOTES"
+\&\s-1SSL_SESSION\s0 objects keep internal link information about the session cache
+list, when being inserted into one \s-1SSL_CTX\s0 object's session cache.
+One \s-1SSL_SESSION\s0 object, regardless of its reference count, must therefore
+only be used with one \s-1SSL_CTX\s0 object (and the \s-1SSL\s0 objects created
+from this \s-1SSL_CTX\s0 object).
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+The following return values can occur:
+.IP "0" 4
+The operation failed; check the error stack to find out the reason.
+.IP "1" 4
+.IX Item "1"
+The operation succeeded.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIssl\fR\|(3), \fISSL_SESSION_free\fR\|(3),
+\&\fISSL_get_session\fR\|(3),
+\&\fISSL_session_reused\fR\|(3),
+\&\fISSL_CTX_set_session_cache_mode\fR\|(3)
diff --git a/secure/lib/libssl/man/SSL_set_shutdown.3 b/secure/lib/libssl/man/SSL_set_shutdown.3
new file mode 100644
index 0000000..9b211de
--- /dev/null
+++ b/secure/lib/libssl/man/SSL_set_shutdown.3
@@ -0,0 +1,187 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "SSL_set_shutdown 3"
+.TH SSL_set_shutdown 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+SSL_set_shutdown, SSL_get_shutdown \- manipulate shutdown state of an SSL connection
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/ssl.h>
+\&
+\& void SSL_set_shutdown(SSL *ssl, int mode);
+\&
+\& int SSL_get_shutdown(const SSL *ssl);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\fISSL_set_shutdown()\fR sets the shutdown state of \fBssl\fR to \fBmode\fR.
+.PP
+\&\fISSL_get_shutdown()\fR returns the shutdown mode of \fBssl\fR.
+.SH "NOTES"
+.IX Header "NOTES"
+The shutdown state of an ssl connection is a bitmask of:
+.IP "0" 4
+No shutdown setting, yet.
+.IP "\s-1SSL_SENT_SHUTDOWN\s0" 4
+.IX Item "SSL_SENT_SHUTDOWN"
+A \*(L"close notify\*(R" shutdown alert was sent to the peer, the connection is being
+considered closed and the session is closed and correct.
+.IP "\s-1SSL_RECEIVED_SHUTDOWN\s0" 4
+.IX Item "SSL_RECEIVED_SHUTDOWN"
+A shutdown alert was received form the peer, either a normal \*(L"close notify\*(R"
+or a fatal error.
+.PP
+\&\s-1SSL_SENT_SHUTDOWN\s0 and \s-1SSL_RECEIVED_SHUTDOWN\s0 can be set at the same time.
+.PP
+The shutdown state of the connection is used to determine the state of
+the ssl session. If the session is still open, when
+\&\fISSL_clear\fR\|(3) or \fISSL_free\fR\|(3) is called,
+it is considered bad and removed according to \s-1RFC2246\s0.
+The actual condition for a correctly closed session is \s-1SSL_SENT_SHUTDOWN\s0
+(according to the \s-1TLS\s0 \s-1RFC\s0, it is acceptable to only send the \*(L"close notify\*(R"
+alert but to not wait for the peer's answer, when the underlying connection
+is closed).
+\&\fISSL_set_shutdown()\fR can be used to set this state without sending a
+close alert to the peer (see \fISSL_shutdown\fR\|(3)).
+.PP
+If a \*(L"close notify\*(R" was received, \s-1SSL_RECEIVED_SHUTDOWN\s0 will be set,
+for setting \s-1SSL_SENT_SHUTDOWN\s0 the application must however still call
+\&\fISSL_shutdown\fR\|(3) or \fISSL_set_shutdown()\fR itself.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+\&\fISSL_set_shutdown()\fR does not return diagnostic information.
+.PP
+\&\fISSL_get_shutdown()\fR returns the current setting.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIssl\fR\|(3), \fISSL_shutdown\fR\|(3),
+\&\fISSL_CTX_set_quiet_shutdown\fR\|(3),
+\&\fISSL_clear\fR\|(3), \fISSL_free\fR\|(3)
diff --git a/secure/lib/libssl/man/SSL_set_verify_result.3 b/secure/lib/libssl/man/SSL_set_verify_result.3
new file mode 100644
index 0000000..1cffb23
--- /dev/null
+++ b/secure/lib/libssl/man/SSL_set_verify_result.3
@@ -0,0 +1,161 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "SSL_set_verify_result 3"
+.TH SSL_set_verify_result 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+SSL_set_verify_result \- override result of peer certificate verification
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/ssl.h>
+\&
+\& void SSL_set_verify_result(SSL *ssl, long verify_result);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\fISSL_set_verify_result()\fR sets \fBverify_result\fR of the object \fBssl\fR to be the
+result of the verification of the X509 certificate presented by the peer,
+if any.
+.SH "NOTES"
+.IX Header "NOTES"
+\&\fISSL_set_verify_result()\fR overrides the verification result. It only changes
+the verification result of the \fBssl\fR object. It does not become part of the
+established session, so if the session is to be reused later, the original
+value will reappear.
+.PP
+The valid codes for \fBverify_result\fR are documented in \fIverify\fR\|(1).
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+\&\fISSL_set_verify_result()\fR does not provide a return value.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIssl\fR\|(3), \fISSL_get_verify_result\fR\|(3),
+\&\fISSL_get_peer_certificate\fR\|(3),
+\&\fIverify\fR\|(1)
diff --git a/secure/lib/libssl/man/SSL_shutdown.3 b/secure/lib/libssl/man/SSL_shutdown.3
new file mode 100644
index 0000000..d794359
--- /dev/null
+++ b/secure/lib/libssl/man/SSL_shutdown.3
@@ -0,0 +1,234 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "SSL_shutdown 3"
+.TH SSL_shutdown 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+SSL_shutdown \- shut down a TLS/SSL connection
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/ssl.h>
+\&
+\& int SSL_shutdown(SSL *ssl);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\fISSL_shutdown()\fR shuts down an active \s-1TLS/SSL\s0 connection. It sends the
+\&\*(L"close notify\*(R" shutdown alert to the peer.
+.SH "NOTES"
+.IX Header "NOTES"
+\&\fISSL_shutdown()\fR tries to send the \*(L"close notify\*(R" shutdown alert to the peer.
+Whether the operation succeeds or not, the \s-1SSL_SENT_SHUTDOWN\s0 flag is set and
+a currently open session is considered closed and good and will be kept in the
+session cache for further reuse.
+.PP
+The shutdown procedure consists of 2 steps: the sending of the \*(L"close notify\*(R"
+shutdown alert and the reception of the peer's \*(L"close notify\*(R" shutdown
+alert. According to the \s-1TLS\s0 standard, it is acceptable for an application
+to only send its shutdown alert and then close the underlying connection
+without waiting for the peer's response (this way resources can be saved,
+as the process can already terminate or serve another connection).
+When the underlying connection shall be used for more communications, the
+complete shutdown procedure (bidirectional \*(L"close notify\*(R" alerts) must be
+performed, so that the peers stay synchronized.
+.PP
+\&\fISSL_shutdown()\fR supports both uni\- and bidirectional shutdown by its 2 step
+behaviour.
+.ie n .IP "When the application is the first party to send the ""close notify"" alert, \fISSL_shutdown()\fR will only send the alert and then set the \s-1SSL_SENT_SHUTDOWN\s0 flag (so that the session is considered good and will be kept in cache). \fISSL_shutdown()\fR will then return with 0. If a unidirectional shutdown is enough (the underlying connection shall be closed anyway), this first call to \fISSL_shutdown()\fR is sufficient. In order to complete the bidirectional shutdown handshake, \fISSL_shutdown()\fR must be called again. The second call will make \fISSL_shutdown()\fR wait for the peer's ""close notify"" shutdown alert. On success, the second call to \fISSL_shutdown()\fR will return with 1." 4
+.el .IP "When the application is the first party to send the ``close notify'' alert, \fISSL_shutdown()\fR will only send the alert and then set the \s-1SSL_SENT_SHUTDOWN\s0 flag (so that the session is considered good and will be kept in cache). \fISSL_shutdown()\fR will then return with 0. If a unidirectional shutdown is enough (the underlying connection shall be closed anyway), this first call to \fISSL_shutdown()\fR is sufficient. In order to complete the bidirectional shutdown handshake, \fISSL_shutdown()\fR must be called again. The second call will make \fISSL_shutdown()\fR wait for the peer's ``close notify'' shutdown alert. On success, the second call to \fISSL_shutdown()\fR will return with 1." 4
+.IX Item "When the application is the first party to send the close notify alert, SSL_shutdown() will only send the alert and then set the SSL_SENT_SHUTDOWN flag (so that the session is considered good and will be kept in cache). SSL_shutdown() will then return with 0. If a unidirectional shutdown is enough (the underlying connection shall be closed anyway), this first call to SSL_shutdown() is sufficient. In order to complete the bidirectional shutdown handshake, SSL_shutdown() must be called again. The second call will make SSL_shutdown() wait for the peer's close notify shutdown alert. On success, the second call to SSL_shutdown() will return with 1."
+.PD 0
+.ie n .IP "If the peer already sent the ""close notify"" alert \fBand\fR it was already processed implicitly inside another function (\fISSL_read\fR\|(3)), the \s-1SSL_RECEIVED_SHUTDOWN\s0 flag is set. \fISSL_shutdown()\fR will send the ""close notify"" alert, set the \s-1SSL_SENT_SHUTDOWN\s0 flag and will immediately return with 1. Whether \s-1SSL_RECEIVED_SHUTDOWN\s0 is already set can be checked using the \fISSL_get_shutdown()\fR (see also \fISSL_set_shutdown\fR\|(3) call." 4
+.el .IP "If the peer already sent the ``close notify'' alert \fBand\fR it was already processed implicitly inside another function (\fISSL_read\fR\|(3)), the \s-1SSL_RECEIVED_SHUTDOWN\s0 flag is set. \fISSL_shutdown()\fR will send the ``close notify'' alert, set the \s-1SSL_SENT_SHUTDOWN\s0 flag and will immediately return with 1. Whether \s-1SSL_RECEIVED_SHUTDOWN\s0 is already set can be checked using the \fISSL_get_shutdown()\fR (see also \fISSL_set_shutdown\fR\|(3) call." 4
+.IX Item "If the peer already sent the close notify alert and it was already processed implicitly inside another function (SSL_read), the SSL_RECEIVED_SHUTDOWN flag is set. SSL_shutdown() will send the close notify alert, set the SSL_SENT_SHUTDOWN flag and will immediately return with 1. Whether SSL_RECEIVED_SHUTDOWN is already set can be checked using the SSL_get_shutdown() (see also SSL_set_shutdown call."
+.PD
+.PP
+It is therefore recommended, to check the return value of \fISSL_shutdown()\fR
+and call \fISSL_shutdown()\fR again, if the bidirectional shutdown is not yet
+complete (return value of the first call is 0). As the shutdown is not
+specially handled in the SSLv2 protocol, \fISSL_shutdown()\fR will succeed on
+the first call.
+.PP
+The behaviour of \fISSL_shutdown()\fR additionally depends on the underlying \s-1BIO\s0.
+.PP
+If the underlying \s-1BIO\s0 is \fBblocking\fR, \fISSL_shutdown()\fR will only return once the
+handshake step has been finished or an error occurred.
+.PP
+If the underlying \s-1BIO\s0 is \fBnon-blocking\fR, \fISSL_shutdown()\fR will also return
+when the underlying \s-1BIO\s0 could not satisfy the needs of \fISSL_shutdown()\fR
+to continue the handshake. In this case a call to \fISSL_get_error()\fR with the
+return value of \fISSL_shutdown()\fR will yield \fB\s-1SSL_ERROR_WANT_READ\s0\fR or
+\&\fB\s-1SSL_ERROR_WANT_WRITE\s0\fR. The calling process then must repeat the call after
+taking appropriate action to satisfy the needs of \fISSL_shutdown()\fR.
+The action depends on the underlying \s-1BIO\s0. When using a non-blocking socket,
+nothing is to be done, but \fIselect()\fR can be used to check for the required
+condition. When using a buffering \s-1BIO\s0, like a \s-1BIO\s0 pair, data must be written
+into or retrieved out of the \s-1BIO\s0 before being able to continue.
+.PP
+\&\fISSL_shutdown()\fR can be modified to only set the connection to \*(L"shutdown\*(R"
+state but not actually send the \*(L"close notify\*(R" alert messages,
+see \fISSL_CTX_set_quiet_shutdown\fR\|(3).
+When \*(L"quiet shutdown\*(R" is enabled, \fISSL_shutdown()\fR will always succeed
+and return 1.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+The following return values can occur:
+.IP "1." 4
+The shutdown was successfully completed. The \*(L"close notify\*(R" alert was sent
+and the peer's \*(L"close notify\*(R" alert was received.
+.IP "2." 4
+The shutdown is not yet finished. Call \fISSL_shutdown()\fR for a second time,
+if a bidirectional shutdown shall be performed.
+The output of \fISSL_get_error\fR\|(3) may be misleading, as an
+erroneous \s-1SSL_ERROR_SYSCALL\s0 may be flagged even though no error occurred.
+.IP "3." 4
+\&\-1
+.Sp
+The shutdown was not successful because a fatal error occurred either
+at the protocol level or a connection failure occurred. It can also occur if
+action is need to continue the operation for non-blocking BIOs.
+Call \fISSL_get_error\fR\|(3) with the return value \fBret\fR
+to find out the reason.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fISSL_get_error\fR\|(3), \fISSL_connect\fR\|(3),
+\&\fISSL_accept\fR\|(3), \fISSL_set_shutdown\fR\|(3),
+\&\fISSL_CTX_set_quiet_shutdown\fR\|(3),
+\&\fISSL_clear\fR\|(3), \fISSL_free\fR\|(3),
+\&\fIssl\fR\|(3), \fIbio\fR\|(3)
+.SH "POD ERRORS"
+.IX Header "POD ERRORS"
+Hey! \fBThe above document had some coding errors, which are explained below:\fR
+.IP "Around line 100:" 4
+.IX Item "Around line 100:"
+You have '=item 0' instead of the expected '=item 2'
+.IP "Around line 107:" 4
+.IX Item "Around line 107:"
+Expected '=item 3'
diff --git a/secure/lib/libssl/man/SSL_state_string.3 b/secure/lib/libssl/man/SSL_state_string.3
new file mode 100644
index 0000000..f9e3cf1
--- /dev/null
+++ b/secure/lib/libssl/man/SSL_state_string.3
@@ -0,0 +1,168 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "SSL_state_string 3"
+.TH SSL_state_string 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+SSL_state_string, SSL_state_string_long \- get textual description of state of an SSL object
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/ssl.h>
+\&
+\& const char *SSL_state_string(const SSL *ssl);
+\& const char *SSL_state_string_long(const SSL *ssl);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\fISSL_state_string()\fR returns a 6 letter string indicating the current state
+of the \s-1SSL\s0 object \fBssl\fR.
+.PP
+\&\fISSL_state_string_long()\fR returns a string indicating the current state of
+the \s-1SSL\s0 object \fBssl\fR.
+.SH "NOTES"
+.IX Header "NOTES"
+During its use, an \s-1SSL\s0 objects passes several states. The state is internally
+maintained. Querying the state information is not very informative before
+or when a connection has been established. It however can be of significant
+interest during the handshake.
+.PP
+When using non-blocking sockets, the function call performing the handshake
+may return with \s-1SSL_ERROR_WANT_READ\s0 or \s-1SSL_ERROR_WANT_WRITE\s0 condition,
+so that SSL_state_string[_long]() may be called.
+.PP
+For both blocking or non-blocking sockets, the details state information
+can be used within the info_callback function set with the
+\&\fISSL_set_info_callback()\fR call.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+Detailed description of possible states to be included later.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIssl\fR\|(3), \fISSL_CTX_set_info_callback\fR\|(3)
diff --git a/secure/lib/libssl/man/SSL_want.3 b/secure/lib/libssl/man/SSL_want.3
new file mode 100644
index 0000000..e61762d
--- /dev/null
+++ b/secure/lib/libssl/man/SSL_want.3
@@ -0,0 +1,192 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "SSL_want 3"
+.TH SSL_want 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+SSL_want, SSL_want_nothing, SSL_want_read, SSL_want_write, SSL_want_x509_lookup \- obtain state information TLS/SSL I/O operation
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/ssl.h>
+\&
+\& int SSL_want(const SSL *ssl);
+\& int SSL_want_nothing(const SSL *ssl);
+\& int SSL_want_read(const SSL *ssl);
+\& int SSL_want_write(const SSL *ssl);
+\& int SSL_want_x509_lookup(const SSL *ssl);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\fISSL_want()\fR returns state information for the \s-1SSL\s0 object \fBssl\fR.
+.PP
+The other SSL_want_*() calls are shortcuts for the possible states returned
+by \fISSL_want()\fR.
+.SH "NOTES"
+.IX Header "NOTES"
+\&\fISSL_want()\fR examines the internal state information of the \s-1SSL\s0 object. Its
+return values are similar to that of \fISSL_get_error\fR\|(3).
+Unlike \fISSL_get_error\fR\|(3), which also evaluates the
+error queue, the results are obtained by examining an internal state flag
+only. The information must therefore only be used for normal operation under
+non-blocking I/O. Error conditions are not handled and must be treated
+using \fISSL_get_error\fR\|(3).
+.PP
+The result returned by \fISSL_want()\fR should always be consistent with
+the result of \fISSL_get_error\fR\|(3).
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+The following return values can currently occur for \fISSL_want()\fR:
+.IP "\s-1SSL_NOTHING\s0" 4
+.IX Item "SSL_NOTHING"
+There is no data to be written or to be read.
+.IP "\s-1SSL_WRITING\s0" 4
+.IX Item "SSL_WRITING"
+There are data in the \s-1SSL\s0 buffer that must be written to the underlying
+\&\fB\s-1BIO\s0\fR layer in order to complete the actual SSL_*() operation.
+A call to \fISSL_get_error\fR\|(3) should return
+\&\s-1SSL_ERROR_WANT_WRITE\s0.
+.IP "\s-1SSL_READING\s0" 4
+.IX Item "SSL_READING"
+More data must be read from the underlying \fB\s-1BIO\s0\fR layer in order to
+complete the actual SSL_*() operation.
+A call to \fISSL_get_error\fR\|(3) should return
+\&\s-1SSL_ERROR_WANT_READ\s0.
+.IP "\s-1SSL_X509_LOOKUP\s0" 4
+.IX Item "SSL_X509_LOOKUP"
+The operation did not complete because an application callback set by
+\&\fISSL_CTX_set_client_cert_cb()\fR has asked to be called again.
+A call to \fISSL_get_error\fR\|(3) should return
+\&\s-1SSL_ERROR_WANT_X509_LOOKUP\s0.
+.PP
+\&\fISSL_want_nothing()\fR, \fISSL_want_read()\fR, \fISSL_want_write()\fR, \fISSL_want_x509_lookup()\fR
+return 1, when the corresponding condition is true or 0 otherwise.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIssl\fR\|(3), \fIerr\fR\|(3), \fISSL_get_error\fR\|(3)
diff --git a/secure/lib/libssl/man/SSL_write.3 b/secure/lib/libssl/man/SSL_write.3
new file mode 100644
index 0000000..2883ff8
--- /dev/null
+++ b/secure/lib/libssl/man/SSL_write.3
@@ -0,0 +1,223 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "SSL_write 3"
+.TH SSL_write 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+SSL_write \- write bytes to a TLS/SSL connection.
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/ssl.h>
+\&
+\& int SSL_write(SSL *ssl, const void *buf, int num);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\fISSL_write()\fR writes \fBnum\fR bytes from the buffer \fBbuf\fR into the specified
+\&\fBssl\fR connection.
+.SH "NOTES"
+.IX Header "NOTES"
+If necessary, \fISSL_write()\fR will negotiate a \s-1TLS/SSL\s0 session, if
+not already explicitly performed by \fISSL_connect\fR\|(3) or
+\&\fISSL_accept\fR\|(3). If the
+peer requests a re-negotiation, it will be performed transparently during
+the \fISSL_write()\fR operation. The behaviour of \fISSL_write()\fR depends on the
+underlying \s-1BIO\s0.
+.PP
+For the transparent negotiation to succeed, the \fBssl\fR must have been
+initialized to client or server mode. This is being done by calling
+\&\fISSL_set_connect_state\fR\|(3) or \fISSL_set_accept_state()\fR
+before the first call to an \fISSL_read\fR\|(3) or \fISSL_write()\fR function.
+.PP
+If the underlying \s-1BIO\s0 is \fBblocking\fR, \fISSL_write()\fR will only return, once the
+write operation has been finished or an error occurred, except when a
+renegotiation take place, in which case a \s-1SSL_ERROR_WANT_READ\s0 may occur.
+This behaviour can be controlled with the \s-1SSL_MODE_AUTO_RETRY\s0 flag of the
+\&\fISSL_CTX_set_mode\fR\|(3) call.
+.PP
+If the underlying \s-1BIO\s0 is \fBnon-blocking\fR, \fISSL_write()\fR will also return,
+when the underlying \s-1BIO\s0 could not satisfy the needs of \fISSL_write()\fR
+to continue the operation. In this case a call to
+\&\fISSL_get_error\fR\|(3) with the
+return value of \fISSL_write()\fR will yield \fB\s-1SSL_ERROR_WANT_READ\s0\fR or
+\&\fB\s-1SSL_ERROR_WANT_WRITE\s0\fR. As at any time a re-negotiation is possible, a
+call to \fISSL_write()\fR can also cause read operations! The calling process
+then must repeat the call after taking appropriate action to satisfy the
+needs of \fISSL_write()\fR. The action depends on the underlying \s-1BIO\s0. When using a
+non-blocking socket, nothing is to be done, but \fIselect()\fR can be used to check
+for the required condition. When using a buffering \s-1BIO\s0, like a \s-1BIO\s0 pair, data
+must be written into or retrieved out of the \s-1BIO\s0 before being able to continue.
+.PP
+\&\fISSL_write()\fR will only return with success, when the complete contents
+of \fBbuf\fR of length \fBnum\fR has been written. This default behaviour
+can be changed with the \s-1SSL_MODE_ENABLE_PARTIAL_WRITE\s0 option of
+\&\fISSL_CTX_set_mode\fR\|(3). When this flag is set,
+\&\fISSL_write()\fR will also return with success, when a partial write has been
+successfully completed. In this case the \fISSL_write()\fR operation is considered
+completed. The bytes are sent and a new \fISSL_write()\fR operation with a new
+buffer (with the already sent bytes removed) must be started.
+A partial write is performed with the size of a message block, which is
+16kB for SSLv3/TLSv1.
+.SH "WARNING"
+.IX Header "WARNING"
+When an \fISSL_write()\fR operation has to be repeated because of
+\&\fB\s-1SSL_ERROR_WANT_READ\s0\fR or \fB\s-1SSL_ERROR_WANT_WRITE\s0\fR, it must be repeated
+with the same arguments.
+.PP
+When calling \fISSL_write()\fR with num=0 bytes to be sent the behaviour is
+undefined.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+The following return values can occur:
+.IP ">0" 4
+.IX Item ">0"
+The write operation was successful, the return value is the number of
+bytes actually written to the \s-1TLS/SSL\s0 connection.
+.IP "0" 4
+The write operation was not successful. Probably the underlying connection
+was closed. Call \fISSL_get_error()\fR with the return value \fBret\fR to find out,
+whether an error occurred or the connection was shut down cleanly
+(\s-1SSL_ERROR_ZERO_RETURN\s0).
+.Sp
+SSLv2 (deprecated) does not support a shutdown alert protocol, so it can
+only be detected, whether the underlying connection was closed. It cannot
+be checked, why the closure happened.
+.IP "<0" 4
+.IX Item "<0"
+The write operation was not successful, because either an error occurred
+or action must be taken by the calling process. Call \fISSL_get_error()\fR with the
+return value \fBret\fR to find out the reason.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fISSL_get_error\fR\|(3), \fISSL_read\fR\|(3),
+\&\fISSL_CTX_set_mode\fR\|(3), \fISSL_CTX_new\fR\|(3),
+\&\fISSL_connect\fR\|(3), \fISSL_accept\fR\|(3)
+\&\fISSL_set_connect_state\fR\|(3),
+\&\fIssl\fR\|(3), \fIbio\fR\|(3)
diff --git a/secure/lib/libssl/man/d2i_SSL_SESSION.3 b/secure/lib/libssl/man/d2i_SSL_SESSION.3
new file mode 100644
index 0000000..233247b
--- /dev/null
+++ b/secure/lib/libssl/man/d2i_SSL_SESSION.3
@@ -0,0 +1,189 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "d2i_SSL_SESSION 3"
+.TH d2i_SSL_SESSION 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+d2i_SSL_SESSION, i2d_SSL_SESSION \- convert SSL_SESSION object from/to ASN1 representation
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/ssl.h>
+\&
+\& SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, long length);
+\& int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\fId2i_SSL_SESSION()\fR transforms the external \s-1ASN1\s0 representation of an \s-1SSL/TLS\s0
+session, stored as binary data at location \fBpp\fR with length \fBlength\fR, into
+an \s-1SSL_SESSION\s0 object.
+.PP
+\&\fIi2d_SSL_SESSION()\fR transforms the \s-1SSL_SESSION\s0 object \fBin\fR into the \s-1ASN1\s0
+representation and stores it into the memory location pointed to by \fBpp\fR.
+The length of the resulting \s-1ASN1\s0 representation is returned. If \fBpp\fR is
+the \s-1NULL\s0 pointer, only the length is calculated and returned.
+.SH "NOTES"
+.IX Header "NOTES"
+The \s-1SSL_SESSION\s0 object is built from several \fImalloc()\fRed parts, it can
+therefore not be moved, copied or stored directly. In order to store
+session data on disk or into a database, it must be transformed into
+a binary \s-1ASN1\s0 representation.
+.PP
+When using \fId2i_SSL_SESSION()\fR, the \s-1SSL_SESSION\s0 object is automatically
+allocated. The reference count is 1, so that the session must be
+explicitly removed using \fISSL_SESSION_free\fR\|(3),
+unless the \s-1SSL_SESSION\s0 object is completely taken over, when being called
+inside the \fIget_session_cb()\fR (see
+\&\fISSL_CTX_sess_set_get_cb\fR\|(3)).
+.PP
+\&\s-1SSL_SESSION\s0 objects keep internal link information about the session cache
+list, when being inserted into one \s-1SSL_CTX\s0 object's session cache.
+One \s-1SSL_SESSION\s0 object, regardless of its reference count, must therefore
+only be used with one \s-1SSL_CTX\s0 object (and the \s-1SSL\s0 objects created
+from this \s-1SSL_CTX\s0 object).
+.PP
+When using \fIi2d_SSL_SESSION()\fR, the memory location pointed to by \fBpp\fR must be
+large enough to hold the binary representation of the session. There is no
+known limit on the size of the created \s-1ASN1\s0 representation, so the necessary
+amount of space should be obtained by first calling \fIi2d_SSL_SESSION()\fR with
+\&\fBpp=NULL\fR, and obtain the size needed, then allocate the memory and
+call \fIi2d_SSL_SESSION()\fR again.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+\&\fId2i_SSL_SESSION()\fR returns a pointer to the newly allocated \s-1SSL_SESSION\s0
+object. In case of failure the NULL-pointer is returned and the error message
+can be retrieved from the error stack.
+.PP
+\&\fIi2d_SSL_SESSION()\fR returns the size of the \s-1ASN1\s0 representation in bytes.
+When the session is not valid, \fB0\fR is returned and no operation is performed.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIssl\fR\|(3), \fISSL_SESSION_free\fR\|(3),
+\&\fISSL_CTX_sess_set_get_cb\fR\|(3)
diff --git a/secure/lib/libssl/man/ssl.3 b/secure/lib/libssl/man/ssl.3
new file mode 100644
index 0000000..61e9bf8
--- /dev/null
+++ b/secure/lib/libssl/man/ssl.3
@@ -0,0 +1,803 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "ssl 3"
+.TH ssl 3 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+SSL \- OpenSSL SSL/TLS library
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+The OpenSSL \fBssl\fR library implements the Secure Sockets Layer (\s-1SSL\s0 v2/v3) and
+Transport Layer Security (\s-1TLS\s0 v1) protocols. It provides a rich \s-1API\s0 which is
+documented here.
+.PP
+At first the library must be initialized; see
+\&\fISSL_library_init\fR\|(3).
+.PP
+Then an \fB\s-1SSL_CTX\s0\fR object is created as a framework to establish
+\&\s-1TLS/SSL\s0 enabled connections (see \fISSL_CTX_new\fR\|(3)).
+Various options regarding certificates, algorithms etc. can be set
+in this object.
+.PP
+When a network connection has been created, it can be assigned to an
+\&\fB\s-1SSL\s0\fR object. After the \fB\s-1SSL\s0\fR object has been created using
+\&\fISSL_new\fR\|(3), \fISSL_set_fd\fR\|(3) or
+\&\fISSL_set_bio\fR\|(3) can be used to associate the network
+connection with the object.
+.PP
+Then the \s-1TLS/SSL\s0 handshake is performed using
+\&\fISSL_accept\fR\|(3) or \fISSL_connect\fR\|(3)
+respectively.
+\&\fISSL_read\fR\|(3) and \fISSL_write\fR\|(3) are used
+to read and write data on the \s-1TLS/SSL\s0 connection.
+\&\fISSL_shutdown\fR\|(3) can be used to shut down the
+\&\s-1TLS/SSL\s0 connection.
+.SH "DATA STRUCTURES"
+.IX Header "DATA STRUCTURES"
+Currently the OpenSSL \fBssl\fR library functions deals with the following data
+structures:
+.IP "\fB\s-1SSL_METHOD\s0\fR (\s-1SSL\s0 Method)" 4
+.IX Item "SSL_METHOD (SSL Method)"
+That's a dispatch structure describing the internal \fBssl\fR library
+methods/functions which implement the various protocol versions (SSLv1, SSLv2
+and TLSv1). It's needed to create an \fB\s-1SSL_CTX\s0\fR.
+.IP "\fB\s-1SSL_CIPHER\s0\fR (\s-1SSL\s0 Cipher)" 4
+.IX Item "SSL_CIPHER (SSL Cipher)"
+This structure holds the algorithm information for a particular cipher which
+are a core part of the \s-1SSL/TLS\s0 protocol. The available ciphers are configured
+on a \fB\s-1SSL_CTX\s0\fR basis and the actually used ones are then part of the
+\&\fB\s-1SSL_SESSION\s0\fR.
+.IP "\fB\s-1SSL_CTX\s0\fR (\s-1SSL\s0 Context)" 4
+.IX Item "SSL_CTX (SSL Context)"
+That's the global context structure which is created by a server or client
+once per program life-time and which holds mainly default values for the
+\&\fB\s-1SSL\s0\fR structures which are later created for the connections.
+.IP "\fB\s-1SSL_SESSION\s0\fR (\s-1SSL\s0 Session)" 4
+.IX Item "SSL_SESSION (SSL Session)"
+This is a structure containing the current \s-1TLS/SSL\s0 session details for a
+connection: \fB\s-1SSL_CIPHER\s0\fRs, client and server certificates, keys, etc.
+.IP "\fB\s-1SSL\s0\fR (\s-1SSL\s0 Connection)" 4
+.IX Item "SSL (SSL Connection)"
+That's the main \s-1SSL/TLS\s0 structure which is created by a server or client per
+established connection. This actually is the core structure in the \s-1SSL\s0 \s-1API\s0.
+Under run-time the application usually deals with this structure which has
+links to mostly all other structures.
+.SH "HEADER FILES"
+.IX Header "HEADER FILES"
+Currently the OpenSSL \fBssl\fR library provides the following C header files
+containing the prototypes for the data structures and and functions:
+.IP "\fBssl.h\fR" 4
+.IX Item "ssl.h"
+That's the common header file for the \s-1SSL/TLS\s0 \s-1API\s0. Include it into your
+program to make the \s-1API\s0 of the \fBssl\fR library available. It internally
+includes both more private \s-1SSL\s0 headers and headers from the \fBcrypto\fR library.
+Whenever you need hard-core details on the internals of the \s-1SSL\s0 \s-1API\s0, look
+inside this header file.
+.IP "\fBssl2.h\fR" 4
+.IX Item "ssl2.h"
+That's the sub header file dealing with the SSLv2 protocol only.
+\&\fIUsually you don't have to include it explicitly because
+it's already included by ssl.h\fR.
+.IP "\fBssl3.h\fR" 4
+.IX Item "ssl3.h"
+That's the sub header file dealing with the SSLv3 protocol only.
+\&\fIUsually you don't have to include it explicitly because
+it's already included by ssl.h\fR.
+.IP "\fBssl23.h\fR" 4
+.IX Item "ssl23.h"
+That's the sub header file dealing with the combined use of the SSLv2 and
+SSLv3 protocols.
+\&\fIUsually you don't have to include it explicitly because
+it's already included by ssl.h\fR.
+.IP "\fBtls1.h\fR" 4
+.IX Item "tls1.h"
+That's the sub header file dealing with the TLSv1 protocol only.
+\&\fIUsually you don't have to include it explicitly because
+it's already included by ssl.h\fR.
+.SH "API FUNCTIONS"
+.IX Header "API FUNCTIONS"
+Currently the OpenSSL \fBssl\fR library exports 214 \s-1API\s0 functions.
+They are documented in the following:
+.SS "\s-1DEALING\s0 \s-1WITH\s0 \s-1PROTOCOL\s0 \s-1METHODS\s0"
+.IX Subsection "DEALING WITH PROTOCOL METHODS"
+Here we document the various \s-1API\s0 functions which deal with the \s-1SSL/TLS\s0
+protocol methods defined in \fB\s-1SSL_METHOD\s0\fR structures.
+.IP "\s-1SSL_METHOD\s0 *\fBSSLv2_client_method\fR(void);" 4
+.IX Item "SSL_METHOD *SSLv2_client_method(void);"
+Constructor for the SSLv2 \s-1SSL_METHOD\s0 structure for a dedicated client.
+.IP "\s-1SSL_METHOD\s0 *\fBSSLv2_server_method\fR(void);" 4
+.IX Item "SSL_METHOD *SSLv2_server_method(void);"
+Constructor for the SSLv2 \s-1SSL_METHOD\s0 structure for a dedicated server.
+.IP "\s-1SSL_METHOD\s0 *\fBSSLv2_method\fR(void);" 4
+.IX Item "SSL_METHOD *SSLv2_method(void);"
+Constructor for the SSLv2 \s-1SSL_METHOD\s0 structure for combined client and server.
+.IP "\s-1SSL_METHOD\s0 *\fBSSLv3_client_method\fR(void);" 4
+.IX Item "SSL_METHOD *SSLv3_client_method(void);"
+Constructor for the SSLv3 \s-1SSL_METHOD\s0 structure for a dedicated client.
+.IP "\s-1SSL_METHOD\s0 *\fBSSLv3_server_method\fR(void);" 4
+.IX Item "SSL_METHOD *SSLv3_server_method(void);"
+Constructor for the SSLv3 \s-1SSL_METHOD\s0 structure for a dedicated server.
+.IP "\s-1SSL_METHOD\s0 *\fBSSLv3_method\fR(void);" 4
+.IX Item "SSL_METHOD *SSLv3_method(void);"
+Constructor for the SSLv3 \s-1SSL_METHOD\s0 structure for combined client and server.
+.IP "\s-1SSL_METHOD\s0 *\fBTLSv1_client_method\fR(void);" 4
+.IX Item "SSL_METHOD *TLSv1_client_method(void);"
+Constructor for the TLSv1 \s-1SSL_METHOD\s0 structure for a dedicated client.
+.IP "\s-1SSL_METHOD\s0 *\fBTLSv1_server_method\fR(void);" 4
+.IX Item "SSL_METHOD *TLSv1_server_method(void);"
+Constructor for the TLSv1 \s-1SSL_METHOD\s0 structure for a dedicated server.
+.IP "\s-1SSL_METHOD\s0 *\fBTLSv1_method\fR(void);" 4
+.IX Item "SSL_METHOD *TLSv1_method(void);"
+Constructor for the TLSv1 \s-1SSL_METHOD\s0 structure for combined client and server.
+.SS "\s-1DEALING\s0 \s-1WITH\s0 \s-1CIPHERS\s0"
+.IX Subsection "DEALING WITH CIPHERS"
+Here we document the various \s-1API\s0 functions which deal with the \s-1SSL/TLS\s0
+ciphers defined in \fB\s-1SSL_CIPHER\s0\fR structures.
+.IP "char *\fBSSL_CIPHER_description\fR(\s-1SSL_CIPHER\s0 *cipher, char *buf, int len);" 4
+.IX Item "char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len);"
+Write a string to \fIbuf\fR (with a maximum size of \fIlen\fR) containing a human
+readable description of \fIcipher\fR. Returns \fIbuf\fR.
+.IP "int \fBSSL_CIPHER_get_bits\fR(\s-1SSL_CIPHER\s0 *cipher, int *alg_bits);" 4
+.IX Item "int SSL_CIPHER_get_bits(SSL_CIPHER *cipher, int *alg_bits);"
+Determine the number of bits in \fIcipher\fR. Because of export crippled ciphers
+there are two bits: The bits the algorithm supports in general (stored to
+\&\fIalg_bits\fR) and the bits which are actually used (the return value).
+.IP "const char *\fBSSL_CIPHER_get_name\fR(\s-1SSL_CIPHER\s0 *cipher);" 4
+.IX Item "const char *SSL_CIPHER_get_name(SSL_CIPHER *cipher);"
+Return the internal name of \fIcipher\fR as a string. These are the various
+strings defined by the \fISSL2_TXT_xxx\fR, \fISSL3_TXT_xxx\fR and \fITLS1_TXT_xxx\fR
+definitions in the header files.
+.IP "char *\fBSSL_CIPHER_get_version\fR(\s-1SSL_CIPHER\s0 *cipher);" 4
+.IX Item "char *SSL_CIPHER_get_version(SSL_CIPHER *cipher);"
+Returns a string like "\f(CW\*(C`TLSv1/SSLv3\*(C'\fR\*(L" or \*(R"\f(CW\*(C`SSLv2\*(C'\fR" which indicates the
+\&\s-1SSL/TLS\s0 protocol version to which \fIcipher\fR belongs (i.e. where it was defined
+in the specification the first time).
+.SS "\s-1DEALING\s0 \s-1WITH\s0 \s-1PROTOCOL\s0 \s-1CONTEXTS\s0"
+.IX Subsection "DEALING WITH PROTOCOL CONTEXTS"
+Here we document the various \s-1API\s0 functions which deal with the \s-1SSL/TLS\s0
+protocol context defined in the \fB\s-1SSL_CTX\s0\fR structure.
+.IP "int \fBSSL_CTX_add_client_CA\fR(\s-1SSL_CTX\s0 *ctx, X509 *x);" 4
+.IX Item "int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x);"
+.PD 0
+.IP "long \fBSSL_CTX_add_extra_chain_cert\fR(\s-1SSL_CTX\s0 *ctx, X509 *x509);" 4
+.IX Item "long SSL_CTX_add_extra_chain_cert(SSL_CTX *ctx, X509 *x509);"
+.IP "int \fBSSL_CTX_add_session\fR(\s-1SSL_CTX\s0 *ctx, \s-1SSL_SESSION\s0 *c);" 4
+.IX Item "int SSL_CTX_add_session(SSL_CTX *ctx, SSL_SESSION *c);"
+.IP "int \fBSSL_CTX_check_private_key\fR(const \s-1SSL_CTX\s0 *ctx);" 4
+.IX Item "int SSL_CTX_check_private_key(const SSL_CTX *ctx);"
+.IP "long \fBSSL_CTX_ctrl\fR(\s-1SSL_CTX\s0 *ctx, int cmd, long larg, char *parg);" 4
+.IX Item "long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, char *parg);"
+.IP "void \fBSSL_CTX_flush_sessions\fR(\s-1SSL_CTX\s0 *s, long t);" 4
+.IX Item "void SSL_CTX_flush_sessions(SSL_CTX *s, long t);"
+.IP "void \fBSSL_CTX_free\fR(\s-1SSL_CTX\s0 *a);" 4
+.IX Item "void SSL_CTX_free(SSL_CTX *a);"
+.IP "char *\fBSSL_CTX_get_app_data\fR(\s-1SSL_CTX\s0 *ctx);" 4
+.IX Item "char *SSL_CTX_get_app_data(SSL_CTX *ctx);"
+.IP "X509_STORE *\fBSSL_CTX_get_cert_store\fR(\s-1SSL_CTX\s0 *ctx);" 4
+.IX Item "X509_STORE *SSL_CTX_get_cert_store(SSL_CTX *ctx);"
+.IP "\s-1STACK\s0 *\fBSSL_CTX_get_client_CA_list\fR(const \s-1SSL_CTX\s0 *ctx);" 4
+.IX Item "STACK *SSL_CTX_get_client_CA_list(const SSL_CTX *ctx);"
+.IP "int (*\fBSSL_CTX_get_client_cert_cb\fR(\s-1SSL_CTX\s0 *ctx))(\s-1SSL\s0 *ssl, X509 **x509, \s-1EVP_PKEY\s0 **pkey);" 4
+.IX Item "int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))(SSL *ssl, X509 **x509, EVP_PKEY **pkey);"
+.IP "char *\fBSSL_CTX_get_ex_data\fR(const \s-1SSL_CTX\s0 *s, int idx);" 4
+.IX Item "char *SSL_CTX_get_ex_data(const SSL_CTX *s, int idx);"
+.IP "int \fBSSL_CTX_get_ex_new_index\fR(long argl, char *argp, int (*new_func);(void), int (*dup_func)(void), void (*free_func)(void))" 4
+.IX Item "int SSL_CTX_get_ex_new_index(long argl, char *argp, int (*new_func);(void), int (*dup_func)(void), void (*free_func)(void))"
+.IP "void (*\fBSSL_CTX_get_info_callback\fR(\s-1SSL_CTX\s0 *ctx))(\s-1SSL\s0 *ssl, int cb, int ret);" 4
+.IX Item "void (*SSL_CTX_get_info_callback(SSL_CTX *ctx))(SSL *ssl, int cb, int ret);"
+.IP "int \fBSSL_CTX_get_quiet_shutdown\fR(const \s-1SSL_CTX\s0 *ctx);" 4
+.IX Item "int SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx);"
+.IP "int \fBSSL_CTX_get_session_cache_mode\fR(\s-1SSL_CTX\s0 *ctx);" 4
+.IX Item "int SSL_CTX_get_session_cache_mode(SSL_CTX *ctx);"
+.IP "long \fBSSL_CTX_get_timeout\fR(const \s-1SSL_CTX\s0 *ctx);" 4
+.IX Item "long SSL_CTX_get_timeout(const SSL_CTX *ctx);"
+.IP "int (*\fBSSL_CTX_get_verify_callback\fR(const \s-1SSL_CTX\s0 *ctx))(int ok, X509_STORE_CTX *ctx);" 4
+.IX Item "int (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx))(int ok, X509_STORE_CTX *ctx);"
+.IP "int \fBSSL_CTX_get_verify_mode\fR(\s-1SSL_CTX\s0 *ctx);" 4
+.IX Item "int SSL_CTX_get_verify_mode(SSL_CTX *ctx);"
+.IP "int \fBSSL_CTX_load_verify_locations\fR(\s-1SSL_CTX\s0 *ctx, char *CAfile, char *CApath);" 4
+.IX Item "int SSL_CTX_load_verify_locations(SSL_CTX *ctx, char *CAfile, char *CApath);"
+.IP "long \fBSSL_CTX_need_tmp_RSA\fR(\s-1SSL_CTX\s0 *ctx);" 4
+.IX Item "long SSL_CTX_need_tmp_RSA(SSL_CTX *ctx);"
+.IP "\s-1SSL_CTX\s0 *\fBSSL_CTX_new\fR(\s-1SSL_METHOD\s0 *meth);" 4
+.IX Item "SSL_CTX *SSL_CTX_new(SSL_METHOD *meth);"
+.IP "int \fBSSL_CTX_remove_session\fR(\s-1SSL_CTX\s0 *ctx, \s-1SSL_SESSION\s0 *c);" 4
+.IX Item "int SSL_CTX_remove_session(SSL_CTX *ctx, SSL_SESSION *c);"
+.IP "int \fBSSL_CTX_sess_accept\fR(\s-1SSL_CTX\s0 *ctx);" 4
+.IX Item "int SSL_CTX_sess_accept(SSL_CTX *ctx);"
+.IP "int \fBSSL_CTX_sess_accept_good\fR(\s-1SSL_CTX\s0 *ctx);" 4
+.IX Item "int SSL_CTX_sess_accept_good(SSL_CTX *ctx);"
+.IP "int \fBSSL_CTX_sess_accept_renegotiate\fR(\s-1SSL_CTX\s0 *ctx);" 4
+.IX Item "int SSL_CTX_sess_accept_renegotiate(SSL_CTX *ctx);"
+.IP "int \fBSSL_CTX_sess_cache_full\fR(\s-1SSL_CTX\s0 *ctx);" 4
+.IX Item "int SSL_CTX_sess_cache_full(SSL_CTX *ctx);"
+.IP "int \fBSSL_CTX_sess_cb_hits\fR(\s-1SSL_CTX\s0 *ctx);" 4
+.IX Item "int SSL_CTX_sess_cb_hits(SSL_CTX *ctx);"
+.IP "int \fBSSL_CTX_sess_connect\fR(\s-1SSL_CTX\s0 *ctx);" 4
+.IX Item "int SSL_CTX_sess_connect(SSL_CTX *ctx);"
+.IP "int \fBSSL_CTX_sess_connect_good\fR(\s-1SSL_CTX\s0 *ctx);" 4
+.IX Item "int SSL_CTX_sess_connect_good(SSL_CTX *ctx);"
+.IP "int \fBSSL_CTX_sess_connect_renegotiate\fR(\s-1SSL_CTX\s0 *ctx);" 4
+.IX Item "int SSL_CTX_sess_connect_renegotiate(SSL_CTX *ctx);"
+.IP "int \fBSSL_CTX_sess_get_cache_size\fR(\s-1SSL_CTX\s0 *ctx);" 4
+.IX Item "int SSL_CTX_sess_get_cache_size(SSL_CTX *ctx);"
+.IP "\s-1SSL_SESSION\s0 *(*\fBSSL_CTX_sess_get_get_cb\fR(\s-1SSL_CTX\s0 *ctx))(\s-1SSL\s0 *ssl, unsigned char *data, int len, int *copy);" 4
+.IX Item "SSL_SESSION *(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx))(SSL *ssl, unsigned char *data, int len, int *copy);"
+.IP "int (*\fBSSL_CTX_sess_get_new_cb\fR(\s-1SSL_CTX\s0 *ctx)(\s-1SSL\s0 *ssl, \s-1SSL_SESSION\s0 *sess);" 4
+.IX Item "int (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx)(SSL *ssl, SSL_SESSION *sess);"
+.IP "void (*\fBSSL_CTX_sess_get_remove_cb\fR(\s-1SSL_CTX\s0 *ctx)(\s-1SSL_CTX\s0 *ctx, \s-1SSL_SESSION\s0 *sess);" 4
+.IX Item "void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx)(SSL_CTX *ctx, SSL_SESSION *sess);"
+.IP "int \fBSSL_CTX_sess_hits\fR(\s-1SSL_CTX\s0 *ctx);" 4
+.IX Item "int SSL_CTX_sess_hits(SSL_CTX *ctx);"
+.IP "int \fBSSL_CTX_sess_misses\fR(\s-1SSL_CTX\s0 *ctx);" 4
+.IX Item "int SSL_CTX_sess_misses(SSL_CTX *ctx);"
+.IP "int \fBSSL_CTX_sess_number\fR(\s-1SSL_CTX\s0 *ctx);" 4
+.IX Item "int SSL_CTX_sess_number(SSL_CTX *ctx);"
+.IP "void \fBSSL_CTX_sess_set_cache_size\fR(\s-1SSL_CTX\s0 *ctx,t);" 4
+.IX Item "void SSL_CTX_sess_set_cache_size(SSL_CTX *ctx,t);"
+.IP "void \fBSSL_CTX_sess_set_get_cb\fR(\s-1SSL_CTX\s0 *ctx, \s-1SSL_SESSION\s0 *(*cb)(\s-1SSL\s0 *ssl, unsigned char *data, int len, int *copy));" 4
+.IX Item "void SSL_CTX_sess_set_get_cb(SSL_CTX *ctx, SSL_SESSION *(*cb)(SSL *ssl, unsigned char *data, int len, int *copy));"
+.IP "void \fBSSL_CTX_sess_set_new_cb\fR(\s-1SSL_CTX\s0 *ctx, int (*cb)(\s-1SSL\s0 *ssl, \s-1SSL_SESSION\s0 *sess));" 4
+.IX Item "void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx, int (*cb)(SSL *ssl, SSL_SESSION *sess));"
+.IP "void \fBSSL_CTX_sess_set_remove_cb\fR(\s-1SSL_CTX\s0 *ctx, void (*cb)(\s-1SSL_CTX\s0 *ctx, \s-1SSL_SESSION\s0 *sess));" 4
+.IX Item "void SSL_CTX_sess_set_remove_cb(SSL_CTX *ctx, void (*cb)(SSL_CTX *ctx, SSL_SESSION *sess));"
+.IP "int \fBSSL_CTX_sess_timeouts\fR(\s-1SSL_CTX\s0 *ctx);" 4
+.IX Item "int SSL_CTX_sess_timeouts(SSL_CTX *ctx);"
+.IP "\s-1LHASH\s0 *\fBSSL_CTX_sessions\fR(\s-1SSL_CTX\s0 *ctx);" 4
+.IX Item "LHASH *SSL_CTX_sessions(SSL_CTX *ctx);"
+.IP "void \fBSSL_CTX_set_app_data\fR(\s-1SSL_CTX\s0 *ctx, void *arg);" 4
+.IX Item "void SSL_CTX_set_app_data(SSL_CTX *ctx, void *arg);"
+.IP "void \fBSSL_CTX_set_cert_store\fR(\s-1SSL_CTX\s0 *ctx, X509_STORE *cs);" 4
+.IX Item "void SSL_CTX_set_cert_store(SSL_CTX *ctx, X509_STORE *cs);"
+.IP "void \fBSSL_CTX_set_cert_verify_cb\fR(\s-1SSL_CTX\s0 *ctx, int (*cb)(), char *arg)" 4
+.IX Item "void SSL_CTX_set_cert_verify_cb(SSL_CTX *ctx, int (*cb)(), char *arg)"
+.IP "int \fBSSL_CTX_set_cipher_list\fR(\s-1SSL_CTX\s0 *ctx, char *str);" 4
+.IX Item "int SSL_CTX_set_cipher_list(SSL_CTX *ctx, char *str);"
+.IP "void \fBSSL_CTX_set_client_CA_list\fR(\s-1SSL_CTX\s0 *ctx, \s-1STACK\s0 *list);" 4
+.IX Item "void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK *list);"
+.IP "void \fBSSL_CTX_set_client_cert_cb\fR(\s-1SSL_CTX\s0 *ctx, int (*cb)(\s-1SSL\s0 *ssl, X509 **x509, \s-1EVP_PKEY\s0 **pkey));" 4
+.IX Item "void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx, int (*cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey));"
+.IP "void \fBSSL_CTX_set_default_passwd_cb\fR(\s-1SSL_CTX\s0 *ctx, int (*cb);(void))" 4
+.IX Item "void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, int (*cb);(void))"
+.IP "void \fBSSL_CTX_set_default_read_ahead\fR(\s-1SSL_CTX\s0 *ctx, int m);" 4
+.IX Item "void SSL_CTX_set_default_read_ahead(SSL_CTX *ctx, int m);"
+.IP "int \fBSSL_CTX_set_default_verify_paths\fR(\s-1SSL_CTX\s0 *ctx);" 4
+.IX Item "int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx);"
+.IP "int \fBSSL_CTX_set_ex_data\fR(\s-1SSL_CTX\s0 *s, int idx, char *arg);" 4
+.IX Item "int SSL_CTX_set_ex_data(SSL_CTX *s, int idx, char *arg);"
+.IP "void \fBSSL_CTX_set_info_callback\fR(\s-1SSL_CTX\s0 *ctx, void (*cb)(\s-1SSL\s0 *ssl, int cb, int ret));" 4
+.IX Item "void SSL_CTX_set_info_callback(SSL_CTX *ctx, void (*cb)(SSL *ssl, int cb, int ret));"
+.IP "void \fBSSL_CTX_set_msg_callback\fR(\s-1SSL_CTX\s0 *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, \s-1SSL\s0 *ssl, void *arg));" 4
+.IX Item "void SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg));"
+.IP "void \fBSSL_CTX_set_msg_callback_arg\fR(\s-1SSL_CTX\s0 *ctx, void *arg);" 4
+.IX Item "void SSL_CTX_set_msg_callback_arg(SSL_CTX *ctx, void *arg);"
+.IP "void \fBSSL_CTX_set_options\fR(\s-1SSL_CTX\s0 *ctx, unsigned long op);" 4
+.IX Item "void SSL_CTX_set_options(SSL_CTX *ctx, unsigned long op);"
+.IP "void \fBSSL_CTX_set_quiet_shutdown\fR(\s-1SSL_CTX\s0 *ctx, int mode);" 4
+.IX Item "void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx, int mode);"
+.IP "void \fBSSL_CTX_set_session_cache_mode\fR(\s-1SSL_CTX\s0 *ctx, int mode);" 4
+.IX Item "void SSL_CTX_set_session_cache_mode(SSL_CTX *ctx, int mode);"
+.IP "int \fBSSL_CTX_set_ssl_version\fR(\s-1SSL_CTX\s0 *ctx, \s-1SSL_METHOD\s0 *meth);" 4
+.IX Item "int SSL_CTX_set_ssl_version(SSL_CTX *ctx, SSL_METHOD *meth);"
+.IP "void \fBSSL_CTX_set_timeout\fR(\s-1SSL_CTX\s0 *ctx, long t);" 4
+.IX Item "void SSL_CTX_set_timeout(SSL_CTX *ctx, long t);"
+.IP "long \fBSSL_CTX_set_tmp_dh\fR(SSL_CTX* ctx, \s-1DH\s0 *dh);" 4
+.IX Item "long SSL_CTX_set_tmp_dh(SSL_CTX* ctx, DH *dh);"
+.IP "long \fBSSL_CTX_set_tmp_dh_callback\fR(\s-1SSL_CTX\s0 *ctx, \s-1DH\s0 *(*cb)(void));" 4
+.IX Item "long SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx, DH *(*cb)(void));"
+.IP "long \fBSSL_CTX_set_tmp_rsa\fR(\s-1SSL_CTX\s0 *ctx, \s-1RSA\s0 *rsa);" 4
+.IX Item "long SSL_CTX_set_tmp_rsa(SSL_CTX *ctx, RSA *rsa);"
+.IP "SSL_CTX_set_tmp_rsa_callback" 4
+.IX Item "SSL_CTX_set_tmp_rsa_callback"
+.PD
+\&\f(CW\*(C`long \f(CBSSL_CTX_set_tmp_rsa_callback\f(CW(SSL_CTX *\f(CBctx\f(CW, RSA *(*\f(CBcb\f(CW)(SSL *\f(CBssl\f(CW, int \f(CBexport\f(CW, int \f(CBkeylength\f(CW));\*(C'\fR
+.Sp
+Sets the callback which will be called when a temporary private key is
+required. The \fB\f(CB\*(C`export\*(C'\fB\fR flag will be set if the reason for needing
+a temp key is that an export ciphersuite is in use, in which case,
+\&\fB\f(CB\*(C`keylength\*(C'\fB\fR will contain the required keylength in bits. Generate a key of
+appropriate size (using ???) and return it.
+.IP "SSL_set_tmp_rsa_callback" 4
+.IX Item "SSL_set_tmp_rsa_callback"
+long \fBSSL_set_tmp_rsa_callback\fR(\s-1SSL\s0 *ssl, \s-1RSA\s0 *(*cb)(\s-1SSL\s0 *ssl, int export, int keylength));
+.Sp
+The same as \fBSSL_CTX_set_tmp_rsa_callback\fR, except it operates on an \s-1SSL\s0
+session instead of a context.
+.IP "void \fBSSL_CTX_set_verify\fR(\s-1SSL_CTX\s0 *ctx, int mode, int (*cb);(void))" 4
+.IX Item "void SSL_CTX_set_verify(SSL_CTX *ctx, int mode, int (*cb);(void))"
+.PD 0
+.IP "int \fBSSL_CTX_use_PrivateKey\fR(\s-1SSL_CTX\s0 *ctx, \s-1EVP_PKEY\s0 *pkey);" 4
+.IX Item "int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey);"
+.IP "int \fBSSL_CTX_use_PrivateKey_ASN1\fR(int type, \s-1SSL_CTX\s0 *ctx, unsigned char *d, long len);" 4
+.IX Item "int SSL_CTX_use_PrivateKey_ASN1(int type, SSL_CTX *ctx, unsigned char *d, long len);"
+.IP "int \fBSSL_CTX_use_PrivateKey_file\fR(\s-1SSL_CTX\s0 *ctx, char *file, int type);" 4
+.IX Item "int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, char *file, int type);"
+.IP "int \fBSSL_CTX_use_RSAPrivateKey\fR(\s-1SSL_CTX\s0 *ctx, \s-1RSA\s0 *rsa);" 4
+.IX Item "int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa);"
+.IP "int \fBSSL_CTX_use_RSAPrivateKey_ASN1\fR(\s-1SSL_CTX\s0 *ctx, unsigned char *d, long len);" 4
+.IX Item "int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, unsigned char *d, long len);"
+.IP "int \fBSSL_CTX_use_RSAPrivateKey_file\fR(\s-1SSL_CTX\s0 *ctx, char *file, int type);" 4
+.IX Item "int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, char *file, int type);"
+.IP "int \fBSSL_CTX_use_certificate\fR(\s-1SSL_CTX\s0 *ctx, X509 *x);" 4
+.IX Item "int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x);"
+.IP "int \fBSSL_CTX_use_certificate_ASN1\fR(\s-1SSL_CTX\s0 *ctx, int len, unsigned char *d);" 4
+.IX Item "int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, unsigned char *d);"
+.IP "int \fBSSL_CTX_use_certificate_file\fR(\s-1SSL_CTX\s0 *ctx, char *file, int type);" 4
+.IX Item "int SSL_CTX_use_certificate_file(SSL_CTX *ctx, char *file, int type);"
+.PD
+.SS "\s-1DEALING\s0 \s-1WITH\s0 \s-1SESSIONS\s0"
+.IX Subsection "DEALING WITH SESSIONS"
+Here we document the various \s-1API\s0 functions which deal with the \s-1SSL/TLS\s0
+sessions defined in the \fB\s-1SSL_SESSION\s0\fR structures.
+.IP "int \fBSSL_SESSION_cmp\fR(const \s-1SSL_SESSION\s0 *a, const \s-1SSL_SESSION\s0 *b);" 4
+.IX Item "int SSL_SESSION_cmp(const SSL_SESSION *a, const SSL_SESSION *b);"
+.PD 0
+.IP "void \fBSSL_SESSION_free\fR(\s-1SSL_SESSION\s0 *ss);" 4
+.IX Item "void SSL_SESSION_free(SSL_SESSION *ss);"
+.IP "char *\fBSSL_SESSION_get_app_data\fR(\s-1SSL_SESSION\s0 *s);" 4
+.IX Item "char *SSL_SESSION_get_app_data(SSL_SESSION *s);"
+.IP "char *\fBSSL_SESSION_get_ex_data\fR(const \s-1SSL_SESSION\s0 *s, int idx);" 4
+.IX Item "char *SSL_SESSION_get_ex_data(const SSL_SESSION *s, int idx);"
+.IP "int \fBSSL_SESSION_get_ex_new_index\fR(long argl, char *argp, int (*new_func);(void), int (*dup_func)(void), void (*free_func)(void))" 4
+.IX Item "int SSL_SESSION_get_ex_new_index(long argl, char *argp, int (*new_func);(void), int (*dup_func)(void), void (*free_func)(void))"
+.IP "long \fBSSL_SESSION_get_time\fR(const \s-1SSL_SESSION\s0 *s);" 4
+.IX Item "long SSL_SESSION_get_time(const SSL_SESSION *s);"
+.IP "long \fBSSL_SESSION_get_timeout\fR(const \s-1SSL_SESSION\s0 *s);" 4
+.IX Item "long SSL_SESSION_get_timeout(const SSL_SESSION *s);"
+.IP "unsigned long \fBSSL_SESSION_hash\fR(const \s-1SSL_SESSION\s0 *a);" 4
+.IX Item "unsigned long SSL_SESSION_hash(const SSL_SESSION *a);"
+.IP "\s-1SSL_SESSION\s0 *\fBSSL_SESSION_new\fR(void);" 4
+.IX Item "SSL_SESSION *SSL_SESSION_new(void);"
+.IP "int \fBSSL_SESSION_print\fR(\s-1BIO\s0 *bp, const \s-1SSL_SESSION\s0 *x);" 4
+.IX Item "int SSL_SESSION_print(BIO *bp, const SSL_SESSION *x);"
+.IP "int \fBSSL_SESSION_print_fp\fR(\s-1FILE\s0 *fp, const \s-1SSL_SESSION\s0 *x);" 4
+.IX Item "int SSL_SESSION_print_fp(FILE *fp, const SSL_SESSION *x);"
+.IP "void \fBSSL_SESSION_set_app_data\fR(\s-1SSL_SESSION\s0 *s, char *a);" 4
+.IX Item "void SSL_SESSION_set_app_data(SSL_SESSION *s, char *a);"
+.IP "int \fBSSL_SESSION_set_ex_data\fR(\s-1SSL_SESSION\s0 *s, int idx, char *arg);" 4
+.IX Item "int SSL_SESSION_set_ex_data(SSL_SESSION *s, int idx, char *arg);"
+.IP "long \fBSSL_SESSION_set_time\fR(\s-1SSL_SESSION\s0 *s, long t);" 4
+.IX Item "long SSL_SESSION_set_time(SSL_SESSION *s, long t);"
+.IP "long \fBSSL_SESSION_set_timeout\fR(\s-1SSL_SESSION\s0 *s, long t);" 4
+.IX Item "long SSL_SESSION_set_timeout(SSL_SESSION *s, long t);"
+.PD
+.SS "\s-1DEALING\s0 \s-1WITH\s0 \s-1CONNECTIONS\s0"
+.IX Subsection "DEALING WITH CONNECTIONS"
+Here we document the various \s-1API\s0 functions which deal with the \s-1SSL/TLS\s0
+connection defined in the \fB\s-1SSL\s0\fR structure.
+.IP "int \fBSSL_accept\fR(\s-1SSL\s0 *ssl);" 4
+.IX Item "int SSL_accept(SSL *ssl);"
+.PD 0
+.IP "int \fBSSL_add_dir_cert_subjects_to_stack\fR(\s-1STACK\s0 *stack, const char *dir);" 4
+.IX Item "int SSL_add_dir_cert_subjects_to_stack(STACK *stack, const char *dir);"
+.IP "int \fBSSL_add_file_cert_subjects_to_stack\fR(\s-1STACK\s0 *stack, const char *file);" 4
+.IX Item "int SSL_add_file_cert_subjects_to_stack(STACK *stack, const char *file);"
+.IP "int \fBSSL_add_client_CA\fR(\s-1SSL\s0 *ssl, X509 *x);" 4
+.IX Item "int SSL_add_client_CA(SSL *ssl, X509 *x);"
+.IP "char *\fBSSL_alert_desc_string\fR(int value);" 4
+.IX Item "char *SSL_alert_desc_string(int value);"
+.IP "char *\fBSSL_alert_desc_string_long\fR(int value);" 4
+.IX Item "char *SSL_alert_desc_string_long(int value);"
+.IP "char *\fBSSL_alert_type_string\fR(int value);" 4
+.IX Item "char *SSL_alert_type_string(int value);"
+.IP "char *\fBSSL_alert_type_string_long\fR(int value);" 4
+.IX Item "char *SSL_alert_type_string_long(int value);"
+.IP "int \fBSSL_check_private_key\fR(const \s-1SSL\s0 *ssl);" 4
+.IX Item "int SSL_check_private_key(const SSL *ssl);"
+.IP "void \fBSSL_clear\fR(\s-1SSL\s0 *ssl);" 4
+.IX Item "void SSL_clear(SSL *ssl);"
+.IP "long \fBSSL_clear_num_renegotiations\fR(\s-1SSL\s0 *ssl);" 4
+.IX Item "long SSL_clear_num_renegotiations(SSL *ssl);"
+.IP "int \fBSSL_connect\fR(\s-1SSL\s0 *ssl);" 4
+.IX Item "int SSL_connect(SSL *ssl);"
+.IP "void \fBSSL_copy_session_id\fR(\s-1SSL\s0 *t, const \s-1SSL\s0 *f);" 4
+.IX Item "void SSL_copy_session_id(SSL *t, const SSL *f);"
+.IP "long \fBSSL_ctrl\fR(\s-1SSL\s0 *ssl, int cmd, long larg, char *parg);" 4
+.IX Item "long SSL_ctrl(SSL *ssl, int cmd, long larg, char *parg);"
+.IP "int \fBSSL_do_handshake\fR(\s-1SSL\s0 *ssl);" 4
+.IX Item "int SSL_do_handshake(SSL *ssl);"
+.IP "\s-1SSL\s0 *\fBSSL_dup\fR(\s-1SSL\s0 *ssl);" 4
+.IX Item "SSL *SSL_dup(SSL *ssl);"
+.IP "\s-1STACK\s0 *\fBSSL_dup_CA_list\fR(\s-1STACK\s0 *sk);" 4
+.IX Item "STACK *SSL_dup_CA_list(STACK *sk);"
+.IP "void \fBSSL_free\fR(\s-1SSL\s0 *ssl);" 4
+.IX Item "void SSL_free(SSL *ssl);"
+.IP "\s-1SSL_CTX\s0 *\fBSSL_get_SSL_CTX\fR(const \s-1SSL\s0 *ssl);" 4
+.IX Item "SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl);"
+.IP "char *\fBSSL_get_app_data\fR(\s-1SSL\s0 *ssl);" 4
+.IX Item "char *SSL_get_app_data(SSL *ssl);"
+.IP "X509 *\fBSSL_get_certificate\fR(const \s-1SSL\s0 *ssl);" 4
+.IX Item "X509 *SSL_get_certificate(const SSL *ssl);"
+.IP "const char *\fBSSL_get_cipher\fR(const \s-1SSL\s0 *ssl);" 4
+.IX Item "const char *SSL_get_cipher(const SSL *ssl);"
+.IP "int \fBSSL_get_cipher_bits\fR(const \s-1SSL\s0 *ssl, int *alg_bits);" 4
+.IX Item "int SSL_get_cipher_bits(const SSL *ssl, int *alg_bits);"
+.IP "char *\fBSSL_get_cipher_list\fR(const \s-1SSL\s0 *ssl, int n);" 4
+.IX Item "char *SSL_get_cipher_list(const SSL *ssl, int n);"
+.IP "char *\fBSSL_get_cipher_name\fR(const \s-1SSL\s0 *ssl);" 4
+.IX Item "char *SSL_get_cipher_name(const SSL *ssl);"
+.IP "char *\fBSSL_get_cipher_version\fR(const \s-1SSL\s0 *ssl);" 4
+.IX Item "char *SSL_get_cipher_version(const SSL *ssl);"
+.IP "\s-1STACK\s0 *\fBSSL_get_ciphers\fR(const \s-1SSL\s0 *ssl);" 4
+.IX Item "STACK *SSL_get_ciphers(const SSL *ssl);"
+.IP "\s-1STACK\s0 *\fBSSL_get_client_CA_list\fR(const \s-1SSL\s0 *ssl);" 4
+.IX Item "STACK *SSL_get_client_CA_list(const SSL *ssl);"
+.IP "\s-1SSL_CIPHER\s0 *\fBSSL_get_current_cipher\fR(\s-1SSL\s0 *ssl);" 4
+.IX Item "SSL_CIPHER *SSL_get_current_cipher(SSL *ssl);"
+.IP "long \fBSSL_get_default_timeout\fR(const \s-1SSL\s0 *ssl);" 4
+.IX Item "long SSL_get_default_timeout(const SSL *ssl);"
+.IP "int \fBSSL_get_error\fR(const \s-1SSL\s0 *ssl, int i);" 4
+.IX Item "int SSL_get_error(const SSL *ssl, int i);"
+.IP "char *\fBSSL_get_ex_data\fR(const \s-1SSL\s0 *ssl, int idx);" 4
+.IX Item "char *SSL_get_ex_data(const SSL *ssl, int idx);"
+.IP "int \fBSSL_get_ex_data_X509_STORE_CTX_idx\fR(void);" 4
+.IX Item "int SSL_get_ex_data_X509_STORE_CTX_idx(void);"
+.IP "int \fBSSL_get_ex_new_index\fR(long argl, char *argp, int (*new_func);(void), int (*dup_func)(void), void (*free_func)(void))" 4
+.IX Item "int SSL_get_ex_new_index(long argl, char *argp, int (*new_func);(void), int (*dup_func)(void), void (*free_func)(void))"
+.IP "int \fBSSL_get_fd\fR(const \s-1SSL\s0 *ssl);" 4
+.IX Item "int SSL_get_fd(const SSL *ssl);"
+.IP "void (*\fBSSL_get_info_callback\fR(const \s-1SSL\s0 *ssl);)()" 4
+.IX Item "void (*SSL_get_info_callback(const SSL *ssl);)()"
+.IP "\s-1STACK\s0 *\fBSSL_get_peer_cert_chain\fR(const \s-1SSL\s0 *ssl);" 4
+.IX Item "STACK *SSL_get_peer_cert_chain(const SSL *ssl);"
+.IP "X509 *\fBSSL_get_peer_certificate\fR(const \s-1SSL\s0 *ssl);" 4
+.IX Item "X509 *SSL_get_peer_certificate(const SSL *ssl);"
+.IP "\s-1EVP_PKEY\s0 *\fBSSL_get_privatekey\fR(\s-1SSL\s0 *ssl);" 4
+.IX Item "EVP_PKEY *SSL_get_privatekey(SSL *ssl);"
+.IP "int \fBSSL_get_quiet_shutdown\fR(const \s-1SSL\s0 *ssl);" 4
+.IX Item "int SSL_get_quiet_shutdown(const SSL *ssl);"
+.IP "\s-1BIO\s0 *\fBSSL_get_rbio\fR(const \s-1SSL\s0 *ssl);" 4
+.IX Item "BIO *SSL_get_rbio(const SSL *ssl);"
+.IP "int \fBSSL_get_read_ahead\fR(const \s-1SSL\s0 *ssl);" 4
+.IX Item "int SSL_get_read_ahead(const SSL *ssl);"
+.IP "\s-1SSL_SESSION\s0 *\fBSSL_get_session\fR(const \s-1SSL\s0 *ssl);" 4
+.IX Item "SSL_SESSION *SSL_get_session(const SSL *ssl);"
+.IP "char *\fBSSL_get_shared_ciphers\fR(const \s-1SSL\s0 *ssl, char *buf, int len);" 4
+.IX Item "char *SSL_get_shared_ciphers(const SSL *ssl, char *buf, int len);"
+.IP "int \fBSSL_get_shutdown\fR(const \s-1SSL\s0 *ssl);" 4
+.IX Item "int SSL_get_shutdown(const SSL *ssl);"
+.IP "\s-1SSL_METHOD\s0 *\fBSSL_get_ssl_method\fR(\s-1SSL\s0 *ssl);" 4
+.IX Item "SSL_METHOD *SSL_get_ssl_method(SSL *ssl);"
+.IP "int \fBSSL_get_state\fR(const \s-1SSL\s0 *ssl);" 4
+.IX Item "int SSL_get_state(const SSL *ssl);"
+.IP "long \fBSSL_get_time\fR(const \s-1SSL\s0 *ssl);" 4
+.IX Item "long SSL_get_time(const SSL *ssl);"
+.IP "long \fBSSL_get_timeout\fR(const \s-1SSL\s0 *ssl);" 4
+.IX Item "long SSL_get_timeout(const SSL *ssl);"
+.IP "int (*\fBSSL_get_verify_callback\fR(const \s-1SSL\s0 *ssl))(int,X509_STORE_CTX *)" 4
+.IX Item "int (*SSL_get_verify_callback(const SSL *ssl))(int,X509_STORE_CTX *)"
+.IP "int \fBSSL_get_verify_mode\fR(const \s-1SSL\s0 *ssl);" 4
+.IX Item "int SSL_get_verify_mode(const SSL *ssl);"
+.IP "long \fBSSL_get_verify_result\fR(const \s-1SSL\s0 *ssl);" 4
+.IX Item "long SSL_get_verify_result(const SSL *ssl);"
+.IP "char *\fBSSL_get_version\fR(const \s-1SSL\s0 *ssl);" 4
+.IX Item "char *SSL_get_version(const SSL *ssl);"
+.IP "\s-1BIO\s0 *\fBSSL_get_wbio\fR(const \s-1SSL\s0 *ssl);" 4
+.IX Item "BIO *SSL_get_wbio(const SSL *ssl);"
+.IP "int \fBSSL_in_accept_init\fR(\s-1SSL\s0 *ssl);" 4
+.IX Item "int SSL_in_accept_init(SSL *ssl);"
+.IP "int \fBSSL_in_before\fR(\s-1SSL\s0 *ssl);" 4
+.IX Item "int SSL_in_before(SSL *ssl);"
+.IP "int \fBSSL_in_connect_init\fR(\s-1SSL\s0 *ssl);" 4
+.IX Item "int SSL_in_connect_init(SSL *ssl);"
+.IP "int \fBSSL_in_init\fR(\s-1SSL\s0 *ssl);" 4
+.IX Item "int SSL_in_init(SSL *ssl);"
+.IP "int \fBSSL_is_init_finished\fR(\s-1SSL\s0 *ssl);" 4
+.IX Item "int SSL_is_init_finished(SSL *ssl);"
+.IP "\s-1STACK\s0 *\fBSSL_load_client_CA_file\fR(char *file);" 4
+.IX Item "STACK *SSL_load_client_CA_file(char *file);"
+.IP "void \fBSSL_load_error_strings\fR(void);" 4
+.IX Item "void SSL_load_error_strings(void);"
+.IP "\s-1SSL\s0 *\fBSSL_new\fR(\s-1SSL_CTX\s0 *ctx);" 4
+.IX Item "SSL *SSL_new(SSL_CTX *ctx);"
+.IP "long \fBSSL_num_renegotiations\fR(\s-1SSL\s0 *ssl);" 4
+.IX Item "long SSL_num_renegotiations(SSL *ssl);"
+.IP "int \fBSSL_peek\fR(\s-1SSL\s0 *ssl, void *buf, int num);" 4
+.IX Item "int SSL_peek(SSL *ssl, void *buf, int num);"
+.IP "int \fBSSL_pending\fR(const \s-1SSL\s0 *ssl);" 4
+.IX Item "int SSL_pending(const SSL *ssl);"
+.IP "int \fBSSL_read\fR(\s-1SSL\s0 *ssl, void *buf, int num);" 4
+.IX Item "int SSL_read(SSL *ssl, void *buf, int num);"
+.IP "int \fBSSL_renegotiate\fR(\s-1SSL\s0 *ssl);" 4
+.IX Item "int SSL_renegotiate(SSL *ssl);"
+.IP "char *\fBSSL_rstate_string\fR(\s-1SSL\s0 *ssl);" 4
+.IX Item "char *SSL_rstate_string(SSL *ssl);"
+.IP "char *\fBSSL_rstate_string_long\fR(\s-1SSL\s0 *ssl);" 4
+.IX Item "char *SSL_rstate_string_long(SSL *ssl);"
+.IP "long \fBSSL_session_reused\fR(\s-1SSL\s0 *ssl);" 4
+.IX Item "long SSL_session_reused(SSL *ssl);"
+.IP "void \fBSSL_set_accept_state\fR(\s-1SSL\s0 *ssl);" 4
+.IX Item "void SSL_set_accept_state(SSL *ssl);"
+.IP "void \fBSSL_set_app_data\fR(\s-1SSL\s0 *ssl, char *arg);" 4
+.IX Item "void SSL_set_app_data(SSL *ssl, char *arg);"
+.IP "void \fBSSL_set_bio\fR(\s-1SSL\s0 *ssl, \s-1BIO\s0 *rbio, \s-1BIO\s0 *wbio);" 4
+.IX Item "void SSL_set_bio(SSL *ssl, BIO *rbio, BIO *wbio);"
+.IP "int \fBSSL_set_cipher_list\fR(\s-1SSL\s0 *ssl, char *str);" 4
+.IX Item "int SSL_set_cipher_list(SSL *ssl, char *str);"
+.IP "void \fBSSL_set_client_CA_list\fR(\s-1SSL\s0 *ssl, \s-1STACK\s0 *list);" 4
+.IX Item "void SSL_set_client_CA_list(SSL *ssl, STACK *list);"
+.IP "void \fBSSL_set_connect_state\fR(\s-1SSL\s0 *ssl);" 4
+.IX Item "void SSL_set_connect_state(SSL *ssl);"
+.IP "int \fBSSL_set_ex_data\fR(\s-1SSL\s0 *ssl, int idx, char *arg);" 4
+.IX Item "int SSL_set_ex_data(SSL *ssl, int idx, char *arg);"
+.IP "int \fBSSL_set_fd\fR(\s-1SSL\s0 *ssl, int fd);" 4
+.IX Item "int SSL_set_fd(SSL *ssl, int fd);"
+.IP "void \fBSSL_set_info_callback\fR(\s-1SSL\s0 *ssl, void (*cb);(void))" 4
+.IX Item "void SSL_set_info_callback(SSL *ssl, void (*cb);(void))"
+.IP "void \fBSSL_set_msg_callback\fR(\s-1SSL\s0 *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, \s-1SSL\s0 *ssl, void *arg));" 4
+.IX Item "void SSL_set_msg_callback(SSL *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg));"
+.IP "void \fBSSL_set_msg_callback_arg\fR(\s-1SSL\s0 *ctx, void *arg);" 4
+.IX Item "void SSL_set_msg_callback_arg(SSL *ctx, void *arg);"
+.IP "void \fBSSL_set_options\fR(\s-1SSL\s0 *ssl, unsigned long op);" 4
+.IX Item "void SSL_set_options(SSL *ssl, unsigned long op);"
+.IP "void \fBSSL_set_quiet_shutdown\fR(\s-1SSL\s0 *ssl, int mode);" 4
+.IX Item "void SSL_set_quiet_shutdown(SSL *ssl, int mode);"
+.IP "void \fBSSL_set_read_ahead\fR(\s-1SSL\s0 *ssl, int yes);" 4
+.IX Item "void SSL_set_read_ahead(SSL *ssl, int yes);"
+.IP "int \fBSSL_set_rfd\fR(\s-1SSL\s0 *ssl, int fd);" 4
+.IX Item "int SSL_set_rfd(SSL *ssl, int fd);"
+.IP "int \fBSSL_set_session\fR(\s-1SSL\s0 *ssl, \s-1SSL_SESSION\s0 *session);" 4
+.IX Item "int SSL_set_session(SSL *ssl, SSL_SESSION *session);"
+.IP "void \fBSSL_set_shutdown\fR(\s-1SSL\s0 *ssl, int mode);" 4
+.IX Item "void SSL_set_shutdown(SSL *ssl, int mode);"
+.IP "int \fBSSL_set_ssl_method\fR(\s-1SSL\s0 *ssl, \s-1SSL_METHOD\s0 *meth);" 4
+.IX Item "int SSL_set_ssl_method(SSL *ssl, SSL_METHOD *meth);"
+.IP "void \fBSSL_set_time\fR(\s-1SSL\s0 *ssl, long t);" 4
+.IX Item "void SSL_set_time(SSL *ssl, long t);"
+.IP "void \fBSSL_set_timeout\fR(\s-1SSL\s0 *ssl, long t);" 4
+.IX Item "void SSL_set_timeout(SSL *ssl, long t);"
+.IP "void \fBSSL_set_verify\fR(\s-1SSL\s0 *ssl, int mode, int (*callback);(void))" 4
+.IX Item "void SSL_set_verify(SSL *ssl, int mode, int (*callback);(void))"
+.IP "void \fBSSL_set_verify_result\fR(\s-1SSL\s0 *ssl, long arg);" 4
+.IX Item "void SSL_set_verify_result(SSL *ssl, long arg);"
+.IP "int \fBSSL_set_wfd\fR(\s-1SSL\s0 *ssl, int fd);" 4
+.IX Item "int SSL_set_wfd(SSL *ssl, int fd);"
+.IP "int \fBSSL_shutdown\fR(\s-1SSL\s0 *ssl);" 4
+.IX Item "int SSL_shutdown(SSL *ssl);"
+.IP "int \fBSSL_state\fR(const \s-1SSL\s0 *ssl);" 4
+.IX Item "int SSL_state(const SSL *ssl);"
+.IP "char *\fBSSL_state_string\fR(const \s-1SSL\s0 *ssl);" 4
+.IX Item "char *SSL_state_string(const SSL *ssl);"
+.IP "char *\fBSSL_state_string_long\fR(const \s-1SSL\s0 *ssl);" 4
+.IX Item "char *SSL_state_string_long(const SSL *ssl);"
+.IP "long \fBSSL_total_renegotiations\fR(\s-1SSL\s0 *ssl);" 4
+.IX Item "long SSL_total_renegotiations(SSL *ssl);"
+.IP "int \fBSSL_use_PrivateKey\fR(\s-1SSL\s0 *ssl, \s-1EVP_PKEY\s0 *pkey);" 4
+.IX Item "int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey);"
+.IP "int \fBSSL_use_PrivateKey_ASN1\fR(int type, \s-1SSL\s0 *ssl, unsigned char *d, long len);" 4
+.IX Item "int SSL_use_PrivateKey_ASN1(int type, SSL *ssl, unsigned char *d, long len);"
+.IP "int \fBSSL_use_PrivateKey_file\fR(\s-1SSL\s0 *ssl, char *file, int type);" 4
+.IX Item "int SSL_use_PrivateKey_file(SSL *ssl, char *file, int type);"
+.IP "int \fBSSL_use_RSAPrivateKey\fR(\s-1SSL\s0 *ssl, \s-1RSA\s0 *rsa);" 4
+.IX Item "int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa);"
+.IP "int \fBSSL_use_RSAPrivateKey_ASN1\fR(\s-1SSL\s0 *ssl, unsigned char *d, long len);" 4
+.IX Item "int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len);"
+.IP "int \fBSSL_use_RSAPrivateKey_file\fR(\s-1SSL\s0 *ssl, char *file, int type);" 4
+.IX Item "int SSL_use_RSAPrivateKey_file(SSL *ssl, char *file, int type);"
+.IP "int \fBSSL_use_certificate\fR(\s-1SSL\s0 *ssl, X509 *x);" 4
+.IX Item "int SSL_use_certificate(SSL *ssl, X509 *x);"
+.IP "int \fBSSL_use_certificate_ASN1\fR(\s-1SSL\s0 *ssl, int len, unsigned char *d);" 4
+.IX Item "int SSL_use_certificate_ASN1(SSL *ssl, int len, unsigned char *d);"
+.IP "int \fBSSL_use_certificate_file\fR(\s-1SSL\s0 *ssl, char *file, int type);" 4
+.IX Item "int SSL_use_certificate_file(SSL *ssl, char *file, int type);"
+.IP "int \fBSSL_version\fR(const \s-1SSL\s0 *ssl);" 4
+.IX Item "int SSL_version(const SSL *ssl);"
+.IP "int \fBSSL_want\fR(const \s-1SSL\s0 *ssl);" 4
+.IX Item "int SSL_want(const SSL *ssl);"
+.IP "int \fBSSL_want_nothing\fR(const \s-1SSL\s0 *ssl);" 4
+.IX Item "int SSL_want_nothing(const SSL *ssl);"
+.IP "int \fBSSL_want_read\fR(const \s-1SSL\s0 *ssl);" 4
+.IX Item "int SSL_want_read(const SSL *ssl);"
+.IP "int \fBSSL_want_write\fR(const \s-1SSL\s0 *ssl);" 4
+.IX Item "int SSL_want_write(const SSL *ssl);"
+.IP "int \fBSSL_want_x509_lookup\fR(const \s-1SSL\s0 *ssl);" 4
+.IX Item "int SSL_want_x509_lookup(const SSL *ssl);"
+.IP "int \fBSSL_write\fR(\s-1SSL\s0 *ssl, const void *buf, int num);" 4
+.IX Item "int SSL_write(SSL *ssl, const void *buf, int num);"
+.PD
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIopenssl\fR\|(1), \fIcrypto\fR\|(3),
+\&\fISSL_accept\fR\|(3), \fISSL_clear\fR\|(3),
+\&\fISSL_connect\fR\|(3),
+\&\fISSL_CIPHER_get_name\fR\|(3),
+\&\fISSL_COMP_add_compression_method\fR\|(3),
+\&\fISSL_CTX_add_extra_chain_cert\fR\|(3),
+\&\fISSL_CTX_add_session\fR\|(3),
+\&\fISSL_CTX_ctrl\fR\|(3),
+\&\fISSL_CTX_flush_sessions\fR\|(3),
+\&\fISSL_CTX_get_ex_new_index\fR\|(3),
+\&\fISSL_CTX_get_verify_mode\fR\|(3),
+\&\fISSL_CTX_load_verify_locations\fR\|(3)
+\&\fISSL_CTX_new\fR\|(3),
+\&\fISSL_CTX_sess_number\fR\|(3),
+\&\fISSL_CTX_sess_set_cache_size\fR\|(3),
+\&\fISSL_CTX_sess_set_get_cb\fR\|(3),
+\&\fISSL_CTX_sessions\fR\|(3),
+\&\fISSL_CTX_set_cert_store\fR\|(3),
+\&\fISSL_CTX_set_cert_verify_callback\fR\|(3),
+\&\fISSL_CTX_set_cipher_list\fR\|(3),
+\&\fISSL_CTX_set_client_CA_list\fR\|(3),
+\&\fISSL_CTX_set_client_cert_cb\fR\|(3),
+\&\fISSL_CTX_set_default_passwd_cb\fR\|(3),
+\&\fISSL_CTX_set_generate_session_id\fR\|(3),
+\&\fISSL_CTX_set_info_callback\fR\|(3),
+\&\fISSL_CTX_set_max_cert_list\fR\|(3),
+\&\fISSL_CTX_set_mode\fR\|(3),
+\&\fISSL_CTX_set_msg_callback\fR\|(3),
+\&\fISSL_CTX_set_options\fR\|(3),
+\&\fISSL_CTX_set_quiet_shutdown\fR\|(3),
+\&\fISSL_CTX_set_session_cache_mode\fR\|(3),
+\&\fISSL_CTX_set_session_id_context\fR\|(3),
+\&\fISSL_CTX_set_ssl_version\fR\|(3),
+\&\fISSL_CTX_set_timeout\fR\|(3),
+\&\fISSL_CTX_set_tmp_rsa_callback\fR\|(3),
+\&\fISSL_CTX_set_tmp_dh_callback\fR\|(3),
+\&\fISSL_CTX_set_verify\fR\|(3),
+\&\fISSL_CTX_use_certificate\fR\|(3),
+\&\fISSL_alert_type_string\fR\|(3),
+\&\fISSL_do_handshake\fR\|(3),
+\&\fISSL_get_SSL_CTX\fR\|(3),
+\&\fISSL_get_ciphers\fR\|(3),
+\&\fISSL_get_client_CA_list\fR\|(3),
+\&\fISSL_get_default_timeout\fR\|(3),
+\&\fISSL_get_error\fR\|(3),
+\&\fISSL_get_ex_data_X509_STORE_CTX_idx\fR\|(3),
+\&\fISSL_get_ex_new_index\fR\|(3),
+\&\fISSL_get_fd\fR\|(3),
+\&\fISSL_get_peer_cert_chain\fR\|(3),
+\&\fISSL_get_rbio\fR\|(3),
+\&\fISSL_get_session\fR\|(3),
+\&\fISSL_get_verify_result\fR\|(3),
+\&\fISSL_get_version\fR\|(3),
+\&\fISSL_library_init\fR\|(3),
+\&\fISSL_load_client_CA_file\fR\|(3),
+\&\fISSL_new\fR\|(3),
+\&\fISSL_pending\fR\|(3),
+\&\fISSL_read\fR\|(3),
+\&\fISSL_rstate_string\fR\|(3),
+\&\fISSL_session_reused\fR\|(3),
+\&\fISSL_set_bio\fR\|(3),
+\&\fISSL_set_connect_state\fR\|(3),
+\&\fISSL_set_fd\fR\|(3),
+\&\fISSL_set_session\fR\|(3),
+\&\fISSL_set_shutdown\fR\|(3),
+\&\fISSL_shutdown\fR\|(3),
+\&\fISSL_state_string\fR\|(3),
+\&\fISSL_want\fR\|(3),
+\&\fISSL_write\fR\|(3),
+\&\fISSL_SESSION_free\fR\|(3),
+\&\fISSL_SESSION_get_ex_new_index\fR\|(3),
+\&\fISSL_SESSION_get_time\fR\|(3),
+\&\fId2i_SSL_SESSION\fR\|(3)
+.SH "HISTORY"
+.IX Header "HISTORY"
+The \fIssl\fR\|(3) document appeared in OpenSSL 0.9.2
diff --git a/secure/libexec/Makefile b/secure/libexec/Makefile
new file mode 100644
index 0000000..0c680e4
--- /dev/null
+++ b/secure/libexec/Makefile
@@ -0,0 +1,10 @@
+# $FreeBSD$
+
+.include <bsd.own.mk>
+
+SUBDIR=
+.if ${MK_OPENSSH} != "no"
+SUBDIR+=sftp-server ssh-keysign ssh-pkcs11-helper
+.endif
+
+.include <bsd.subdir.mk>
diff --git a/secure/libexec/Makefile.inc b/secure/libexec/Makefile.inc
new file mode 100644
index 0000000..6d620e2
--- /dev/null
+++ b/secure/libexec/Makefile.inc
@@ -0,0 +1,5 @@
+# $FreeBSD$
+
+BINDIR?= /usr/libexec
+
+.include "../Makefile.inc"
diff --git a/secure/libexec/sftp-server/Makefile b/secure/libexec/sftp-server/Makefile
new file mode 100644
index 0000000..7069cff
--- /dev/null
+++ b/secure/libexec/sftp-server/Makefile
@@ -0,0 +1,18 @@
+# $FreeBSD$
+
+PROG= sftp-server
+SRCS= sftp-server.c sftp-common.c sftp-server-main.c
+MAN= sftp-server.8
+CFLAGS+=-I${SSHDIR} -include ssh_namespace.h
+
+# required when linking with a dynamic libssh
+SRCS+= roaming_dummy.c
+
+DPADD= ${LIBSSH} ${LIBCRYPT} ${LIBCRYPTO} ${LIBZ}
+LDADD= -lssh -lcrypt -lcrypto -lz
+
+.include <bsd.prog.mk>
+
+.PATH: ${SSHDIR}
+
+${OBJS} ${POBJS} ${SOBJS}: ssh_namespace.h
diff --git a/secure/libexec/ssh-keysign/Makefile b/secure/libexec/ssh-keysign/Makefile
new file mode 100644
index 0000000..75f1b6c
--- /dev/null
+++ b/secure/libexec/ssh-keysign/Makefile
@@ -0,0 +1,18 @@
+# $FreeBSD$
+
+PROG= ssh-keysign
+SRCS= ssh-keysign.c readconf.c roaming_dummy.c
+MAN= ssh-keysign.8
+CFLAGS+=-I${SSHDIR} -include ssh_namespace.h
+.if defined(ENABLE_SUID_SSH)
+BINMODE=4511
+.endif
+
+DPADD= ${LIBSSH} ${LIBCRYPT} ${LIBCRYPTO} ${LIBZ}
+LDADD= -lssh -lcrypt -lcrypto -lz
+
+.include <bsd.prog.mk>
+
+.PATH: ${SSHDIR}
+
+${OBJS} ${POBJS} ${SOBJS}: ssh_namespace.h
diff --git a/secure/libexec/ssh-pkcs11-helper/Makefile b/secure/libexec/ssh-pkcs11-helper/Makefile
new file mode 100644
index 0000000..f575a08
--- /dev/null
+++ b/secure/libexec/ssh-pkcs11-helper/Makefile
@@ -0,0 +1,16 @@
+# $FreeBSD$
+
+PROG= ssh-pkcs11-helper
+SRCS= ssh-pkcs11.c ssh-pkcs11-helper.c
+SRCS+= roaming_dummy.c
+MAN= ssh-pkcs11-helper.8
+CFLAGS+=-I${SSHDIR} -include ssh_namespace.h
+
+DPADD= ${LIBSSH} ${LIBCRYPT} ${LIBCRYPTO} ${LIBZ}
+LDADD= -lssh -lcrypt -lcrypto -lz
+
+.include <bsd.prog.mk>
+
+.PATH: ${SSHDIR}
+
+${OBJS} ${POBJS} ${SOBJS}: ssh_namespace.h
diff --git a/secure/usr.bin/Makefile b/secure/usr.bin/Makefile
new file mode 100644
index 0000000..b10a43b
--- /dev/null
+++ b/secure/usr.bin/Makefile
@@ -0,0 +1,13 @@
+# $FreeBSD$
+
+.include <bsd.own.mk>
+
+SUBDIR=
+.if ${MK_OPENSSL} != "no"
+SUBDIR+=bdes openssl
+.if ${MK_OPENSSH} != "no"
+SUBDIR+=scp sftp ssh ssh-add ssh-agent ssh-keygen ssh-keyscan
+.endif
+.endif
+
+.include <bsd.subdir.mk>
diff --git a/secure/usr.bin/Makefile.inc b/secure/usr.bin/Makefile.inc
new file mode 100644
index 0000000..4cec6fe
--- /dev/null
+++ b/secure/usr.bin/Makefile.inc
@@ -0,0 +1,5 @@
+# $FreeBSD$
+
+BINDIR?= /usr/bin
+
+.include "../Makefile.inc"
diff --git a/secure/usr.bin/bdes/Makefile b/secure/usr.bin/bdes/Makefile
new file mode 100644
index 0000000..306fc2c
--- /dev/null
+++ b/secure/usr.bin/bdes/Makefile
@@ -0,0 +1,11 @@
+# @(#)Makefile 8.1 (Berkeley) 6/6/93
+# $FreeBSD$
+
+PROG= bdes
+
+WARNS?= 2
+
+DPADD= ${LIBCRYPTO}
+LDADD= -lcrypto
+
+.include <bsd.prog.mk>
diff --git a/secure/usr.bin/bdes/bdes.1 b/secure/usr.bin/bdes/bdes.1
new file mode 100644
index 0000000..367d32d
--- /dev/null
+++ b/secure/usr.bin/bdes/bdes.1
@@ -0,0 +1,415 @@
+.\" Copyright (c) 1991, 1993
+.\" The Regents of the University of California. All rights reserved.
+.\"
+.\" This code is derived from software contributed to Berkeley by
+.\" Matt Bishop of Dartmouth College.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\" notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\" notice, this list of conditions and the following disclaimer in the
+.\" documentation and/or other materials provided with the distribution.
+.\" 3. All advertising materials mentioning features or use of this software
+.\" must display the following acknowledgement:
+.\" This product includes software developed by the University of
+.\" California, Berkeley and its contributors.
+.\" 4. Neither the name of the University nor the names of its contributors
+.\" may be used to endorse or promote products derived from this software
+.\" without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\" @(#)bdes.1 8.1 (Berkeley) 6/29/93
+.\" $FreeBSD$
+.\"
+.Dd June 29, 1993
+.Dt BDES 1
+.Os
+.Sh NAME
+.Nm bdes
+.Nd "encrypt/decrypt using the Data Encryption Standard (DES)"
+.Sh SYNOPSIS
+.Nm
+.Op Fl abdp
+.Op Fl F Ar N
+.Op Fl f Ar N
+.Op Fl k Ar key
+.Op Fl m Ar N
+.Op Fl o Ar N
+.Op Fl v Ar vector
+.Sh DESCRIPTION
+The
+.Nm
+utility implements all
+.Tn DES
+modes of operation described in
+.%T "FIPS PUB 81" ,
+including alternative cipher feedback mode and both authentication
+modes.
+The
+.Nm
+utility reads from the standard input
+and writes to the standard output.
+By default,
+the input is encrypted
+using cipher block chaining (CBC) mode.
+Using the same key
+for encryption and decryption
+preserves plain text.
+.Pp
+All modes but the electronic code book (ECB) mode
+require an initialization vector;
+if none is supplied,
+the zero vector is used.
+If no
+.Ar key
+is specified on the command line,
+the user is prompted for one (see
+.Xr getpass 3
+for more details).
+.Pp
+The options are as follows:
+.Bl -tag -width indent
+.It Fl a
+The key and initialization vector strings
+are to be taken as
+.Tn ASCII ,
+suppressing the special interpretation given to leading
+.Dq Li 0X ,
+.Dq Li 0x ,
+.Dq Li 0B ,
+and
+.Dq Li 0b
+characters.
+This flag applies to
+.Em both
+the key and initialization vector.
+.It Fl b
+Use ECB mode.
+.It Fl d
+Decrypt the input.
+.It Fl F Ar N
+Use
+.Ar N Ns \-bit
+alternative CFB mode.
+Currently
+.Ar N
+must be a multiple of 7
+between 7 and 56 inclusive
+(this does not conform to the alternative CFB mode specification).
+.It Fl f Ar N
+Use
+.Ar N Ns \-bit
+CFB mode.
+Currently
+.Ar N
+must be a multiple of 8 between 8 and 64 inclusive (this does not conform
+to the standard CFB mode specification).
+.It Fl k Ar key
+Use
+.Ar key
+as the cryptographic key.
+.It Fl m Ar N
+Compute a message authentication code (MAC) of
+.Ar N
+bits on the input.
+The value of
+.Ar N
+must be between 1 and 64 inclusive; if
+.Ar N
+is not a multiple of 8,
+enough 0 bits will be added
+to pad the MAC length
+to the nearest multiple of 8.
+Only the MAC is output.
+MACs are only available
+in CBC mode
+or in CFB mode.
+.It Fl o Ar N
+Use
+.Ar N Ns \-bit
+ouput feedback (OFB) mode.
+Currently
+.Ar N
+must be a multiple of 8 between 8 and 64 inclusive (this does not conform
+to the OFB mode specification).
+.It Fl p
+Disable the resetting of the parity bit.
+This flag forces
+the parity bit of the key
+to be used as typed,
+rather than making
+each character be of odd parity.
+It is used only if the key is given in
+.Tn ASCII .
+.It Fl v Ar vector
+Set the initialization vector to
+.Ar vector ;
+the vector is interpreted in the same way as the key.
+The vector is ignored in ECB mode.
+.El
+.Pp
+The key and initialization vector
+are taken as sequences of
+.Tn ASCII
+characters which are then mapped
+into their bit representations.
+If either begins with
+.Dq Li 0X
+or
+.Dq Li 0x ,
+that one is taken
+as a sequence of hexadecimal digits
+indicating the bit pattern;
+if either begins with
+.Dq Li 0B
+or
+.Dq Li 0b ,
+that one is taken
+as a sequence of binary digits
+indicating the bit pattern.
+In either case,
+only the leading 64 bits
+of the key or initialization vector
+are used,
+and if fewer than 64 bits are provided,
+enough 0 bits are appended
+to pad the key to 64 bits.
+.Pp
+According to the
+.Tn DES
+standard,
+the low-order bit of each character
+in the key string is deleted.
+Since most
+.Tn ASCII
+representations
+set the high-order bit to 0,
+simply deleting the low-order bit
+effectively reduces the size of the key space
+from 2^56 to 2^48 keys.
+To prevent this,
+the high-order bit must be a function
+depending in part upon the low-order bit;
+so,
+the high-order bit is set
+to whatever value gives odd parity.
+This preserves the key space size.
+Note this resetting of the parity bit is
+.Em not
+done if the key
+is given in binary or hex,
+and can be disabled for
+.Tn ASCII
+keys as well.
+.Pp
+The
+.Tn DES
+is considered a very strong cryptosystem,
+and other than table lookup attacks,
+key search attacks,
+and Hellman's time-memory tradeoff
+(all of which are very expensive and time-consuming),
+no cryptanalytic methods
+for breaking the
+.Tn DES
+are known in the open literature.
+No doubt the choice of keys
+and key security
+are the most vulnerable aspect of
+.Nm .
+.Sh IMPLEMENTATION NOTES
+For implementors wishing to write
+software compatible with this program,
+the following notes are provided.
+This software is believed
+to be compatible with the implementation
+of the data encryption standard
+distributed by Sun Microsystems, Inc.
+.Pp
+In the ECB and CBC modes,
+plaintext is encrypted in units of 64 bits
+(8 bytes, also called a block).
+To ensure that the plaintext file
+is encrypted correctly,
+.Nm
+will (internally) append from 1 to 8 bytes,
+the last byte containing an integer
+stating how many bytes of that final block
+are from the plaintext file,
+and encrypt the resulting block.
+Hence,
+when decrypting,
+the last block may contain from 0 to 7 characters
+present in the plaintext file,
+and the last byte tells how many.
+Note that if during decryption
+the last byte of the file
+does not contain an integer between 0 and 7,
+either the file has been corrupted
+or an incorrect key has been given.
+A similar mechanism is used
+for the OFB and CFB modes,
+except that those
+simply require the length of the input
+to be a multiple of the mode size,
+and the final byte contains an integer
+between 0 and one less than the number
+of bytes being used as the mode.
+(This was another reason
+that the mode size must be
+a multiple of 8 for those modes.)
+.Pp
+Unlike Sun's implementation,
+unused bytes of that last block
+are not filled with random data,
+but instead contain
+what was in those byte positions
+in the preceding block.
+This is quicker and more portable,
+and does not weaken the encryption significantly.
+.Pp
+If the key is entered in
+.Tn ASCII ,
+the parity bits of the key characters
+are set so that each key character
+is of odd parity.
+Unlike Sun's implementation,
+it is possible to enter binary or hexadecimal
+keys on the command line,
+and if this is done,
+the parity bits are
+.Em not
+reset.
+This allows testing
+using arbitrary bit patterns as keys.
+.Pp
+The Sun implementation
+always uses an initialization vector of 0
+(that is, all zeroes).
+By default,
+.Nm
+does too,
+but this may be changed
+from the command line.
+.Sh SEE ALSO
+.Xr getpass 3
+.Rs
+.%T "Data Encryption Standard"
+.%R "Federal Information Processing Standard #46"
+.%Q "National Bureau of Standards, U.S. Department of Commerce, Washington DC"
+.%D "January 1977"
+.Re
+.Rs
+.%T "DES Modes of Operation"
+.%R "Federal Information Processing Standard #81"
+.%Q "National Bureau of Standards, U.S. Department of Commerce, Washington DC"
+.%D "December 1980"
+.Re
+.Rs
+.%A "Dorothy Denning"
+.%B "Cryptography and Data Security"
+.%Q "Addison-Wesley Publishing Co., Reading, MA"
+.%D 1982
+.Re
+.Rs
+.%A "Matt Bishop"
+.%T "Implementation Notes on bdes(1)"
+.%R "Technical Report PCS-TR-91-158"
+.%Q "Department of Mathematics and Computer Science, Dartmouth College, Hanover, NH 03755"
+.%D "April 1991"
+.Re
+.Sh DISCLAIMER
+.Bd -literal
+THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+SUCH DAMAGE.
+.Ed
+.Sh BUGS
+There is a controversy raging over whether the
+.Tn DES
+will still be secure
+in a few years.
+The advent of special-purpose hardware
+could reduce the cost of any of the
+methods of attack named above
+so that they are no longer
+computationally infeasible.
+.Pp
+As the key or key schedule
+is stored in memory,
+the encryption can be
+compromised if memory is readable.
+Additionally,
+programs which display programs' arguments
+may compromise the key and initialization vector,
+if they are specified on the command line.
+To avoid this
+.Nm
+overwrites its arguments,
+however,
+the obvious race
+cannot currently be avoided.
+.Pp
+Certain specific keys
+should be avoided
+because they introduce
+potential weaknesses;
+these keys,
+called the
+.Em weak
+and
+.Em semiweak
+keys, are (in hex notation, where
+.Ar p
+is either 0 or 1, and
+.Ar P
+is either
+.Ql e
+or
+.Ql f ) :
+.Bl -column "0x0p0p0p0p0p0p0p0p" -offset indent
+.It "0x0p0p0p0p0p0p0p0p 0x0p1P0p1P0p0P0p0P"
+.It "0x0pep0pep0pfp0pfp 0x0pfP0pfP0pfP0pfP"
+.It "0x1P0p1P0p0P0p0P0p 0x1P1P1P1P0P0P0P0P"
+.It "0x1Pep1Pep0Pfp0Pfp 0x1PfP1PfP0PfP0PfP"
+.It "0xep0pep0pfp0pfp0p 0xep1Pep1pfp0Pfp0P"
+.It "0xepepepepepepepep 0xepfPepfPfpfPfpfP"
+.It "0xfP0pfP0pfP0pfP0p 0xfP1PfP1PfP0PfP0P"
+.It "0xfPepfPepfPepfPep 0xfPfPfPfPfPfPfPfP"
+.El
+.Pp
+This is inherent in the
+.Tn DES
+algorithm;
+see
+.Rs
+.%A Moore
+.%A Simmons
+.%T "Cycle structure of the DES with weak and semi-weak keys"
+.%B "Advances in Cryptology \- Crypto '86 Proceedings"
+.%Q "Springer-Verlag New York"
+.%D 1987
+.%P "pp. 9-32"
+.Re
diff --git a/secure/usr.bin/bdes/bdes.c b/secure/usr.bin/bdes/bdes.c
new file mode 100644
index 0000000..cbab5d7
--- /dev/null
+++ b/secure/usr.bin/bdes/bdes.c
@@ -0,0 +1,1005 @@
+/*-
+ * Copyright (c) 1991, 1993
+ * The Regents of the University of California. All rights reserved.
+ *
+ * This code is derived from software contributed to Berkeley by
+ * Matt Bishop of Dartmouth College.
+ *
+ * The United States Government has rights in this work pursuant
+ * to contract no. NAG 2-680 between the National Aeronautics and
+ * Space Administration and Dartmouth College.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the University of
+ * California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifndef lint
+static const char copyright[] =
+"@(#) Copyright (c) 1991, 1993\n\
+ The Regents of the University of California. All rights reserved.\n";
+#endif /* not lint */
+
+#ifndef lint
+#if 0
+static char sccsid[] = "@(#)bdes.c 8.1 (Berkeley) 6/6/93";
+#endif
+#endif /* not lint */
+
+/*
+ * BDES -- DES encryption package for Berkeley Software Distribution 4.4
+ * options:
+ * -a key is in ASCII
+ * -b use ECB (electronic code book) mode
+ * -d invert (decrypt) input
+ * -f b use b-bit CFB (cipher feedback) mode
+ * -F b use b-bit CFB (cipher feedback) alternative mode
+ * -k key use key as the cryptographic key
+ * -m b generate a MAC of length b
+ * -o b use b-bit OFB (output feedback) mode
+ * -p don't reset the parity bit
+ * -v v use v as the initialization vector (ignored for ECB)
+ * note: the last character of the last block is the integer indicating
+ * how many characters of that block are to be output
+ *
+ * Author: Matt Bishop
+ * Department of Mathematics and Computer Science
+ * Dartmouth College
+ * Hanover, NH 03755
+ * Email: Matt.Bishop@dartmouth.edu
+ * ...!decvax!dartvax!Matt.Bishop
+ *
+ * See Technical Report PCS-TR91-158, Department of Mathematics and Computer
+ * Science, Dartmouth College, for a detailed description of the implemen-
+ * tation and differences between it and Sun's. The DES is described in
+ * FIPS PUB 46, and the modes in FIPS PUB 81 (see either the manual page
+ * or the technical report for a complete reference).
+ */
+
+#include <sys/cdefs.h>
+__FBSDID("$FreeBSD$");
+
+#include <sys/types.h>
+
+#include <ctype.h>
+#include <err.h>
+#include <errno.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+
+#include <openssl/des.h>
+
+/*
+ * BSD and System V systems offer special library calls that do
+ * block moves and fills, so if possible we take advantage of them
+ */
+#define MEMCPY(dest,src,len) bcopy((src),(dest),(len))
+#define MEMZERO(dest,len) bzero((dest),(len))
+
+#define DES_XFORM(buf) \
+ DES_ecb_encrypt(buf, buf, &schedule, \
+ mode == MODE_ENCRYPT ? DES_ENCRYPT : DES_DECRYPT);
+
+/*
+ * this does an error-checking write
+ */
+#define READ(buf, n) fread(buf, sizeof(char), n, stdin)
+#define WRITE(buf,n) \
+ if (fwrite(buf, sizeof(char), n, stdout) != n) \
+ warnx("fwrite error at %d", n);
+
+/*
+ * global variables and related macros
+ */
+#define KEY_DEFAULT 0 /* interpret radix of key from key */
+#define KEY_ASCII 1 /* key is in ASCII characters */
+int keybase = KEY_DEFAULT; /* how to interpret the key */
+
+enum { /* encrypt, decrypt, authenticate */
+ MODE_ENCRYPT, MODE_DECRYPT, MODE_AUTHENTICATE
+} mode = MODE_ENCRYPT;
+
+enum { /* ecb, cbc, cfb, cfba, ofb? */
+ ALG_ECB, ALG_CBC, ALG_CFB, ALG_OFB, ALG_CFBA
+} alg = ALG_CBC;
+
+DES_cblock ivec; /* initialization vector */
+
+char bits[] = { /* used to extract bits from a char */
+ '\200', '\100', '\040', '\020', '\010', '\004', '\002', '\001'
+};
+
+int inverse; /* 0 to encrypt, 1 to decrypt */
+int macbits = -1; /* number of bits in authentication */
+int fbbits = -1; /* number of feedback bits */
+int pflag; /* 1 to preserve parity bits */
+
+DES_key_schedule schedule; /* expanded DES key */
+
+static void ecbenc(void);
+static void ecbdec(void);
+static void cbcenc(void);
+static void cbcdec(void);
+static void cfbenc(void);
+static void cfbdec(void);
+static void cfbaenc(void);
+static void cfbadec(void);
+static void ofbenc(void);
+static void ofbdec(void);
+
+static void cbcauth(void);
+static void cfbauth(void);
+
+static void cvtkey(DES_cblock, char *);
+static int setbits(char *, int);
+static void makekey(DES_cblock *);
+static int tobinhex(char, int);
+
+static void usage(void);
+
+int
+main(int argc, char *argv[])
+{
+ extern char *optarg; /* argument to option if any */
+ int i; /* counter in a for loop */
+ char *p; /* used to obtain the key */
+ DES_cblock msgbuf; /* I/O buffer */
+ int kflag; /* command-line encryption key */
+
+ setproctitle("-"); /* Hide command-line arguments */
+
+ /* initialize the initialization vector */
+ MEMZERO(ivec, 8);
+
+ /* process the argument list */
+ kflag = 0;
+ while ((i = getopt(argc, argv, "abdF:f:k:m:o:pv:")) != -1)
+ switch(i) {
+ case 'a': /* key is ASCII */
+ keybase = KEY_ASCII;
+ break;
+ case 'b': /* use ECB mode */
+ alg = ALG_ECB;
+ break;
+ case 'd': /* decrypt */
+ mode = MODE_DECRYPT;
+ break;
+ case 'F': /* use alternative CFB mode */
+ alg = ALG_CFBA;
+ if ((fbbits = setbits(optarg, 7)) > 56 || fbbits == 0)
+ errx(1, "-F: number must be 1-56 inclusive");
+ else if (fbbits == -1)
+ errx(1, "-F: number must be a multiple of 7");
+ break;
+ case 'f': /* use CFB mode */
+ alg = ALG_CFB;
+ if ((fbbits = setbits(optarg, 8)) > 64 || fbbits == 0)
+ errx(1, "-f: number must be 1-64 inclusive");
+ else if (fbbits == -1)
+ errx(1, "-f: number must be a multiple of 8");
+ break;
+ case 'k': /* encryption key */
+ kflag = 1;
+ cvtkey(msgbuf, optarg);
+ break;
+ case 'm': /* number of bits for MACing */
+ mode = MODE_AUTHENTICATE;
+ if ((macbits = setbits(optarg, 1)) > 64)
+ errx(1, "-m: number must be 0-64 inclusive");
+ break;
+ case 'o': /* use OFB mode */
+ alg = ALG_OFB;
+ if ((fbbits = setbits(optarg, 8)) > 64 || fbbits == 0)
+ errx(1, "-o: number must be 1-64 inclusive");
+ else if (fbbits == -1)
+ errx(1, "-o: number must be a multiple of 8");
+ break;
+ case 'p': /* preserve parity bits */
+ pflag = 1;
+ break;
+ case 'v': /* set initialization vector */
+ cvtkey(ivec, optarg);
+ break;
+ default: /* error */
+ usage();
+ }
+
+ if (!kflag) {
+ /*
+ * if the key's not ASCII, assume it is
+ */
+ keybase = KEY_ASCII;
+ /*
+ * get the key
+ */
+ p = getpass("Enter key: ");
+ /*
+ * copy it, nul-padded, into the key area
+ */
+ cvtkey(msgbuf, p);
+ }
+
+ makekey(&msgbuf);
+ inverse = (alg == ALG_CBC || alg == ALG_ECB) && mode == MODE_DECRYPT;
+
+ switch(alg) {
+ case ALG_CBC:
+ switch(mode) {
+ case MODE_AUTHENTICATE: /* authenticate using CBC mode */
+ cbcauth();
+ break;
+ case MODE_DECRYPT: /* decrypt using CBC mode */
+ cbcdec();
+ break;
+ case MODE_ENCRYPT: /* encrypt using CBC mode */
+ cbcenc();
+ break;
+ }
+ break;
+ case ALG_CFB:
+ switch(mode) {
+ case MODE_AUTHENTICATE: /* authenticate using CFB mode */
+ cfbauth();
+ break;
+ case MODE_DECRYPT: /* decrypt using CFB mode */
+ cfbdec();
+ break;
+ case MODE_ENCRYPT: /* encrypt using CFB mode */
+ cfbenc();
+ break;
+ }
+ break;
+ case ALG_CFBA:
+ switch(mode) {
+ case MODE_AUTHENTICATE: /* authenticate using CFBA mode */
+ errx(1, "can't authenticate with CFBA mode");
+ break;
+ case MODE_DECRYPT: /* decrypt using CFBA mode */
+ cfbadec();
+ break;
+ case MODE_ENCRYPT: /* encrypt using CFBA mode */
+ cfbaenc();
+ break;
+ }
+ break;
+ case ALG_ECB:
+ switch(mode) {
+ case MODE_AUTHENTICATE: /* authenticate using ECB mode */
+ errx(1, "can't authenticate with ECB mode");
+ break;
+ case MODE_DECRYPT: /* decrypt using ECB mode */
+ ecbdec();
+ break;
+ case MODE_ENCRYPT: /* encrypt using ECB mode */
+ ecbenc();
+ break;
+ }
+ break;
+ case ALG_OFB:
+ switch(mode) {
+ case MODE_AUTHENTICATE: /* authenticate using OFB mode */
+ errx(1, "can't authenticate with OFB mode");
+ break;
+ case MODE_DECRYPT: /* decrypt using OFB mode */
+ ofbdec();
+ break;
+ case MODE_ENCRYPT: /* encrypt using OFB mode */
+ ofbenc();
+ break;
+ }
+ break;
+ }
+ return (0);
+}
+
+/*
+ * map a hex character to an integer
+ */
+static int
+tobinhex(char c, int radix)
+{
+ switch(c) {
+ case '0': return(0x0);
+ case '1': return(0x1);
+ case '2': return(radix > 2 ? 0x2 : -1);
+ case '3': return(radix > 3 ? 0x3 : -1);
+ case '4': return(radix > 4 ? 0x4 : -1);
+ case '5': return(radix > 5 ? 0x5 : -1);
+ case '6': return(radix > 6 ? 0x6 : -1);
+ case '7': return(radix > 7 ? 0x7 : -1);
+ case '8': return(radix > 8 ? 0x8 : -1);
+ case '9': return(radix > 9 ? 0x9 : -1);
+ case 'A': case 'a': return(radix > 10 ? 0xa : -1);
+ case 'B': case 'b': return(radix > 11 ? 0xb : -1);
+ case 'C': case 'c': return(radix > 12 ? 0xc : -1);
+ case 'D': case 'd': return(radix > 13 ? 0xd : -1);
+ case 'E': case 'e': return(radix > 14 ? 0xe : -1);
+ case 'F': case 'f': return(radix > 15 ? 0xf : -1);
+ }
+ /*
+ * invalid character
+ */
+ return(-1);
+}
+
+/*
+ * convert the key to a bit pattern
+ */
+static void
+cvtkey(DES_cblock obuf, char *ibuf)
+{
+ int i, j; /* counter in a for loop */
+ int nbuf[64]; /* used for hex/key translation */
+
+ /*
+ * just switch on the key base
+ */
+ switch(keybase) {
+ case KEY_ASCII: /* ascii to integer */
+ (void)strncpy(obuf, ibuf, 8);
+ return;
+ case KEY_DEFAULT: /* tell from context */
+ /*
+ * leading '0x' or '0X' == hex key
+ */
+ if (ibuf[0] == '0' && (ibuf[1] == 'x' || ibuf[1] == 'X')) {
+ ibuf = &ibuf[2];
+ /*
+ * now translate it, bombing on any illegal hex digit
+ */
+ for (i = 0; ibuf[i] && i < 16; i++)
+ if ((nbuf[i] = tobinhex(ibuf[i], 16)) == -1)
+ warnx("bad hex digit in key");
+ while (i < 16)
+ nbuf[i++] = 0;
+ for (i = 0; i < 8; i++)
+ obuf[i] =
+ ((nbuf[2*i]&0xf)<<4) | (nbuf[2*i+1]&0xf);
+ /* preserve parity bits */
+ pflag = 1;
+ return;
+ }
+ /*
+ * leading '0b' or '0B' == binary key
+ */
+ if (ibuf[0] == '0' && (ibuf[1] == 'b' || ibuf[1] == 'B')) {
+ ibuf = &ibuf[2];
+ /*
+ * now translate it, bombing on any illegal binary digit
+ */
+ for (i = 0; ibuf[i] && i < 16; i++)
+ if ((nbuf[i] = tobinhex(ibuf[i], 2)) == -1)
+ warnx("bad binary digit in key");
+ while (i < 64)
+ nbuf[i++] = 0;
+ for (i = 0; i < 8; i++)
+ for (j = 0; j < 8; j++)
+ obuf[i] = (obuf[i]<<1)|nbuf[8*i+j];
+ /* preserve parity bits */
+ pflag = 1;
+ return;
+ }
+ /*
+ * no special leader -- ASCII
+ */
+ (void)strncpy(obuf, ibuf, 8);
+ }
+}
+
+/*
+ * convert an ASCII string into a decimal number:
+ * 1. must be between 0 and 64 inclusive
+ * 2. must be a valid decimal number
+ * 3. must be a multiple of mult
+ */
+static int
+setbits(char *s, int mult)
+{
+ char *p; /* pointer in a for loop */
+ int n = 0; /* the integer collected */
+
+ /*
+ * skip white space
+ */
+ while (isspace(*s))
+ s++;
+ /*
+ * get the integer
+ */
+ for (p = s; *p; p++) {
+ if (isdigit(*p))
+ n = n * 10 + *p - '0';
+ else {
+ warnx("bad decimal digit in MAC length");
+ }
+ }
+ /*
+ * be sure it's a multiple of mult
+ */
+ return((n % mult != 0) ? -1 : n);
+}
+
+/*****************
+ * DES FUNCTIONS *
+ *****************/
+/*
+ * This sets the DES key and (if you're using the deszip version)
+ * the direction of the transformation. This uses the Sun
+ * to map the 64-bit key onto the 56 bits that the key schedule
+ * generation routines use: the old way, which just uses the user-
+ * supplied 64 bits as is, and the new way, which resets the parity
+ * bit to be the same as the low-order bit in each character. The
+ * new way generates a greater variety of key schedules, since many
+ * systems set the parity (high) bit of each character to 0, and the
+ * DES ignores the low order bit of each character.
+ */
+static void
+makekey(DES_cblock *buf)
+{
+ int i, j; /* counter in a for loop */
+ int par; /* parity counter */
+
+ /*
+ * if the parity is not preserved, flip it
+ */
+ if (!pflag) {
+ for (i = 0; i < 8; i++) {
+ par = 0;
+ for (j = 1; j < 8; j++)
+ if ((bits[j] & (*buf)[i]) != 0)
+ par++;
+ if ((par & 0x01) == 0x01)
+ (*buf)[i] &= 0x7f;
+ else
+ (*buf)[i] = ((*buf)[i] & 0x7f) | 0x80;
+ }
+ }
+
+ DES_set_odd_parity(buf);
+ DES_set_key(buf, &schedule);
+}
+
+/*
+ * This encrypts using the Electronic Code Book mode of DES
+ */
+static void
+ecbenc(void)
+{
+ int n; /* number of bytes actually read */
+ int bn; /* block number */
+ DES_cblock msgbuf; /* I/O buffer */
+
+ for (bn = 0; (n = READ(msgbuf, 8)) == 8; bn++) {
+ /*
+ * do the transformation
+ */
+ DES_XFORM(&msgbuf);
+ WRITE(&msgbuf, 8);
+ }
+ /*
+ * at EOF or last block -- in either case, the last byte contains
+ * the character representation of the number of bytes in it
+ */
+ bn++;
+ MEMZERO(&msgbuf[n], 8 - n);
+ msgbuf[7] = n;
+ DES_XFORM(&msgbuf);
+ WRITE(&msgbuf, 8);
+
+}
+
+/*
+ * This decrypts using the Electronic Code Book mode of DES
+ */
+static void
+ecbdec(void)
+{
+ int n; /* number of bytes actually read */
+ int c; /* used to test for EOF */
+ int bn; /* block number */
+ DES_cblock msgbuf; /* I/O buffer */
+
+ for (bn = 1; (n = READ(msgbuf, 8)) == 8; bn++) {
+ /*
+ * do the transformation
+ */
+ DES_XFORM(&msgbuf);
+ /*
+ * if the last one, handle it specially
+ */
+ if ((c = getchar()) == EOF) {
+ n = msgbuf[7];
+ if (n < 0 || n > 7)
+ warnx("decryption failed (block corrupt) at %d",
+ bn);
+ }
+ else
+ (void)ungetc(c, stdin);
+ WRITE(msgbuf, n);
+ }
+ if (n > 0)
+ warnx("decryption failed (incomplete block) at %d", bn);
+}
+
+/*
+ * This encrypts using the Cipher Block Chaining mode of DES
+ */
+static void
+cbcenc(void)
+{
+ int n; /* number of bytes actually read */
+ int bn; /* block number */
+ DES_cblock msgbuf; /* I/O buffer */
+
+ /*
+ * do the transformation
+ */
+ for (bn = 1; (n = READ(msgbuf, 8)) == 8; bn++) {
+ for (n = 0; n < 8; n++)
+ msgbuf[n] ^= ivec[n];
+ DES_XFORM(&msgbuf);
+ MEMCPY(ivec, msgbuf, 8);
+ WRITE(msgbuf, 8);
+ }
+ /*
+ * at EOF or last block -- in either case, the last byte contains
+ * the character representation of the number of bytes in it
+ */
+ bn++;
+ MEMZERO(&msgbuf[n], 8 - n);
+ msgbuf[7] = n;
+ for (n = 0; n < 8; n++)
+ msgbuf[n] ^= ivec[n];
+ DES_XFORM(&msgbuf);
+ WRITE(msgbuf, 8);
+
+}
+
+/*
+ * This decrypts using the Cipher Block Chaining mode of DES
+ */
+static void
+cbcdec(void)
+{
+ int n; /* number of bytes actually read */
+ DES_cblock msgbuf; /* I/O buffer */
+ DES_cblock ibuf; /* temp buffer for initialization vector */
+ int c; /* used to test for EOF */
+ int bn; /* block number */
+
+ for (bn = 0; (n = READ(msgbuf, 8)) == 8; bn++) {
+ /*
+ * do the transformation
+ */
+ MEMCPY(ibuf, msgbuf, 8);
+ DES_XFORM(&msgbuf);
+ for (c = 0; c < 8; c++)
+ msgbuf[c] ^= ivec[c];
+ MEMCPY(ivec, ibuf, 8);
+ /*
+ * if the last one, handle it specially
+ */
+ if ((c = getchar()) == EOF) {
+ n = msgbuf[7];
+ if (n < 0 || n > 7)
+ warnx("decryption failed (block corrupt) at %d",
+ bn);
+ }
+ else
+ (void)ungetc(c, stdin);
+ WRITE(msgbuf, n);
+ }
+ if (n > 0)
+ warnx("decryption failed (incomplete block) at %d", bn);
+}
+
+/*
+ * This authenticates using the Cipher Block Chaining mode of DES
+ */
+static void
+cbcauth(void)
+{
+ int n, j; /* number of bytes actually read */
+ DES_cblock msgbuf; /* I/O buffer */
+ DES_cblock encbuf; /* encryption buffer */
+
+ /*
+ * do the transformation
+ * note we DISCARD the encrypted block;
+ * we only care about the last one
+ */
+ while ((n = READ(msgbuf, 8)) == 8) {
+ for (n = 0; n < 8; n++)
+ encbuf[n] = msgbuf[n] ^ ivec[n];
+ DES_XFORM(&encbuf);
+ MEMCPY(ivec, encbuf, 8);
+ }
+ /*
+ * now compute the last one, right padding with '\0' if need be
+ */
+ if (n > 0) {
+ MEMZERO(&msgbuf[n], 8 - n);
+ for (n = 0; n < 8; n++)
+ encbuf[n] = msgbuf[n] ^ ivec[n];
+ DES_XFORM(&encbuf);
+ }
+ /*
+ * drop the bits
+ * we write chars until fewer than 7 bits,
+ * and then pad the last one with 0 bits
+ */
+ for (n = 0; macbits > 7; n++, macbits -= 8)
+ (void)putchar(encbuf[n]);
+ if (macbits > 0) {
+ msgbuf[0] = 0x00;
+ for (j = 0; j < macbits; j++)
+ msgbuf[0] |= encbuf[n] & bits[j];
+ (void)putchar(msgbuf[0]);
+ }
+}
+
+/*
+ * This encrypts using the Cipher FeedBack mode of DES
+ */
+static void
+cfbenc(void)
+{
+ int n; /* number of bytes actually read */
+ int nbytes; /* number of bytes to read */
+ int bn; /* block number */
+ char ibuf[8]; /* input buffer */
+ DES_cblock msgbuf; /* encryption buffer */
+
+ /*
+ * do things in bytes, not bits
+ */
+ nbytes = fbbits / 8;
+ /*
+ * do the transformation
+ */
+ for (bn = 1; (n = READ(ibuf, nbytes)) == nbytes; bn++) {
+ MEMCPY(msgbuf, ivec, 8);
+ DES_XFORM(&msgbuf);
+ for (n = 0; n < 8 - nbytes; n++)
+ ivec[n] = ivec[n+nbytes];
+ for (n = 0; n < nbytes; n++)
+ ivec[8 - nbytes + n] = ibuf[n] ^ msgbuf[n];
+ WRITE(&ivec[8 - nbytes], nbytes);
+ }
+ /*
+ * at EOF or last block -- in either case, the last byte contains
+ * the character representation of the number of bytes in it
+ */
+ bn++;
+ MEMZERO(&ibuf[n], nbytes - n);
+ ibuf[nbytes - 1] = n;
+ MEMCPY(msgbuf, ivec, 8);
+ DES_XFORM(&msgbuf);
+ for (n = 0; n < nbytes; n++)
+ ibuf[n] ^= msgbuf[n];
+ WRITE(ibuf, nbytes);
+}
+
+/*
+ * This decrypts using the Cipher Block Chaining mode of DES
+ */
+static void
+cfbdec(void)
+{
+ int n; /* number of bytes actually read */
+ int c; /* used to test for EOF */
+ int nbytes; /* number of bytes to read */
+ int bn; /* block number */
+ char ibuf[8]; /* input buffer */
+ char obuf[8]; /* output buffer */
+ DES_cblock msgbuf; /* encryption buffer */
+
+ /*
+ * do things in bytes, not bits
+ */
+ nbytes = fbbits / 8;
+ /*
+ * do the transformation
+ */
+ for (bn = 1; (n = READ(ibuf, nbytes)) == nbytes; bn++) {
+ MEMCPY(msgbuf, ivec, 8);
+ DES_XFORM(&msgbuf);
+ for (c = 0; c < 8 - nbytes; c++)
+ ivec[c] = ivec[c + nbytes];
+ for (c = 0; c < nbytes; c++) {
+ ivec[8 - nbytes + c] = ibuf[c];
+ obuf[c] = ibuf[c] ^ msgbuf[c];
+ }
+ /*
+ * if the last one, handle it specially
+ */
+ if ((c = getchar()) == EOF) {
+ n = obuf[nbytes-1];
+ if (n < 0 || n > nbytes-1)
+ warnx("decryption failed (block corrupt) at %d",
+ bn);
+ }
+ else
+ (void)ungetc(c, stdin);
+ WRITE(obuf, n);
+ }
+ if (n > 0)
+ warnx("decryption failed (incomplete block) at %d", bn);
+}
+
+/*
+ * This encrypts using the alternative Cipher FeedBack mode of DES
+ */
+static void
+cfbaenc(void)
+{
+ int n; /* number of bytes actually read */
+ int nbytes; /* number of bytes to read */
+ int bn; /* block number */
+ char ibuf[8]; /* input buffer */
+ char obuf[8]; /* output buffer */
+ DES_cblock msgbuf; /* encryption buffer */
+
+ /*
+ * do things in bytes, not bits
+ */
+ nbytes = fbbits / 7;
+ /*
+ * do the transformation
+ */
+ for (bn = 1; (n = READ(ibuf, nbytes)) == nbytes; bn++) {
+ MEMCPY(msgbuf, ivec, 8);
+ DES_XFORM(&msgbuf);
+ for (n = 0; n < 8 - nbytes; n++)
+ ivec[n] = ivec[n + nbytes];
+ for (n = 0; n < nbytes; n++)
+ ivec[8 - nbytes + n] = (ibuf[n] ^ msgbuf[n]) | 0x80;
+ for (n = 0; n < nbytes; n++)
+ obuf[n] = ivec[8 - nbytes + n] & 0x7f;
+ WRITE(obuf, nbytes);
+ }
+ /*
+ * at EOF or last block -- in either case, the last byte contains
+ * the character representation of the number of bytes in it
+ */
+ bn++;
+ MEMZERO(&ibuf[n], nbytes - n);
+ ibuf[nbytes - 1] = ('0' + n)|0200;
+ MEMCPY(msgbuf, ivec, 8);
+ DES_XFORM(&msgbuf);
+ for (n = 0; n < nbytes; n++)
+ ibuf[n] ^= msgbuf[n];
+ WRITE(ibuf, nbytes);
+}
+
+/*
+ * This decrypts using the alternative Cipher Block Chaining mode of DES
+ */
+static void
+cfbadec(void)
+{
+ int n; /* number of bytes actually read */
+ int c; /* used to test for EOF */
+ int nbytes; /* number of bytes to read */
+ int bn; /* block number */
+ char ibuf[8]; /* input buffer */
+ char obuf[8]; /* output buffer */
+ DES_cblock msgbuf; /* encryption buffer */
+
+ /*
+ * do things in bytes, not bits
+ */
+ nbytes = fbbits / 7;
+ /*
+ * do the transformation
+ */
+ for (bn = 1; (n = READ(ibuf, nbytes)) == nbytes; bn++) {
+ MEMCPY(msgbuf, ivec, 8);
+ DES_XFORM(&msgbuf);
+ for (c = 0; c < 8 - nbytes; c++)
+ ivec[c] = ivec[c + nbytes];
+ for (c = 0; c < nbytes; c++) {
+ ivec[8 - nbytes + c] = ibuf[c] | 0x80;
+ obuf[c] = (ibuf[c] ^ msgbuf[c]) & 0x7f;
+ }
+ /*
+ * if the last one, handle it specially
+ */
+ if ((c = getchar()) == EOF) {
+ if ((n = (obuf[nbytes-1] - '0')) < 0
+ || n > nbytes-1)
+ warnx("decryption failed (block corrupt) at %d",
+ bn);
+ }
+ else
+ (void)ungetc(c, stdin);
+ WRITE(obuf, n);
+ }
+ if (n > 0)
+ warnx("decryption failed (incomplete block) at %d", bn);
+}
+
+
+/*
+ * This encrypts using the Output FeedBack mode of DES
+ */
+static void
+ofbenc(void)
+{
+ int n; /* number of bytes actually read */
+ int c; /* used to test for EOF */
+ int nbytes; /* number of bytes to read */
+ int bn; /* block number */
+ char ibuf[8]; /* input buffer */
+ char obuf[8]; /* output buffer */
+ DES_cblock msgbuf; /* encryption buffer */
+
+ /*
+ * do things in bytes, not bits
+ */
+ nbytes = fbbits / 8;
+ /*
+ * do the transformation
+ */
+ for (bn = 1; (n = READ(ibuf, nbytes)) == nbytes; bn++) {
+ MEMCPY(msgbuf, ivec, 8);
+ DES_XFORM(&msgbuf);
+ for (n = 0; n < 8 - nbytes; n++)
+ ivec[n] = ivec[n + nbytes];
+ for (n = 0; n < nbytes; n++) {
+ ivec[8 - nbytes + n] = msgbuf[n];
+ obuf[n] = ibuf[n] ^ msgbuf[n];
+ }
+ WRITE(obuf, nbytes);
+ }
+ /*
+ * at EOF or last block -- in either case, the last byte contains
+ * the character representation of the number of bytes in it
+ */
+ bn++;
+ MEMZERO(&ibuf[n], nbytes - n);
+ ibuf[nbytes - 1] = n;
+ MEMCPY(msgbuf, ivec, 8);
+ DES_XFORM(&msgbuf);
+ for (c = 0; c < nbytes; c++)
+ ibuf[c] ^= msgbuf[c];
+ WRITE(ibuf, nbytes);
+}
+
+/*
+ * This decrypts using the Output Block Chaining mode of DES
+ */
+static void
+ofbdec(void)
+{
+ int n; /* number of bytes actually read */
+ int c; /* used to test for EOF */
+ int nbytes; /* number of bytes to read */
+ int bn; /* block number */
+ char ibuf[8]; /* input buffer */
+ char obuf[8]; /* output buffer */
+ DES_cblock msgbuf; /* encryption buffer */
+
+ /*
+ * do things in bytes, not bits
+ */
+ nbytes = fbbits / 8;
+ /*
+ * do the transformation
+ */
+ for (bn = 1; (n = READ(ibuf, nbytes)) == nbytes; bn++) {
+ MEMCPY(msgbuf, ivec, 8);
+ DES_XFORM(&msgbuf);
+ for (c = 0; c < 8 - nbytes; c++)
+ ivec[c] = ivec[c + nbytes];
+ for (c = 0; c < nbytes; c++) {
+ ivec[8 - nbytes + c] = msgbuf[c];
+ obuf[c] = ibuf[c] ^ msgbuf[c];
+ }
+ /*
+ * if the last one, handle it specially
+ */
+ if ((c = getchar()) == EOF) {
+ n = obuf[nbytes-1];
+ if (n < 0 || n > nbytes-1)
+ warnx("decryption failed (block corrupt) at %d",
+ bn);
+ }
+ else
+ (void)ungetc(c, stdin);
+ /*
+ * dump it
+ */
+ WRITE(obuf, n);
+ }
+ if (n > 0)
+ warnx("decryption failed (incomplete block) at %d", bn);
+}
+
+/*
+ * This authenticates using the Cipher FeedBack mode of DES
+ */
+static void
+cfbauth(void)
+{
+ int n, j; /* number of bytes actually read */
+ int nbytes; /* number of bytes to read */
+ char ibuf[8]; /* input buffer */
+ DES_cblock msgbuf; /* encryption buffer */
+
+ /*
+ * do things in bytes, not bits
+ */
+ nbytes = fbbits / 8;
+ /*
+ * do the transformation
+ */
+ while ((n = READ(ibuf, nbytes)) == nbytes) {
+ MEMCPY(msgbuf, ivec, 8);
+ DES_XFORM(&msgbuf);
+ for (n = 0; n < 8 - nbytes; n++)
+ ivec[n] = ivec[n + nbytes];
+ for (n = 0; n < nbytes; n++)
+ ivec[8 - nbytes + n] = ibuf[n] ^ msgbuf[n];
+ }
+ /*
+ * at EOF or last block -- in either case, the last byte contains
+ * the character representation of the number of bytes in it
+ */
+ MEMZERO(&ibuf[n], nbytes - n);
+ ibuf[nbytes - 1] = '0' + n;
+ MEMCPY(msgbuf, ivec, 8);
+ DES_XFORM(&msgbuf);
+ for (n = 0; n < nbytes; n++)
+ ibuf[n] ^= msgbuf[n];
+ /*
+ * drop the bits
+ * we write chars until fewer than 7 bits,
+ * and then pad the last one with 0 bits
+ */
+ for (n = 0; macbits > 7; n++, macbits -= 8)
+ (void)putchar(msgbuf[n]);
+ if (macbits > 0) {
+ msgbuf[0] = 0x00;
+ for (j = 0; j < macbits; j++)
+ msgbuf[0] |= msgbuf[n] & bits[j];
+ (void)putchar(msgbuf[0]);
+ }
+}
+
+/*
+ * message about usage
+ */
+static void
+usage(void)
+{
+ (void)fprintf(stderr, "%s\n",
+"usage: bdes [-abdp] [-F N] [-f N] [-k key] [-m N] [-o N] [-v vector]");
+ exit(1);
+}
diff --git a/secure/usr.bin/bdes/bdes.ps b/secure/usr.bin/bdes/bdes.ps
new file mode 100644
index 0000000..1366924
--- /dev/null
+++ b/secure/usr.bin/bdes/bdes.ps
@@ -0,0 +1,2946 @@
+%!
+%%BoundingBox: (atend)
+%%Pages: (atend)
+%%DocumentFonts: (atend)
+%%EndComments
+%
+% FrameMaker PostScript Prolog 2.0, for use with FrameMaker 2.0
+% Copyright (c) 1986,87,89 by Frame Technology, Inc. All rights reserved.
+%
+% Known Problems:
+% Due to bugs in Transcript, the 'PS-Adobe-' is omitted from line 1
+% $FreeBSD$
+/FMversion (2.0) def
+% Set up Color vs. Black-and-White
+ /FMPrintInColor systemdict /colorimage known def
+% Uncomment this line to force b&w on color printer
+% /FMPrintInColor false def
+/FrameDict 190 dict def
+systemdict /errordict known not {/errordict 10 dict def
+ errordict /rangecheck {stop} put} if
+% The readline in 23.0 doesn't recognize cr's as nl's on AppleTalk
+FrameDict /tmprangecheck errordict /rangecheck get put
+errordict /rangecheck {FrameDict /bug true put} put
+FrameDict /bug false put
+mark
+% Some PS machines read past the CR, so keep the following 3 lines together!
+currentfile 5 string readline
+00
+0000000000
+cleartomark
+errordict /rangecheck FrameDict /tmprangecheck get put
+FrameDict /bug get {
+ /readline {
+ /gstring exch def
+ /gfile exch def
+ /gindex 0 def
+ {
+ gfile read pop
+ dup 10 eq {exit} if
+ dup 13 eq {exit} if
+ gstring exch gindex exch put
+ /gindex gindex 1 add def
+ } loop
+ pop
+ gstring 0 gindex getinterval true
+ } def
+ } if
+/FMVERSION {
+ FMversion ne {
+ /Times-Roman findfont 18 scalefont setfont
+ 100 100 moveto
+ (FrameMaker version does not match postscript_prolog!)
+ dup =
+ show showpage
+ } if
+ } def
+/FMLOCAL {
+ FrameDict begin
+ 0 def
+ end
+ } def
+ /gstring FMLOCAL
+ /gfile FMLOCAL
+ /gindex FMLOCAL
+ /orgxfer FMLOCAL
+ /orgproc FMLOCAL
+ /organgle FMLOCAL
+ /orgfreq FMLOCAL
+ /yscale FMLOCAL
+ /xscale FMLOCAL
+ /manualfeed FMLOCAL
+ /paperheight FMLOCAL
+ /paperwidth FMLOCAL
+/FMDOCUMENT {
+ array /FMfonts exch def
+ /#copies exch def
+ FrameDict begin
+ 0 ne dup {setmanualfeed} if
+ /manualfeed exch def
+ /paperheight exch def
+ /paperwidth exch def
+ setpapername
+ manualfeed {true} {papersize} ifelse
+ {manualpapersize} {false} ifelse
+ {desperatepapersize} if
+ /yscale exch def
+ /xscale exch def
+ currenttransfer cvlit /orgxfer exch def
+ currentscreen cvlit /orgproc exch def
+ /organgle exch def /orgfreq exch def
+ end
+ } def
+ /pagesave FMLOCAL
+ /orgmatrix FMLOCAL
+ /landscape FMLOCAL
+/FMBEGINPAGE {
+ FrameDict begin
+ /pagesave save def
+ 3.86 setmiterlimit
+ /landscape exch 0 ne def
+ landscape {
+ 90 rotate 0 exch neg translate pop
+ }
+ {pop pop}
+ ifelse
+ xscale yscale scale
+ /orgmatrix matrix def
+ gsave
+ } def
+/FMENDPAGE {
+ grestore
+ pagesave restore
+ end
+ showpage
+ } def
+/FMDEFINEFONT {
+ FrameDict begin
+ findfont
+ ReEncode
+ 2 index exch
+ definefont exch
+ scalefont
+ FMfonts 3 1 roll
+ put
+ end
+ } bind def
+/FMNORMALIZEGRAPHICS {
+ newpath
+ 0.0 0.0 moveto
+ 1 setlinewidth
+ 0 setlinecap
+ 0 0 0 sethsbcolor
+ 0 setgray
+ } bind def
+ /fx FMLOCAL
+ /fy FMLOCAL
+ /fh FMLOCAL
+ /fw FMLOCAL
+ /llx FMLOCAL
+ /lly FMLOCAL
+ /urx FMLOCAL
+ /ury FMLOCAL
+/FMBEGINEPSF {
+ end
+ /FMEPSF save def
+ /showpage {} def
+ FMNORMALIZEGRAPHICS
+ [/fy /fx /fh /fw /ury /urx /lly /llx] {exch def} forall
+ fx fy translate
+ rotate
+ fw urx llx sub div fh ury lly sub div scale
+ llx neg lly neg translate
+ } bind def
+/FMENDEPSF {
+ FMEPSF restore
+ FrameDict begin
+ } bind def
+FrameDict begin
+/setmanualfeed {
+%%BeginFeature *ManualFeed True
+ statusdict /manualfeed true put
+%%EndFeature
+ } def
+/max {2 copy lt {exch} if pop} bind def
+/min {2 copy gt {exch} if pop} bind def
+/inch {72 mul} def
+/pagedimen {
+ paperheight sub abs 16 lt exch
+ paperwidth sub abs 16 lt and
+ {/papername exch def} {pop} ifelse
+ } def
+ /papersizedict FMLOCAL
+/setpapername {
+ /papersizedict 14 dict def
+ papersizedict begin
+ /papername /unknown def
+ /Letter 8.5 inch 11.0 inch pagedimen
+ /LetterSmall 7.68 inch 10.16 inch pagedimen
+ /Tabloid 11.0 inch 17.0 inch pagedimen
+ /Ledger 17.0 inch 11.0 inch pagedimen
+ /Legal 8.5 inch 14.0 inch pagedimen
+ /Statement 5.5 inch 8.5 inch pagedimen
+ /Executive 7.5 inch 10.0 inch pagedimen
+ /A3 11.69 inch 16.5 inch pagedimen
+ /A4 8.26 inch 11.69 inch pagedimen
+ /A4Small 7.47 inch 10.85 inch pagedimen
+ /B4 10.125 inch 14.33 inch pagedimen
+ /B5 7.16 inch 10.125 inch pagedimen
+ end
+ } def
+/papersize {
+ papersizedict begin
+ /Letter {lettertray} def
+ /LetterSmall {lettertray lettersmall} def
+ /Tabloid {11x17tray} def
+ /Ledger {ledgertray} def
+ /Legal {legaltray} def
+ /Statement {statementtray} def
+ /Executive {executivetray} def
+ /A3 {a3tray} def
+ /A4 {a4tray} def
+ /A4Small {a4tray a4small} def
+ /B4 {b4tray} def
+ /B5 {b5tray} def
+ /unknown {unknown} def
+ papersizedict dup papername known {papername} {/unknown} ifelse get
+ end
+ /FMdicttop countdictstack 1 add def
+ statusdict begin stopped end
+ countdictstack -1 FMdicttop {pop end} for
+ } def
+/manualpapersize {
+ papersizedict begin
+ /Letter {letter} def
+ /LetterSmall {lettersmall} def
+ /Tabloid {11x17} def
+ /Ledger {ledger} def
+ /Legal {legal} def
+ /Statement {statement} def
+ /Executive {executive} def
+ /A3 {a3} def
+ /A4 {a4} def
+ /A4Small {a4small} def
+ /B4 {b4} def
+ /B5 {b5} def
+ /unknown {unknown} def
+ papersizedict dup papername known {papername} {/unknown} ifelse get
+ end
+ stopped
+ } def
+/desperatepapersize {
+ statusdict /setpageparams known
+ {
+ paperwidth paperheight 0 1
+ statusdict begin
+ {setpageparams} stopped pop
+ end
+ } if
+ } def
+/savematrix {
+ orgmatrix currentmatrix pop
+ } bind def
+/restorematrix {
+ orgmatrix setmatrix
+ } bind def
+/dmatrix matrix def
+/dpi 72 0 dmatrix defaultmatrix dtransform
+ dup mul exch dup mul add sqrt def
+/freq dpi 18.75 div 8 div round dup 0 eq {pop 1} if 8 mul dpi exch div def
+/sangle 1 0 dmatrix defaultmatrix dtransform exch atan def
+/DiacriticEncoding [
+/.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef
+/.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef
+/.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef
+/.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef
+/.notdef /.notdef /.notdef /.notdef /space /exclam /quotedbl
+/numbersign /dollar /percent /ampersand /quotesingle /parenleft
+/parenright /asterisk /plus /comma /hyphen /period /slash /zero /one
+/two /three /four /five /six /seven /eight /nine /colon /semicolon
+/less /equal /greater /question /at /A /B /C /D /E /F /G /H /I /J /K
+/L /M /N /O /P /Q /R /S /T /U /V /W /X /Y /Z /bracketleft /backslash
+/bracketright /asciicircum /underscore /grave /a /b /c /d /e /f /g /h
+/i /j /k /l /m /n /o /p /q /r /s /t /u /v /w /x /y /z /braceleft /bar
+/braceright /asciitilde /.notdef /Adieresis /Aring /Ccedilla /Eacute
+/Ntilde /Odieresis /Udieresis /aacute /agrave /acircumflex /adieresis
+/atilde /aring /ccedilla /eacute /egrave /ecircumflex /edieresis
+/iacute /igrave /icircumflex /idieresis /ntilde /oacute /ograve
+/ocircumflex /odieresis /otilde /uacute /ugrave /ucircumflex
+/udieresis /dagger /.notdef /cent /sterling /section /bullet
+/paragraph /germandbls /registered /copyright /trademark /acute
+/dieresis /.notdef /AE /Oslash /.notdef /.notdef /.notdef /.notdef
+/yen /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef
+/ordfeminine /ordmasculine /.notdef /ae /oslash /questiondown
+/exclamdown /logicalnot /.notdef /florin /.notdef /.notdef
+/guillemotleft /guillemotright /ellipsis /.notdef /Agrave /Atilde
+/Otilde /OE /oe /endash /emdash /quotedblleft /quotedblright
+/quoteleft /quoteright /.notdef /.notdef /ydieresis /Ydieresis
+/fraction /currency /guilsinglleft /guilsinglright /fi /fl /daggerdbl
+/periodcentered /quotesinglbase /quotedblbase /perthousand
+/Acircumflex /Ecircumflex /Aacute /Edieresis /Egrave /Iacute
+/Icircumflex /Idieresis /Igrave /Oacute /Ocircumflex /.notdef /Ograve
+/Uacute /Ucircumflex /Ugrave /dotlessi /circumflex /tilde /macron
+/breve /dotaccent /ring /cedilla /hungarumlaut /ogonek /caron
+] def
+/ReEncode {
+ dup
+ length
+ dict begin
+ {
+ 1 index /FID ne
+ {def}
+ {pop pop} ifelse
+ } forall
+ Encoding StandardEncoding eq
+ {
+ /Encoding DiacriticEncoding def
+ }if
+ currentdict
+ end
+ } bind def
+/graymode true def
+ /bwidth FMLOCAL
+ /bpside FMLOCAL
+ /bstring FMLOCAL
+ /onbits FMLOCAL
+ /offbits FMLOCAL
+ /xindex FMLOCAL
+ /yindex FMLOCAL
+ /x FMLOCAL
+ /y FMLOCAL
+/setpattern {
+ /bwidth exch def
+ /bpside exch def
+ /bstring exch def
+ /onbits 0 def /offbits 0 def
+ freq sangle landscape {90 add} if
+ {/y exch def
+ /x exch def
+ /xindex x 1 add 2 div bpside mul cvi def
+ /yindex y 1 add 2 div bpside mul cvi def
+ bstring yindex bwidth mul xindex 8 idiv add get
+ 1 7 xindex 8 mod sub bitshift and 0 ne
+ {/onbits onbits 1 add def 1}
+ {/offbits offbits 1 add def 0}
+ ifelse
+ }
+ setscreen
+ {} settransfer
+ offbits offbits onbits add div FMsetgray
+ /graymode false def
+ } bind def
+/grayness {
+ FMsetgray
+ graymode not {
+ /graymode true def
+ orgxfer cvx settransfer
+ orgfreq organgle orgproc cvx setscreen
+ } if
+ } bind def
+ /HUE FMLOCAL
+ /SAT FMLOCAL
+ /BRIGHT FMLOCAL
+ /Colors FMLOCAL
+FMPrintInColor
+
+ {
+ /HUE 0 def
+ /SAT 0 def
+ /BRIGHT 0 def
+ % array of arrays Hue and Sat values for the separations [HUE BRIGHT]
+ /Colors
+ [[0 0 ] % black
+ [0 0 ] % white
+ [0.00 1.0] % red
+ [0.37 1.0] % green
+ [0.60 1.0] % blue
+ [0.50 1.0] % cyan
+ [0.83 1.0] % magenta
+ [0.16 1.0] % comment / yellow
+ ] def
+
+ /BEGINBITMAPCOLOR {
+ BITMAPCOLOR} def
+ /BEGINBITMAPCOLORc {
+ BITMAPCOLORc} def
+ /K {
+ Colors exch get dup
+ 0 get /HUE exch store
+ 1 get /BRIGHT exch store
+ HUE 0 eq BRIGHT 0 eq and
+ {1.0 SAT sub setgray}
+ {HUE SAT BRIGHT sethsbcolor}
+ ifelse
+ } def
+ /FMsetgray {
+ /SAT exch 1.0 exch sub store
+ HUE 0 eq BRIGHT 0 eq and
+ {1.0 SAT sub setgray}
+ {HUE SAT BRIGHT sethsbcolor}
+ ifelse
+ } bind def
+ }
+
+ {
+ /BEGINBITMAPCOLOR {
+ BITMAPGRAY} def
+ /BEGINBITMAPCOLORc {
+ BITMAPGRAYc} def
+ /FMsetgray {setgray} bind def
+ /K {
+ pop
+ } def
+ }
+ifelse
+/normalize {
+ transform round exch round exch itransform
+ } bind def
+/dnormalize {
+ dtransform round exch round exch idtransform
+ } bind def
+/lnormalize {
+ 0 dtransform exch cvi 2 idiv 2 mul 1 add exch idtransform pop
+ } bind def
+/H {
+ lnormalize setlinewidth
+ } bind def
+/Z {
+ setlinecap
+ } bind def
+/X {
+ fillprocs exch get exec
+ } bind def
+/V {
+ gsave eofill grestore
+ } bind def
+/N {
+ stroke
+ } bind def
+/M {newpath moveto} bind def
+/E {lineto} bind def
+/D {curveto} bind def
+/O {closepath} bind def
+ /n FMLOCAL
+/L {
+ /n exch def
+ newpath
+ normalize
+ moveto
+ 2 1 n {pop normalize lineto} for
+ } bind def
+/Y {
+ L
+ closepath
+ } bind def
+ /x1 FMLOCAL
+ /x2 FMLOCAL
+ /y1 FMLOCAL
+ /y2 FMLOCAL
+ /rad FMLOCAL
+/R {
+ /y2 exch def
+ /x2 exch def
+ /y1 exch def
+ /x1 exch def
+ x1 y1
+ x2 y1
+ x2 y2
+ x1 y2
+ 4 Y
+ } bind def
+/RR {
+ /rad exch def
+ normalize
+ /y2 exch def
+ /x2 exch def
+ normalize
+ /y1 exch def
+ /x1 exch def
+ newpath
+ x1 y1 rad add moveto
+ x1 y2 x2 y2 rad arcto
+ x2 y2 x2 y1 rad arcto
+ x2 y1 x1 y1 rad arcto
+ x1 y1 x1 y2 rad arcto
+ closepath
+ 16 {pop} repeat
+ } bind def
+/C {
+ grestore
+ gsave
+ R
+ clip
+ } bind def
+/U {
+ grestore
+ gsave
+ } bind def
+/F {
+ FMfonts exch get
+ setfont
+ } bind def
+/T {
+ moveto show
+ } bind def
+/RF {
+ rotate
+ 0 ne {-1 1 scale} if
+ } bind def
+/TF {
+ gsave
+ moveto
+ RF
+ show
+ grestore
+ } bind def
+/P {
+ moveto
+ 0 32 3 2 roll widthshow
+ } bind def
+/PF {
+ gsave
+ moveto
+ RF
+ 0 32 3 2 roll widthshow
+ grestore
+ } bind def
+/S {
+ moveto
+ 0 exch ashow
+ } bind def
+/SF {
+ gsave
+ moveto
+ RF
+ 0 exch ashow
+ grestore
+ } bind def
+/B {
+ moveto
+ 0 32 4 2 roll 0 exch awidthshow
+ } bind def
+/BF {
+ gsave
+ moveto
+ RF
+ 0 32 4 2 roll 0 exch awidthshow
+ grestore
+ } bind def
+ /x FMLOCAL
+ /y FMLOCAL
+ /dx FMLOCAL
+ /dy FMLOCAL
+ /dl FMLOCAL
+ /t FMLOCAL
+ /t2 FMLOCAL
+ /Cos FMLOCAL
+ /Sin FMLOCAL
+ /r FMLOCAL
+/W {
+ dnormalize
+ /dy exch def
+ /dx exch def
+ normalize
+ /y exch def
+ /x exch def
+ /dl dx dx mul dy dy mul add sqrt def
+ dl 0.0 gt {
+ /t currentlinewidth def
+ savematrix
+ /Cos dx dl div def
+ /Sin dy dl div def
+ /r [Cos Sin Sin neg Cos 0.0 0.0] def
+ /t2 t 2.5 mul 3.5 max def
+ newpath
+ x y translate
+ r concat
+ 0.0 0.0 moveto
+ dl t 2.7 mul sub 0.0 rlineto
+ stroke
+ restorematrix
+ x dx add y dy add translate
+ r concat
+ t 0.67 mul setlinewidth
+ t 1.61 mul neg 0.0 translate
+ 0.0 0.0 moveto
+ t2 1.7 mul neg t2 2.0 div moveto
+ 0.0 0.0 lineto
+ t2 1.7 mul neg t2 2.0 div neg lineto
+ stroke
+ t setlinewidth
+ restorematrix
+ } if
+ } bind def
+/G {
+ gsave
+ newpath
+ normalize translate 0.0 0.0 moveto
+ dnormalize scale
+ 0.0 0.0 1.0 5 3 roll arc
+ closepath fill
+ grestore
+ } bind def
+/A {
+ gsave
+ savematrix
+ newpath
+ 2 index 2 div add exch 3 index 2 div sub exch
+ normalize 2 index 2 div sub exch 3 index 2 div add exch
+ translate
+ scale
+ 0.0 0.0 1.0 5 3 roll arc
+ restorematrix
+ stroke
+ grestore
+ } bind def
+ /x FMLOCAL
+ /y FMLOCAL
+ /w FMLOCAL
+ /h FMLOCAL
+ /xx FMLOCAL
+ /yy FMLOCAL
+ /ww FMLOCAL
+ /hh FMLOCAL
+ /FMsaveobject FMLOCAL
+ /FMoptop FMLOCAL
+ /FMdicttop FMLOCAL
+/BEGINPRINTCODE {
+ /FMdicttop countdictstack 1 add def
+ /FMoptop count 4 sub def
+ /FMsaveobject save def
+ userdict begin
+ /showpage {} def
+ FMNORMALIZEGRAPHICS
+ 3 index neg 3 index neg translate
+ } bind def
+/ENDPRINTCODE {
+ count -1 FMoptop {pop pop} for
+ countdictstack -1 FMdicttop {pop end} for
+ FMsaveobject restore
+ } bind def
+/gn {
+ 0
+ { 46 mul
+ cf read pop
+ 32 sub
+ dup 46 lt {exit} if
+ 46 sub add
+ } loop
+ add
+ } bind def
+ /str FMLOCAL
+/cfs {
+ /str sl string def
+ 0 1 sl 1 sub {str exch val put} for
+ str def
+ } bind def
+/ic [
+ 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0223
+ 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0223
+ 0
+ {0 hx} {1 hx} {2 hx} {3 hx} {4 hx} {5 hx} {6 hx} {7 hx} {8 hx} {9 hx}
+ {10 hx} {11 hx} {12 hx} {13 hx} {14 hx} {15 hx} {16 hx} {17 hx} {18 hx}
+ {19 hx} {gn hx} {0} {1} {2} {3} {4} {5} {6} {7} {8} {9} {10} {11} {12}
+ {13} {14} {15} {16} {17} {18} {19} {gn} {0 wh} {1 wh} {2 wh} {3 wh}
+ {4 wh} {5 wh} {6 wh} {7 wh} {8 wh} {9 wh} {10 wh} {11 wh} {12 wh}
+ {13 wh} {14 wh} {gn wh} {0 bl} {1 bl} {2 bl} {3 bl} {4 bl} {5 bl} {6 bl}
+ {7 bl} {8 bl} {9 bl} {10 bl} {11 bl} {12 bl} {13 bl} {14 bl} {gn bl}
+ {0 fl} {1 fl} {2 fl} {3 fl} {4 fl} {5 fl} {6 fl} {7 fl} {8 fl} {9 fl}
+ {10 fl} {11 fl} {12 fl} {13 fl} {14 fl} {gn fl}
+ ] def
+ /sl FMLOCAL
+ /val FMLOCAL
+ /ws FMLOCAL
+ /im FMLOCAL
+ /bs FMLOCAL
+ /cs FMLOCAL
+ /len FMLOCAL
+ /pos FMLOCAL
+/ms {
+ /sl exch def
+ /val 255 def
+ /ws cfs
+ /im cfs
+ /val 0 def
+ /bs cfs
+ /cs cfs
+ } bind def
+400 ms
+/ip {
+ is
+ 0
+ cf cs readline pop
+ { ic exch get exec
+ add
+ } forall
+ pop
+
+ } bind def
+/wh {
+ /len exch def
+ /pos exch def
+ ws 0 len getinterval im pos len getinterval copy pop
+ pos len
+ } bind def
+/bl {
+ /len exch def
+ /pos exch def
+ bs 0 len getinterval im pos len getinterval copy pop
+ pos len
+ } bind def
+/s1 1 string def
+/fl {
+ /len exch def
+ /pos exch def
+ /val cf s1 readhexstring pop 0 get def
+ pos 1 pos len add 1 sub {im exch val put} for
+ pos len
+ } bind def
+/hx {
+ 3 copy getinterval
+ cf exch readhexstring pop pop
+ } bind def
+ /h FMLOCAL
+ /w FMLOCAL
+ /d FMLOCAL
+ /lb FMLOCAL
+ /bitmapsave FMLOCAL
+ /is FMLOCAL
+ /cf FMLOCAL
+/wbytes {
+ dup
+ 8 eq {pop} {1 eq {7 add 8 idiv} {3 add 4 idiv} ifelse} ifelse
+ } bind def
+/BEGINBITMAPBWc {
+ 1 {} COMMONBITMAPc
+ } bind def
+/BEGINBITMAPGRAYc {
+ 8 {} COMMONBITMAPc
+ } bind def
+/BEGINBITMAP2BITc {
+ 2 {} COMMONBITMAPc
+ } bind def
+/COMMONBITMAPc {
+ /r exch def
+ /d exch def
+ gsave
+ translate rotate scale /h exch def /w exch def
+ /lb w d wbytes def
+ sl lb lt {lb ms} if
+ /bitmapsave save def
+ r
+ /is im 0 lb getinterval def
+ ws 0 lb getinterval is copy pop
+ /cf currentfile def
+ w h d [w 0 0 h neg 0 h]
+ {ip} image
+ bitmapsave restore
+ grestore
+ } bind def
+/BEGINBITMAPBW {
+ 1 {} COMMONBITMAP
+ } bind def
+/BEGINBITMAPGRAY {
+ 8 {} COMMONBITMAP
+ } bind def
+/BEGINBITMAP2BIT {
+ 2 {} COMMONBITMAP
+ } bind def
+/COMMONBITMAP {
+ /r exch def
+ /d exch def
+ gsave
+ translate rotate scale /h exch def /w exch def
+ /bitmapsave save def
+ r
+ /is w d wbytes string def
+ /cf currentfile def
+ w h d [w 0 0 h neg 0 h]
+ {cf is readhexstring pop} image
+ bitmapsave restore
+ grestore
+ } bind def
+ /proc1 FMLOCAL
+ /proc2 FMLOCAL
+ /newproc FMLOCAL
+/Fmcc {
+ /proc2 exch cvlit def
+ /proc1 exch cvlit def
+ /newproc proc1 length proc2 length add array def
+ newproc 0 proc1 putinterval
+ newproc proc1 length proc2 putinterval
+ newproc cvx
+} bind def
+/ngrayt 256 array def
+/nredt 256 array def
+/nbluet 256 array def
+/ngreent 256 array def
+ /gryt FMLOCAL
+ /blut FMLOCAL
+ /grnt FMLOCAL
+ /redt FMLOCAL
+ /indx FMLOCAL
+ /cynu FMLOCAL
+ /magu FMLOCAL
+ /yelu FMLOCAL
+ /k FMLOCAL
+ /u FMLOCAL
+/colorsetup {
+ currentcolortransfer
+ /gryt exch def
+ /blut exch def
+ /grnt exch def
+ /redt exch def
+ 0 1 255 {
+ /indx exch def
+ /cynu 1 red indx get 255 div sub def
+ /magu 1 green indx get 255 div sub def
+ /yelu 1 blue indx get 255 div sub def
+ /k cynu magu min yelu min def
+ /u k currentundercolorremoval exec def
+ nredt indx 1 0 cynu u sub max sub redt exec put
+ ngreent indx 1 0 magu u sub max sub grnt exec put
+ nbluet indx 1 0 yelu u sub max sub blut exec put
+ ngrayt indx 1 k currentblackgeneration exec sub gryt exec put
+ } for
+ {255 mul cvi nredt exch get}
+ {255 mul cvi ngreent exch get}
+ {255 mul cvi nbluet exch get}
+ {255 mul cvi ngrayt exch get}
+ setcolortransfer
+ {pop 0} setundercolorremoval
+ {} setblackgeneration
+ } bind def
+ /tran FMLOCAL
+/fakecolorsetup {
+ /tran 256 string def
+ 0 1 255 {/indx exch def
+ tran indx
+ red indx get 77 mul
+ green indx get 151 mul
+ blue indx get 28 mul
+ add add 256 idiv put} for
+ currenttransfer
+ {255 mul cvi tran exch get 255.0 div}
+ exch Fmcc settransfer
+} bind def
+/BITMAPCOLOR {
+ /d 8 def
+ gsave
+ translate rotate scale /h exch def /w exch def
+ /bitmapsave save def
+ colorsetup
+ /is w d wbytes string def
+ /cf currentfile def
+ w h d [w 0 0 h neg 0 h]
+ {cf is readhexstring pop} {is} {is} true 3 colorimage
+ bitmapsave restore
+ grestore
+ } bind def
+/BITMAPCOLORc {
+ /d 8 def
+ gsave
+ translate rotate scale /h exch def /w exch def
+ /lb w d wbytes def
+ sl lb lt {lb ms} if
+ /bitmapsave save def
+ colorsetup
+ /is im 0 lb getinterval def
+ ws 0 lb getinterval is copy pop
+ /cf currentfile def
+ w h d [w 0 0 h neg 0 h]
+ {ip} {is} {is} true 3 colorimage
+ bitmapsave restore
+ grestore
+ } bind def
+/BITMAPGRAY {
+ 8 {fakecolorsetup} COMMONBITMAP
+ } bind def
+/BITMAPGRAYc {
+ 8 {fakecolorsetup} COMMONBITMAPc
+ } bind def
+/ENDBITMAP {
+ } bind def
+end
+%%EndProlog
+%%BeginSetup
+(2.0) FMVERSION
+1 1 612 792 0 1 16 FMDOCUMENT
+/fillprocs 32 array def
+fillprocs 0 { 0.000000 grayness } put
+fillprocs 1 { 0.100000 grayness } put
+fillprocs 2 { 0.300000 grayness } put
+fillprocs 3 { 0.500000 grayness } put
+fillprocs 4 { 0.700000 grayness } put
+fillprocs 5 { 0.900000 grayness } put
+fillprocs 6 { 0.970000 grayness } put
+fillprocs 7 { 1.000000 grayness } put
+fillprocs 8 {<0f87c3e1f0783c1e> 8 1 setpattern } put
+fillprocs 9 {<0f1e3c78f0e1c387> 8 1 setpattern } put
+fillprocs 10 {<cccccccccccccccc> 8 1 setpattern } put
+fillprocs 11 {<ffff0000ffff0000> 8 1 setpattern } put
+fillprocs 12 {<8142241818244281> 8 1 setpattern } put
+fillprocs 13 {<8040201008040201> 8 1 setpattern } put
+fillprocs 14 {<03060c183060c081> 8 1 setpattern } put
+fillprocs 15 {} put
+fillprocs 16 { 1.000000 grayness } put
+fillprocs 17 { 0.900000 grayness } put
+fillprocs 18 { 0.700000 grayness } put
+fillprocs 19 { 0.500000 grayness } put
+fillprocs 20 { 0.300000 grayness } put
+fillprocs 21 { 0.100000 grayness } put
+fillprocs 22 { 0.030000 grayness } put
+fillprocs 23 { 0.000000 grayness } put
+fillprocs 24 {<f0783c1e0f87c3e1> 8 1 setpattern } put
+fillprocs 25 {<f0e1c3870f1e3c78> 8 1 setpattern } put
+fillprocs 26 {<3333333333333333> 8 1 setpattern } put
+fillprocs 27 {<0000ffff0000ffff> 8 1 setpattern } put
+fillprocs 28 {<7ebddbe7e7dbbd7e> 8 1 setpattern } put
+fillprocs 29 {<7fbfdfeff7fbfdfe> 8 1 setpattern } put
+fillprocs 30 {<fcf9f3e7cf9f3f7e> 8 1 setpattern } put
+fillprocs 31 {} put
+%%EndSetup
+0 12 /Helvetica-Bold FMDEFINEFONT
+1 12 /Helvetica-BoldOblique FMDEFINEFONT
+%%Page: "-1" 1
+%%BeginPaperSize: Letter
+%%EndPaperSize
+612 792 0 FMBEGINPAGE
+144 144 468 396 R
+7 X
+0 K
+V
+0 F
+0 X
+1.2 (IMPLEMENT) 178.34 388 S
+1.2 (A) 258.88 388 S
+1.2 (TION NOTES ON ) 267.85 388 S
+1 F
+1.2 (bdes) 382.61 388 S
+0 F
+1.2 (\0501\051) 415.4 388 S
+1.2 (Matt Bishop) 265.09 338 S
+1.2 (T) 197.74 288 S
+1.2 (echnical Report PCS-TR91-158) 205.38 288 S
+FMENDPAGE
+%%EndPage: "-1" 2
+%%Page: "0" 2
+612 792 0 FMBEGINPAGE
+72 72 540 720 R
+7 X
+0 K
+V
+FMENDPAGE
+%%EndPage: "0" 3
+0 12 /Times-Roman FMDEFINEFONT
+1 18 /Times-Bold FMDEFINEFONT
+2 18 /Times-BoldItalic FMDEFINEFONT
+3 12 /Times-Italic FMDEFINEFONT
+4 12 /Times-Bold FMDEFINEFONT
+5 10 /Times-Roman FMDEFINEFONT
+6 12 /Courier FMDEFINEFONT
+7 12 /Courier-Oblique FMDEFINEFONT
+8 12 /ZapfDingbats FMDEFINEFONT
+9 12 /Symbol FMDEFINEFONT
+10 12 /Courier-Bold FMDEFINEFONT
+%%Page: "1" 3
+612 792 0 FMBEGINPAGE
+72 745.99 540 756 R
+7 X
+0 K
+V
+72 32.69 540 42.7 R
+V
+0 F
+0 X
+(Page 1 of 11) 479.71 34.7 T
+72 72 540 720 R
+7 X
+V
+1 F
+0 X
+(Implementation Notes on ) 179.84 708 T
+2 F
+(bdes) 378.21 708 T
+1 F
+(\0501\051) 411.19 708 T
+0 F
+( ) 432.17 708 T
+3 F
+(Matt Bishop) 276.51 676 T
+0 F
+(Department of Mathematics and Computer Science) 182.92 656 T
+(Dartmouth College) 259.86 642 T
+(Hanover) 257.45 628 T
+(, NH 03755) 298.26 628 T
+3 F
+(ABSTRACT) 277.68 602 T
+0 F
+0.27 (This note describes the implementation of ) 108 582 P
+3 F
+0.27 (bdes) 314.13 582 P
+0 F
+0.27 (, the \336le encryption program being) 336.12 582 P
+0.36 (distributed in the 4.4 release of the Berkeley Software Distribution. It implements) 108 568 P
+(all modes of the Data Encryption Standard program.) 108 554 T
+4 F
+(1. Intr) 72 528 T
+(oduction) 104.43 528 T
+0 F
+-0.09 (The Data Encryption Standard is a standard endorsed by the federal government. It is con-) 108 504 P
+-0.56 (siderably stronger than the algorithm used by the ) 72 484 P
+5 F
+-0.47 (UNIX) 305.36 484 P
+0 F
+-0.56 (\252 ) 330.34 484 P
+3 F
+-0.56 (crypt) 344.53 484 P
+0 F
+-0.56 (\0501\051 program, and therefore is a more) 369.18 484 P
+0.11 (suitable candidate for protecting information, especially information contained in ) 72 464 P
+5 F
+0.09 (ASCII) 466.05 464 P
+0 F
+0.11 ( \336les. The) 492.14 464 P
+-0.65 (program ) 72 444 P
+3 F
+-0.65 (bdes) 114.99 444 P
+0 F
+-0.65 (\0501\051 implements the DES and all of its modes, including the two authentication modes.) 136.97 444 P
+-0.59 (Because others may wish to write software compatible with this program, this note presents) 108 420 P
+-0.04 (the layout of the encrypted \336les produced by ) 72 400 P
+3 F
+-0.04 (bdes) 288.86 400 P
+0 F
+-0.04 ( as well as internal details relevant to the imple-) 310.85 400 P
+-0.15 (mentation. Whereever possible and appropriate, the description of the ) 72 380 P
+3 F
+-0.15 (des) 408.04 380 P
+0 F
+-0.15 (\0501\051 program given in [4]) 424.03 380 P
+-0.2 (has been followed; thus, ) 72 360 P
+3 F
+-0.2 (bdes) 190.77 360 P
+0 F
+-0.2 ( is completely compatible with that program. However) 212.75 360 P
+-0.2 (, ) 473.33 360 P
+3 F
+-0.2 (bdes) 479.12 360 P
+0 F
+-0.2 ( also of-) 501.11 360 P
+(fers several extensions to ) 72 340 T
+3 F
+(des) 195.9 340 T
+0 F
+( that are not compatible, and these will be explicitly pointed out.) 211.89 340 T
+-0.14 (In this note, strings typed as shown will be in ) 108 316 P
+6 F
+-0.34 (Courier Roman font) 326.78 316 P
+0 F
+-0.14 (, and strings to be) 455.62 316 P
+-0.42 (chosen by the user will be in ) 72 296 P
+7 F
+-1 (Courier Oblique font) 209.32 296 P
+0 F
+-0.42 (. The space character \050) 351.24 296 P
+5 F
+-0.35 (ASCII) 457.79 296 P
+0 F
+-0.42 ( <) 483.88 296 P
+5 F
+-0.35 (SP) 493.23 296 P
+0 F
+-0.42 (>, octal) 504.34 296 P
+-0.43 (40, decimal 32, hex 20\051 will be represented as \322) 72 276 P
+8 F
+-0.47 (z) 296.98 276 P
+0 F
+-0.43 (\323 and the newline character \050) 301.96 276 P
+5 F
+-0.35 (ASCII) 438.03 276 P
+0 F
+-0.43 ( <) 464.13 276 P
+5 F
+-0.35 (NL) 473.46 276 P
+0 F
+-0.43 (>, octal 12,) 486.79 276 P
+-0.05 (decimal 10, hex a\051 as \322) 72 256 P
+9 F
+-0.05 (\277) 181.65 256 P
+0 F
+-0.05 (\323. Because it is often more convenient to represent arbitrary characters as) 189.54 256 P
+1.13 (a sequence of hexadecimal digits, that representation will often be used; these digits will be in) 72 236 P
+10 F
+(Courier Bold font) 72 216 T
+0 F
+( with spaces often inserted for readability) 194.33 216 T
+(.) 392.07 216 T
+4 F
+(2. Overview and Use) 72 184 T
+3 F
+-0.39 (Bdes) 108 160 P
+0 F
+-0.39 ( implements the Data Encryption Standard algorithm in software, and enables the user) 131.32 160 P
+-0.61 (to encrypt data using any of the four modes of operation of the DES \050Electronic Code Book, Cipher) 72 140 P
+72 72 540 720 C
+72 72 540 117 C
+72 72 549 108 R
+7 X
+0 K
+V
+5 F
+0 X
+(This work is based on work funded by grant NAG2-680 from the National
+Aeronautics and Space Administration to ) 72 101.33 T
+(Dartmouth College.) 72 89.33 T
+(UNIX is a Registered T) 72 77.33 T
+(rademark of A) 166.58 77.33 T
+(T&T Bell Laboratories.) 223.75 77.33 T
+72 72 540 720 C
+0 0 612 792 C
+72 126 225 126 2 L
+7 X
+0 K
+V
+0.5 H
+2 Z
+0 X
+N
+FMENDPAGE
+%%EndPage: "1" 4
+%%Page: "2" 4
+612 792 0 FMBEGINPAGE
+72 745.99 540 756 R
+7 X
+0 K
+V
+72 32.69 540 42.7 R
+V
+0 F
+0 X
+(Page 2 of 11) 479.71 34.7 T
+72 72 540 720 R
+7 X
+V
+0 X
+0.31 (Block Chaining, ) 72 712 P
+3 F
+0.31 (k) 154.25 712 P
+0 F
+0.31 (-bit Cipher Feed Back, and ) 159.58 712 P
+3 F
+0.31 (k) 293.71 712 P
+0 F
+0.31 (-bit Output Feed Back\051 as well as the Alternate ) 299.04 712 P
+3 F
+0.31 (k) 530.68 712 P
+0 F
+0.31 (-) 536.01 712 P
+-0.04 (bit Cipher Feed Back mode. Further) 72 692 P
+-0.04 (, ) 244.52 692 P
+3 F
+-0.04 (bdes) 250.48 692 P
+0 F
+-0.04 ( supports message authentication code generation based) 272.46 692 P
+(on both the Cipher Block Chaining mode and the ) 72 672 T
+3 F
+(k) 310.86 672 T
+0 F
+(-bit Cipher Feed Back mode.) 316.19 672 T
+0.07 (By default, ) 108 648 P
+3 F
+0.07 (bdes) 164.43 648 P
+0 F
+0.07 ( encrypts an input \336le using Cipher Block Chaining mode, and is invoked) 186.41 648 P
+-0.4 (as a \336lter) 72 628 P
+-0.4 (. The key may be speci\336ed either on the command line or may be typed to the prompt. So,) 114.51 628 P
+(if the input \336le ) 72 608 T
+7 F
+(inputf) 145.96 608 T
+(ile) 189.14 608 T
+0 F
+( contains the message) 210.73 608 T
+6 F
+(a) 253.9 584 T
+8 F
+(z) 261.1 584 T
+6 F
+(test) 266.07 584 T
+8 F
+(z) 294.86 584 T
+6 F
+(message) 299.83 584 T
+9 F
+(\277) 350.21 584 T
+0 F
+(then the following command encrypts it using the key ) 72 560 T
+6 F
+(abcdefgh) 333.5 560 T
+0 F
+(:) 391.07 560 T
+6 F
+(bdes -k abcdefgh < ) 158.48 536 T
+7 F
+(inputf) 295.21 536 T
+(ile) 338.38 536 T
+6 F
+( > ) 359.97 536 T
+7 F
+(outputf) 381.56 536 T
+(ile) 431.93 536 T
+0 F
+(The option ) 72 512 T
+4 F
+(-k) 127.3 512 T
+0 F
+( indicates the next ar) 137.96 512 T
+(gument is the key) 237.01 512 T
+(. Now ) 321.17 512 T
+7 F
+(outputf) 353.48 512 T
+(ile) 403.86 512 T
+0 F
+( contains) 425.45 512 T
+10 F
+(16 0e eb af 68 a0 d0 19 f1 a2 9b 31 0d 8a 01 c3) 136.89 488 T
+0 F
+0.06 (Other modes are speci\336ed using command-line options, as is control of the way the key is) 108 464 P
+(interpreted. The next sections contain several examples, and the Appendix has the manual page.) 72 444 T
+4 F
+(3. Keys and Parity) 72 412 T
+0 F
+0.58 (The key consists of 64 bits, and may be presented in any of hex, binary) 108 388 P
+0.58 (, or as a string of) 456.48 388 P
+5 F
+0.12 (ASCII) 72 368 P
+0 F
+0.14 ( characters. If the key is given in hex or binary) 98.1 368 P
+0.14 (, it is used as is with no changes. However) 322.21 368 P
+0.14 (, if) 526.53 368 P
+-0.27 (the key is given in ) 72 348 P
+5 F
+-0.23 (ASCII) 161.59 348 P
+0 F
+-0.27 (, a delicate problem arises: by convention, the parity bit is usually set to 0.) 187.69 348 P
+-0.47 (This high-order bit is generally ignored by applications; but the DES
+does not do so. Instead, it dis-) 72 328 P
+-0.14 (cards the low-order bit, ef) 72 308 P
+-0.14 (fectively reducing the size of the space of possible keys from 2) 195.44 308 P
+5 F
+-0.12 (56) 495.97 312.8 P
+0 F
+-0.14 ( to 2) 505.97 308 P
+5 F
+-0.12 (48) 527.01 312.8 P
+0 F
+-0.14 (.) 537 308 P
+-0.46 ( T) 108 284 P
+-0.46 (o preserve the size of the key space, the value of the parity bit must be related to the value) 117.03 284 P
+-0.09 (in the low-order bit, so the program sets the high-order bit to make each character in the key be of) 72 264 P
+-0.7 (odd parity) 72 244 P
+-0.7 (. \050Note that the initial value of the parity bit is ) 119.49 244 P
+3 F
+-0.7 (not) 334.99 244 P
+0 F
+-0.7 ( used in this computation.\051 For example,) 350.31 244 P
+(if the key is ) 72 224 T
+6 F
+(abcdefgh) 131.29 224 T
+0 F
+(, the actual key bits used are determined as follows:) 188.86 224 T
+5 F
+(ASCII) 99 200 T
+0 F
+( key) 125.1 200 T
+6 F
+(a) 243 200 T
+(b) 279 200 T
+(c) 315 200 T
+(d) 351 200 T
+(e) 387 200 T
+(f) 423 200 T
+(g) 459 200 T
+(h) 495 200 T
+5 F
+(ASCII) 99 180 T
+0 F
+( key bits \050hex\051) 125.1 180 T
+10 F
+(61) 243 180 T
+(62) 279 180 T
+(63) 315 180 T
+(64) 351 180 T
+(65) 387 180 T
+(66) 423 180 T
+(67) 459 180 T
+(68) 495 180 T
+0 F
+(parity) 99 160 T
+(odd) 243 160 T
+(odd) 279 160 T
+(even) 315 160 T
+(odd) 351 160 T
+(even) 387 160 T
+(even) 423 160 T
+(odd) 459 160 T
+(odd) 495 160 T
+(key bits used \050hex\051) 99 140 T
+10 F
+(61) 243 140 T
+(62) 279 140 T
+(e3) 315 140 T
+(64) 351 140 T
+(e5) 387 140 T
+(e6) 423 140 T
+(67) 459 140 T
+(68) 495 140 T
+0 F
+0.18 (This convention \050as opposed to requiring even parity) 108 120 P
+0.18 (, or simply copying the low-order bit) 362 120 P
+-0.41 (to the high-order bit\051 was chosen to provide compatibility with the encryption program ) 72 100 P
+3 F
+-0.41 (des) 486.77 100 P
+0 F
+-0.41 ( distrib-) 502.76 100 P
+-0.52 (uted by Sun Microsystems, Inc. [4]. Whether the key is entered on the command line or on the key-) 72 80 P
+FMENDPAGE
+%%EndPage: "2" 5
+%%Page: "3" 5
+612 792 0 FMBEGINPAGE
+72 745.99 540 756 R
+7 X
+0 K
+V
+72 32.69 540 42.7 R
+V
+0 F
+0 X
+(Page 3 of 11) 479.71 34.7 T
+72 72 540 720 R
+7 X
+V
+0 X
+1.89 (board, by default it is processed into the same key schedule generated by Sun\325) 72 712 P
+1.89 (s ) 471.02 712 P
+3 F
+1.89 (des) 480.58 712 P
+0 F
+1.89 (, so \336les) 496.56 712 P
+(encrypted on a Sun can be decrypted using ) 72 692 T
+3 F
+(bdes) 280.51 692 T
+0 F
+( \050and vice versa\051.) 302.49 692 T
+-0.3 (If the user does not wish to use the Sun convention, the option \320) 108 668 P
+4 F
+-0.3 (p) 411.9 668 P
+0 F
+-0.3 ( will disable the parity bit) 418.57 668 P
+-0.62 (changing; with it, the parity bit is that of the character typed. This
+is useful when the key is a known) 72 648 P
+5 F
+(ASCII) 72 628 T
+0 F
+( string and the \336le was encrypted on a system which does not alter parity bits.) 98.1 628 T
+-0.24 (A key may be represented as a bit vector) 108 604 P
+-0.24 (, rather than an ) 300.74 604 P
+5 F
+-0.2 (ASCII) 374.7 604 P
+0 F
+-0.24 ( string, in one of two ways. It) 400.8 604 P
+0.19 (may be represented as a string of up to 16 hexadecimal digits; if fewer than 16 are given, the key) 72 584 P
+0.16 (is right \336lled with 0 bits. Or) 72 564 P
+0.16 (, it may be represented as a string of up to 64 binary digits, and again) 206.11 564 P
+0.15 (if fewer than 64 are given, the key is right-\336lled with 0 bits. Bit
+vector keys must be given on the) 72 544 P
+0.51 (command line, and must begin with the characters ) 72 524 P
+6 F
+1.24 (0x) 320.28 524 P
+0 F
+0.51 ( or ) 334.67 524 P
+6 F
+1.24 (0X) 351.69 524 P
+0 F
+0.51 ( \050for hexadecimal\051 or ) 366.08 524 P
+6 F
+1.24 (0b) 472.71 524 P
+0 F
+0.51 ( or ) 487.1 524 P
+6 F
+1.24 (0B) 504.12 524 P
+0 F
+0.51 ( \050for) 518.51 524 P
+(binary\051. For example, all of the following strings generate the same key schedule:) 72 504 T
+5 F
+(ASCII) 72 480 T
+0 F
+( key) 98.1 480 T
+6 F
+(abcdefgh) 180 480 T
+0 F
+(hexadecimal key) 72 460 T
+6 F
+(0x6162e364e5e66768) 180 460 T
+0 F
+(binary key) 72 440 T
+6 F
+(0b0110000101100010111000110110100011100101111000-) 180 440 T
+(1100110011101101000) 180 420 T
+0 F
+-0.14 ( Note that giving the key on the command line as ) 108 396 P
+6 F
+-0.34 (0x6162636465666768) 345.27 396 P
+0 F
+-0.14 ( will ) 474.8 396 P
+3 F
+-0.14 (not) 499.17 396 P
+0 F
+-0.14 ( reset) 514.5 396 P
+0.25 (the parity bits, because it is interpreted as a sequence of hex digits, not ) 72 376 P
+5 F
+0.21 (ASCII) 416.58 376 P
+0 F
+0.25 ( characters. The dif-) 442.68 376 P
+0.69 (ference in interpretation is that here the user can specify all bits of the key exactly) 72 356 P
+0.69 (, whereas \050on) 474.34 356 P
+0.25 (most terminals\051 it is not possible to control how the parity bit of ) 72 336 P
+5 F
+0.21 (ASCII) 384.76 336 P
+0 F
+0.25 ( characters is set. On some) 410.85 336 P
+0.36 (systems, it is possible to use a \322Meta\323 key to set the parity bit for an ) 72 316 P
+5 F
+0.3 (ASCII) 407.23 316 P
+0 F
+0.36 ( character; should this) 433.33 316 P
+-0.3 (be the case and the user desire ) 72 296 P
+3 F
+-0.3 (bdes) 218.09 296 P
+0 F
+-0.3 ( not to reset the parity bit, the option ) 240.07 296 P
+4 F
+-0.3 (\320p) 415.25 296 P
+0 F
+-0.3 ( will force the parity bit) 427.92 296 P
+(to be used as typed.) 72 276 T
+4 F
+(4. Encryption Output Repr) 72 244 T
+(esentation) 211.05 244 T
+0 F
+0.01 (All modes of the DES output ciphertext in blocks; the size of the block is 64 bits \0508 bytes\051) 108 220 P
+-0.25 (for ECB and CBC modes, and ) 72 200 P
+3 F
+-0.25 (k) 218.74 200 P
+0 F
+-0.25 ( bits for the ) 224.07 200 P
+3 F
+-0.25 (k) 281.02 200 P
+0 F
+-0.25 (-bit CFB and OFB modes, and there are as many out-) 286.35 200 P
+-0.5 (put blocks as input blocks. However) 72 180 P
+-0.5 (, as the length of the input is usually not a multiple of the block) 243.55 180 P
+-0.35 (size, some padding is necessary; but as padding must be done by appending characters, these char-) 72 160 P
+0.29 (acters must be distinguished from the input characters somehow) 72 140 P
+0.29 (. The mechanism used is that the) 381.35 140 P
+0.31 (last character of the \050decrypted\051 last block is the
+\050integer\051 number of characters from the input in) 72 120 P
+(the last block.) 72 100 T
+FMENDPAGE
+%%EndPage: "3" 6
+%%Page: "4" 6
+612 792 0 FMBEGINPAGE
+72 745.99 540 756 R
+7 X
+0 K
+V
+72 32.69 540 42.7 R
+V
+0 F
+0 X
+(Page 4 of 11) 479.71 34.7 T
+72 72 540 720 R
+7 X
+V
+0 X
+-0.59 (For example, suppose ) 108 712 P
+7 F
+-1.41 (inputf) 214.16 712 P
+-1.41 (ile) 257.34 712 P
+0 F
+-0.59 ( contains \322) 278.93 712 P
+6 F
+-1.41 (This) 329.04 712 P
+8 F
+-0.65 (z) 357.83 712 P
+6 F
+-1.41 (is) 362.8 712 P
+8 F
+-0.65 (z) 377.2 712 P
+6 F
+-1.41 (a) 382.17 712 P
+8 F
+-0.65 (z) 389.37 712 P
+6 F
+-1.41 (test) 394.35 712 P
+9 F
+-0.59 (\277) 423.13 712 P
+0 F
+-0.59 (\323, and it is encrypted in) 431.02 712 P
+(CBC mode using the key \322) 72 692 T
+6 F
+(abcdef#@) 200.93 692 T
+0 F
+(\323 and the initialization vector ) 258.5 692 T
+6 F
+(0x0) 401.4 692 T
+0 F
+(; the command is) 422.99 692 T
+6 F
+(bdes -k abcdef#@ < ) 158.48 668 T
+7 F
+(inputf) 295.21 668 T
+(ile) 338.38 668 T
+6 F
+( > ) 359.97 668 T
+7 F
+(outputf) 381.56 668 T
+(ile) 431.93 668 T
+0 F
+(as CBC is the default encryption mode and ) 72 644 T
+6 F
+(0x0) 281.2 644 T
+0 F
+( the default initialization vector:) 302.79 644 T
+(text) 72 620 T
+6 F
+(T) 117 620 T
+(h) 144 620 T
+(i) 171 620 T
+(s) 198 620 T
+8 F
+(z) 225 620 T
+6 F
+(i) 252 620 T
+(s) 279 620 T
+8 F
+(z) 306 620 T
+6 F
+(a) 333 620 T
+8 F
+(z) 360 620 T
+6 F
+(t) 387 620 T
+(e) 414 620 T
+(s) 441 620 T
+(t) 468 620 T
+9 F
+(\277) 495 620 T
+0 F
+(hex) 72 600 T
+10 F
+(54) 117 600 T
+(68) 144 600 T
+(69) 171 600 T
+(73) 198 600 T
+(20) 225 600 T
+(69) 252 600 T
+(73) 279 600 T
+(20) 306 600 T
+(61) 333 600 T
+(20) 360 600 T
+(74) 387 600 T
+(65) 414 600 T
+(73) 441 600 T
+(74) 468 600 T
+(0a) 495 600 T
+0 F
+(input) 72 580 T
+10 F
+(54) 117 580 T
+(68) 144 580 T
+(69) 171 580 T
+(73) 198 580 T
+(20) 225 580 T
+(69) 252 580 T
+(73) 279 580 T
+(20) 306 580 T
+(61) 333 580 T
+(20) 360 580 T
+(74) 387 580 T
+(65) 414 580 T
+(73) 441 580 T
+(74) 468 580 T
+(0a) 495 580 T
+(07) 522 580 T
+0 F
+(output) 72 560 T
+10 F
+(a5) 117 560 T
+(5f) 144 560 T
+(81) 171 560 T
+(53) 198 560 T
+(51) 225 560 T
+(98) 252 560 T
+(47) 279 560 T
+(02) 306 560 T
+(db) 333 560 T
+(5a) 360 560 T
+(c5) 387 560 T
+(fe) 414 560 T
+(50) 441 560 T
+(3d) 468 560 T
+(40) 495 560 T
+(ce) 522 560 T
+0 F
+0.04 (Notice that the text is 15 characters long, so there are 7 bytes following the last full block.) 108 540 P
+3 F
+0.22 (Bdes) 72 520 P
+0 F
+0.22 ( pads this to a full block by appending one byte containing the ) 95.32 520 P
+5 F
+0.19 (ASCII) 399.67 520 P
+0 F
+0.22 ( character with numeric) 425.77 520 P
+(value 7 \050the ) 72 500 T
+5 F
+(ASCII) 131.62 500 T
+0 F
+( character <) 157.71 500 T
+5 F
+(BEL) 214.42 500 T
+0 F
+(>\051. The result is then encrypted.) 233.3 500 T
+0.44 (As another example, suppose ) 108 476 P
+7 F
+1.07 (inputf) 253.34 476 P
+1.07 (ile) 296.52 476 P
+0 F
+0.44 ( contains \322) 318.11 476 P
+6 F
+1.07 (test) 370.29 476 P
+0 F
+0.44 (\323, and it is encrypted in ECB) 399.08 476 P
+(mode using the key \322) 72 456 T
+6 F
+(abcdef#@) 173.93 456 T
+0 F
+(\323; the command is) 231.5 456 T
+6 F
+(bdes -b \320k abcdef#@ < ) 147.69 432 T
+7 F
+(inputf) 306 432 T
+(ile) 349.18 432 T
+6 F
+( > ) 370.76 432 T
+7 F
+(outputf) 392.35 432 T
+(ile) 442.73 432 T
+0 F
+(because the option ) 72 408 T
+4 F
+(\320b) 164.26 408 T
+0 F
+( signi\336es ECB mode:) 176.93 408 T
+(text) 72 384 T
+6 F
+(t) 144 384 T
+(e) 171 384 T
+(s) 198 384 T
+(t) 225 384 T
+0 F
+(hex) 72 364 T
+10 F
+(74) 144 364 T
+(65) 171 364 T
+(73) 198 364 T
+(74) 225 364 T
+0 F
+(input) 72 344 T
+10 F
+(74) 144 344 T
+(65) 171 344 T
+(73) 198 344 T
+(74) 225 344 T
+(00) 252 344 T
+(00) 279 344 T
+(00) 306 344 T
+(04) 333 344 T
+0 F
+(output) 72 324 T
+10 F
+(0d) 144 324 T
+(8a) 171 324 T
+(6e) 198 324 T
+(57) 225 324 T
+(9c) 252 324 T
+(8f) 279 324 T
+(27) 306 324 T
+(5d) 333 324 T
+0 F
+-0.31 (Finally) 108 304 P
+-0.31 (, if the length of the message is indeed a multiple of the block size, an extra block of) 141.21 304 P
+0.83 (all 0 bits is added. Suppose ) 72 284 P
+7 F
+1.99 (inputf) 210.57 284 P
+1.99 (ile) 253.74 284 P
+0 F
+0.83 ( contains \322) 275.33 284 P
+6 F
+1.99 (test) 328.28 284 P
+9 F
+0.83 (\277) 357.07 284 P
+0 F
+0.83 (\323, and it is encrypted in 40-bit CFB) 364.96 284 P
+1.51 (mode using the key \322) 72 264 P
+6 F
+3.62 (abcdef#@) 179.96 264 P
+0 F
+1.51 (\323 and the initialization vector ) 237.53 264 P
+6 F
+3.62 (0x0123456789abcdef) 387.97 264 P
+0 F
+1.51 (; the) 517.5 264 P
+(command is) 72 244 T
+6 F
+-0.99 (bdes -f40 -v0x0123456789abcdef -kabcdef#@ < ) 72 220 P
+7 F
+-0.99 (inputf) 383.67 220 P
+-0.99 (ile) 426.85 220 P
+6 F
+-0.99 ( > ) 448.43 220 P
+7 F
+-0.99 (outputf) 468.04 220 P
+-0.99 (ile) 518.41 220 P
+0 F
+0.16 (because the option ) 72 196 P
+4 F
+0.16 (\320f40 ) 164.75 196 P
+0 F
+0.16 (signi\336es 40-bit CFB mode, and ) 189.89 196 P
+4 F
+0.16 (-v0x01234566789abcdef) 343.96 196 P
+0 F
+0.16 ( sets the initial-) 465.89 196 P
+(ization vector \050note that spaces between the option and its ar) 72 176 T
+(gument are optional\051:) 361.57 176 T
+(text) 72 152 T
+6 F
+(t) 144 152 T
+(e) 171 152 T
+(s) 198 152 T
+(t) 225 152 T
+9 F
+(\277) 252 152 T
+0 F
+(hex) 72 132 T
+10 F
+(74) 144 132 T
+(65) 171 132 T
+(73) 198 132 T
+(74) 225 132 T
+(0a) 252 132 T
+0 F
+(input) 72 112 T
+10 F
+(74) 144 112 T
+(65) 171 112 T
+(73) 198 112 T
+(74) 225 112 T
+(0a) 252 112 T
+(00) 279 112 T
+(00) 306 112 T
+(00) 333 112 T
+(00) 360 112 T
+(00) 387 112 T
+0 F
+(output) 72 92 T
+10 F
+(e2) 144 92 T
+(c2) 171 92 T
+(69) 198 92 T
+(a4) 225 92 T
+(5b) 252 92 T
+(3c) 279 92 T
+(3d) 306 92 T
+(b3) 333 92 T
+(f5) 360 92 T
+(3c) 387 92 T
+FMENDPAGE
+%%EndPage: "4" 7
+1 12 /Times-BoldItalic FMDEFINEFONT
+2 14 /Symbol FMDEFINEFONT
+%%Page: "5" 7
+612 792 0 FMBEGINPAGE
+72 745.99 540 756 R
+7 X
+0 K
+V
+72 32.69 540 42.7 R
+V
+0 F
+0 X
+(Page 5 of 11) 479.71 34.7 T
+72 72 540 720 R
+7 X
+V
+0 X
+(Note here the block size is 40 bits \0505 bytes\051, not 64 bits \0508 bytes\051.) 108 712 T
+-0.4 (This technique allows complete compatibility with Sun\325) 108 688 P
+-0.4 (s ) 374.11 688 P
+3 F
+-0.4 (des) 381.37 688 P
+0 F
+-0.4 ( program. In Sun\325) 397.36 688 P
+-0.4 (s implemen-) 480.77 688 P
+0.02 (tation, padding is done with random bytes rather than bytes containing all zero bits. Cryptograph-) 72 668 P
+0.85 (ically) 72 648 P
+0.85 (, this makes no dif) 97.87 648 P
+0.85 (ference, as the DES is a suf) 189.32 648 P
+0.85 (\336ciently good random cipher to obscure the) 325.74 648 P
+(input \050see for example [2], Chapter 6\051, and known plaintext attacks are very dif) 72 628 T
+(\336cult [1].) 451.82 628 T
+4 F
+(5. Differ) 72 596 T
+(ences Between the Standard CFB and OFB Modes and ) 114.41 596 T
+1 F
+(bdes) 397.26 596 T
+0 F
+-0.11 (The UNIX operating system treats all \336les as streams of 8-bit bytes. In order to implement) 108 572 P
+-0.08 (the CFB and OFB modes properly) 72 552 P
+-0.08 (, it would be necessary to read ) 235.74 552 P
+3 F
+-0.08 (k) 383.74 552 P
+0 F
+-0.08 ( bits from the \336le, where ) 389.07 552 P
+3 F
+-0.08 (k) 509.51 552 P
+0 F
+-0.08 ( is an) 514.84 552 P
+0.98 (integer between 1 and 64 inclusive. However) 72 532 P
+0.98 (, this would require considerable buf) 294.22 532 P
+0.98 (fering and be) 474.77 532 P
+0.23 (quite inef) 72 512 P
+0.23 (\336cient and prohibitively slow) 117.65 512 P
+0.23 (. For these reasons, the current implementation of ) 258.48 512 P
+3 F
+0.23 (bdes) 501.48 512 P
+0 F
+0.23 ( re-) 523.46 512 P
+0.47 (quires that ) 72 492 P
+3 F
+0.47 (k) 126.23 492 P
+0 F
+0.47 ( be a multiple of 8, so that an integral number of bytes will always be read from the) 131.56 492 P
+(\336le. Other than this change, this mode is implemented as described in [3].) 72 472 T
+-0.58 (A similar observation holds for the alternate CFB mode described in [3]. Here, only the low) 108 448 P
+0.23 (7 bits of each byte are signi\336cant, and hence the parameter ) 72 428 P
+3 F
+0.23 (k) 358.95 428 P
+0 F
+0.23 ( is an integer from 1 to 56 inclusive;) 364.28 428 P
+(bdes requires k to be a multiple of 7. The high-order bit is retained for encryption and decryption,) 72 408 T
+(but output \050whether from encryption or decryption\051 always has the high-order bit set to zero.) 72 388 T
+4 F
+(6. Message Authentication Code Modes) 72 356 T
+0 F
+0.57 (The Data Encryption Standard provides two modes of authentication, each providing be-) 108 332 P
+1.27 (tween 1 and 64 bits of authentication data. In both cases an ) 72 312 P
+3 F
+1.27 (n) 373.32 312 P
+0 F
+1.27 (-bit message authentication code) 379.32 312 P
+0.62 (\050MAC\051 is generated, where 1) 72 292 P
+2 F
+0.73 ( ) 214.71 292 P
+9 F
+0.62 (\243) 218.94 292 P
+0 F
+0.62 ( ) 225.52 292 P
+3 F
+0.62 (n) 229.15 292 P
+0 F
+0.62 ( ) 235.14 292 P
+9 F
+0.62 (\243) 238.76 292 P
+0 F
+0.62 ( 64. The \336rst is based on the CBC encryption mode, and the) 245.35 292 P
+(second on CFB mode. Both work the same.) 72 272 T
+0.13 (First, the \336le is padded to a multiple of the block size by appending enough zero bits. It is) 108 248 P
+-0.16 (then encrypted using the standard CBC \050or CFB\051 algorithm, but
+all encrypted text is discarded ex-) 72 228 P
+-0.44 (cept for the last block. The ) 72 208 P
+3 F
+-0.44 (n) 200.9 208 P
+0 F
+-0.44 ( leading bits of the last block are used as the MAC. Note that the block) 206.9 208 P
+(size constrains the number of bits available as the MAC.) 72 188 T
+0.71 (The implementation allows the user to specify that the MAC is to be computed in either) 108 164 P
+-0.01 (CBC or CFB mode, and the user can specify any number of bits from 1 to 64 inclusive. However) 72 144 P
+-0.01 (,) 537 144 P
+-0.11 (because the UNIX operating system can only output bits in multiples of 8, if the number of bits of) 72 124 P
+-0.08 (MAC is not a multiple of 8, the MAC will be right-padded with the minimum number of zero bits) 72 104 P
+-0.31 (necessary to make the MAC length be a multiple of 8. However) 72 84 P
+-0.31 (, note that as the standard \050[3], Ap-) 374.6 84 P
+FMENDPAGE
+%%EndPage: "5" 8
+%%Page: "6" 8
+612 792 0 FMBEGINPAGE
+72 745.99 540 756 R
+7 X
+0 K
+V
+72 32.69 540 42.7 R
+V
+0 F
+0 X
+(Page 6 of 11) 479.71 34.7 T
+72 72 540 720 R
+7 X
+V
+0 X
+-0.14 (pendix F\051 requires an incomplete \336nal block be right-padded with
+zeroes, the technique of forcing) 72 712 P
+(the last octet to contain the number of bytes in the message is ) 72 692 T
+3 F
+(not) 369.47 692 T
+0 F
+( used here.) 384.8 692 T
+-0.39 (For example, suppose ) 108 668 P
+7 F
+-0.94 (inputf) 214.76 668 P
+-0.94 (ile) 257.93 668 P
+0 F
+-0.39 ( contains \322) 279.52 668 P
+6 F
+-0.94 (This) 330.04 668 P
+8 F
+-0.43 (z) 358.82 668 P
+6 F
+-0.94 (is) 363.8 668 P
+8 F
+-0.43 (z) 378.19 668 P
+6 F
+-0.94 (a) 383.17 668 P
+8 F
+-0.43 (z) 390.36 668 P
+6 F
+-0.94 (test) 395.34 668 P
+9 F
+-0.39 (\277) 424.13 668 P
+0 F
+-0.39 (\323, and a 64-bit MAC is) 432.02 668 P
+-0.73 (to be generated using CBC mode, the key \322) 72 648 P
+6 F
+-1.74 (abcdef#@) 274.39 648 P
+0 F
+-0.73 (\323 and the initialization vector ) 331.96 648 P
+6 F
+-1.74 (0x0) 471.23 648 P
+0 F
+-0.73 (; the com-) 492.82 648 P
+(mand is) 72 628 T
+6 F
+(bdes -m 64 -k abcdef#@ < ) 136.89 604 T
+7 F
+(inputf) 316.79 604 T
+(ile) 359.97 604 T
+6 F
+( > ) 381.56 604 T
+7 F
+(outputf) 403.15 604 T
+(ile) 453.52 604 T
+0 F
+(as CBC is the default encryption mode and ) 72 580 T
+6 F
+(0x0) 281.2 580 T
+0 F
+( the default initialization vector:) 302.79 580 T
+(text) 72 556 T
+6 F
+(T) 117 556 T
+(h) 144 556 T
+(i) 171 556 T
+(s) 198 556 T
+8 F
+(z) 225 556 T
+6 F
+(i) 252 556 T
+(s) 279 556 T
+8 F
+(z) 306 556 T
+6 F
+(a) 333 556 T
+8 F
+(z) 360 556 T
+6 F
+(t) 387 556 T
+(e) 414 556 T
+(s) 441 556 T
+(t) 468 556 T
+9 F
+(\277) 495 556 T
+0 F
+(hex) 72 536 T
+10 F
+(54) 117 536 T
+(68) 144 536 T
+(69) 171 536 T
+(73) 198 536 T
+(20) 225 536 T
+(69) 252 536 T
+(73) 279 536 T
+(20) 306 536 T
+(61) 333 536 T
+(20) 360 536 T
+(74) 387 536 T
+(65) 414 536 T
+(73) 441 536 T
+(74) 468 536 T
+(0a) 495 536 T
+0 F
+(input) 72 516 T
+10 F
+(54) 117 516 T
+(68) 144 516 T
+(69) 171 516 T
+(73) 198 516 T
+(20) 225 516 T
+(69) 252 516 T
+(73) 279 516 T
+(20) 306 516 T
+(61) 333 516 T
+(20) 360 516 T
+(74) 387 516 T
+(65) 414 516 T
+(73) 441 516 T
+(74) 468 516 T
+(0a) 495 516 T
+(00) 522 516 T
+0 F
+(output) 72 496 T
+10 F
+(43) 117 496 T
+(18) 144 496 T
+(de) 171 496 T
+(74) 198 496 T
+(24) 225 496 T
+(a9) 252 496 T
+(65) 279 496 T
+(d1) 306 496 T
+0 F
+0.04 (Notice that the text is 15 characters long, so there are 7 bytes following the last full block.) 108 476 P
+3 F
+(Bdes) 72 456 T
+0 F
+( pads this to a full block by appending a zero-\336lled byte. The result is then encrypted and the) 95.32 456 T
+(last block of output is used as the MAC.) 72 436 T
+0.06 (As another example, suppose we used the same text, and wanted a 36-bit MAC to be gen-) 108 412 P
+6.91 (erated using 40-bit CFB mode, the key \322) 72 392 P
+6 F
+16.58 (abcdef#@) 314.9 392 P
+0 F
+6.91 (\323 and the initialization vector) 372.47 392 P
+6 F
+(0x0123456789abcdef) 72 372 T
+0 F
+(; the command is) 201.53 372 T
+6 F
+(bdes -m 36 -f 40 -v 0x0123456789abcdef < ) 79.32 348 T
+7 F
+(inputf) 374.36 348 T
+(ile) 417.54 348 T
+6 F
+( > ) 439.13 348 T
+7 F
+(outputf) 460.71 348 T
+(ile) 511.09 348 T
+0 F
+-0.19 (where ) 72 324 P
+4 F
+-0.19 (\320m 36) 104.11 324 P
+0 F
+-0.19 ( is the option to generate a 36-bit MAC, ) 134.91 324 P
+4 F
+-0.19 (\320f 40) 327.79 324 P
+0 F
+-0.19 ( indicates 40-bit CFB is to be used, and) 352.58 324 P
+4 F
+-0.31 (\320v 0x123456789abcdef) 72 304 P
+0 F
+-0.31 ( sets the initialization vector) 186.62 304 P
+-0.31 (. Note that, as the key is not given on the com-) 319.95 304 P
+(mand line, the user will be prompted for it. It gives:) 72 284 T
+(text) 72 260 T
+6 F
+(T) 117 260 T
+(h) 144 260 T
+(i) 171 260 T
+(s) 198 260 T
+8 F
+(z) 225 260 T
+6 F
+(i) 252 260 T
+(s) 279 260 T
+8 F
+(z) 306 260 T
+6 F
+(a) 333 260 T
+8 F
+(z) 360 260 T
+6 F
+(t) 387 260 T
+(e) 414 260 T
+(s) 441 260 T
+(t) 468 260 T
+9 F
+(\277) 495 260 T
+0 F
+(hex) 72 240 T
+10 F
+(54) 117 240 T
+(68) 144 240 T
+(69) 171 240 T
+(73) 198 240 T
+(20) 225 240 T
+(69) 252 240 T
+(73) 279 240 T
+(20) 306 240 T
+(61) 333 240 T
+(20) 360 240 T
+(74) 387 240 T
+(65) 414 240 T
+(73) 441 240 T
+(74) 468 240 T
+(0a) 495 240 T
+0 F
+(input) 72 220 T
+10 F
+(54) 117 220 T
+(68) 144 220 T
+(69) 171 220 T
+(73) 198 220 T
+(20) 225 220 T
+(69) 252 220 T
+(73) 279 220 T
+(20) 306 220 T
+(61) 333 220 T
+(20) 360 220 T
+(74) 387 220 T
+(65) 414 220 T
+(73) 441 220 T
+(74) 468 220 T
+(0a) 495 220 T
+0 F
+(output) 72 200 T
+10 F
+(2b) 117 200 T
+(18) 144 200 T
+(68) 171 200 T
+(2d) 198 200 T
+(60) 225 200 T
+0 F
+0.19 (Note that the MAC is padded on the right by four zero bits to produce \336ve characters that) 108 180 P
+(can be output.) 72 160 T
+4 F
+(7. Differ) 72 128 T
+(ences Between ) 114.41 128 T
+1 F
+(bdes) 191.01 128 T
+4 F
+( and Sun\325) 212.99 128 T
+(s DES Implementation) 261.88 128 T
+0 F
+0.02 (The program ) 108 104 P
+3 F
+0.02 (bdes) 173.33 104 P
+0 F
+0.02 ( is designed to be completely compatible with Sun Microsystems, Inc.\325) 195.31 104 P
+0.02 (s) 535.33 104 P
+0.57 (implementation of the Data Encryption Standard, called ) 72 84 P
+3 F
+0.57 (des) 347.14 84 P
+0 F
+0.57 ( and described in [4]. Thus, \336les en-) 363.13 84 P
+FMENDPAGE
+%%EndPage: "6" 9
+%%Page: "7" 9
+612 792 0 FMBEGINPAGE
+72 745.99 540 756 R
+7 X
+0 K
+V
+72 32.69 540 42.7 R
+V
+0 F
+0 X
+(Page 7 of 11) 479.71 34.7 T
+72 72 540 720 R
+7 X
+V
+0 X
+0.44 (crypted using ) 72 712 P
+3 F
+0.44 (des) 140.84 712 P
+0 F
+0.44 ( can be decrypted using ) 156.83 712 P
+3 F
+0.44 (bdes) 275.29 712 P
+0 F
+0.44 (, and vice versa, provided modes common to both) 297.27 712 P
+-0.34 (are used. However) 72 692 P
+-0.34 (, ) 160.41 692 P
+3 F
+-0.34 (bdes) 166.06 692 P
+0 F
+-0.34 ( does not allow \336les to be named on the command line, nor does it support) 188.05 692 P
+-0.68 (hardware devices \050and so the ) 72 672 P
+4 F
+-0.68 (-s) 210.83 672 P
+0 F
+-0.68 ( and ) 219.49 672 P
+4 F
+-0.68 (-f) 241.45 672 P
+0 F
+-0.68 ( options of Sun\325) 249.44 672 P
+-0.68 (s ) 323.71 672 P
+3 F
+-0.68 (des) 330.7 672 P
+0 F
+-0.68 ( are not available\051. Further) 346.69 672 P
+-0.68 (, as encryption) 471.07 672 P
+-0.05 (is the default, the Sun ) 72 652 P
+3 F
+-0.05 (des) 179.01 652 P
+0 F
+-0.05 ( ) 195 652 P
+4 F
+-0.05 (-e) 197.95 652 P
+0 F
+-0.05 ( option is not recognized. As the manual page to ) 207.27 652 P
+3 F
+-0.05 (bdes) 441.6 652 P
+0 F
+-0.05 ( is in the appen-) 463.59 652 P
+(dix, these dif) 72 632 T
+(ferences will not be elaborated upon further) 134.08 632 T
+(.) 343.24 632 T
+0.44 (Sun\325) 108 608 P
+0.44 (s ) 130 608 P
+3 F
+0.44 (des) 138.1 608 P
+0 F
+0.44 ( supports the use of special-purpose hardware to encrypt and decrypt. Although) 154.09 608 P
+3 F
+1.33 (bdes) 72 588 P
+0 F
+1.33 ( does not directly support the use of such hardware, it uses the library routine ) 93.98 588 P
+3 F
+1.33 (encrypt) 487.05 588 P
+0 F
+1.33 (\0503\051,) 523.02 588 P
+-0.09 (which may) 72 568 P
+-0.09 (. Hardware support was not included directly to support as lar) 124.1 568 P
+-0.09 (ge a number of platforms) 419.11 568 P
+(as possible with installers needing to know as little about the hardware as possible.) 72 548 T
+-0.08 (Sun\325) 108 524 P
+-0.08 (s ) 130 524 P
+3 F
+-0.08 (des) 137.58 524 P
+0 F
+-0.08 ( supports only the CBC and ECB encryption modes; ) 153.57 524 P
+3 F
+-0.08 (bdes) 407.07 524 P
+0 F
+-0.08 ( supports all modes de-) 429.05 524 P
+0.26 (scribed in [3] \050although CFB and OFB are not completely supported\051 as well as both CBC-based) 72 504 P
+(and CFB-based MACs.) 72 484 T
+0.15 (Although input with length not a multiple of the block size is handled in the same way by) 108 460 P
+-0.47 (both ) 72 440 P
+3 F
+-0.47 (des) 95.85 440 P
+0 F
+-0.47 ( and ) 111.84 440 P
+3 F
+-0.47 (bdes) 134.21 440 P
+0 F
+-0.47 (, dif) 156.19 440 P
+-0.47 (ferent values of the padding bytes are used in all but the last byte of the input.) 174.82 440 P
+(Where ) 72 420 T
+3 F
+(bdes) 106.96 420 T
+0 F
+( puts zero bytes, ) 128.94 420 T
+3 F
+(des) 209.89 420 T
+0 F
+( puts bytes containing random values. The reason for Sun\325) 225.87 420 T
+(s doing) 505.02 420 T
+0.47 (so is to prevent a known plaintext attack on the \336le should an
+attacker determine that the input\325) 72 400 P
+0.47 (s) 535.33 400 P
+-0.29 (length were a multiple of the block size. W) 72 380 P
+-0.29 (ith ) 276.05 380 P
+3 F
+-0.29 (bdes) 291.43 380 P
+0 F
+-0.29 (, the plaintext contents of the last block of input) 313.41 380 P
+0.31 (for such a \336le is known \050a block with all bits zero\051. W) 72 360 P
+0.31 (ith ) 333.99 360 P
+3 F
+0.31 (des) 349.96 360 P
+0 F
+0.31 (, the plaintext contents of that block) 365.95 360 P
+0.73 (are not known. Cryptanalytically) 72 340 P
+0.73 (, given the information about the strength of the DES currently) 231.29 340 P
+0.2 (known, it is widely believed that known plaintext attacks are infeasible
+\050see for example [1]\051 and) 72 320 P
+1.86 (so initializing and invoking the pseudorandom number generator seems unnecessary) 72 300 P
+1.86 (. But this) 492.63 300 P
+(means that ciphertexts produced from a plaintext by ) 72 280 T
+3 F
+(bdes) 324.48 280 T
+0 F
+( and ) 346.47 280 T
+3 F
+(des) 369.78 280 T
+0 F
+( will dif) 385.77 280 T
+(fer in the last block.) 423.54 280 T
+4 F
+(Refer) 72 248 T
+(ences) 100.41 248 T
+0 F
+([1]) 72 224 T
+0.37 (D. Denning, \322The Data Encryption Standard: Fifteen Y) 108 224 P
+0.37 (ears of Public Scrutiny) 374.87 224 P
+0.37 (,\323 ) 484.8 224 P
+3 F
+0.37 (Pr) 496.49 224 P
+0.37 (oceed-) 508.04 224 P
+-0.47 (ings of the Sixth Annual Computer Security Applications Confer) 108 204 P
+-0.47 (ence) 411.65 204 P
+0 F
+-0.47 ( pp. x\320xv \050Dec. 1990\051.) 433.62 204 P
+([2]) 72 180 T
+(A. Konheim, ) 108 180 T
+3 F
+(Cryptography: A Primer) 173.29 180 T
+0 F
+(, John W) 291.4 180 T
+(iley and Sons, Inc., New Y) 333.9 180 T
+(ork, NY \0501981\051.) 461.94 180 T
+([3]) 72 156 T
+3 F
+0.63 (DES Modes of Operation) 108 156 P
+0 F
+0.63 (, Federal Information Processing Standards Publication 81, Na-) 231.47 156 P
+-0.07 (tional Bureau of Standards, U.S. Department of Commerce, W) 108 136 P
+-0.07 (ashington, DC \050Dec. 1980\051.) 407.62 136 P
+([4]) 72 112 T
+3 F
+(UNIX User) 108 112 T
+(\325) 162.74 112 T
+(s Manual) 165.18 112 T
+0 F
+(, Sun Microsystems Inc., Mountain V) 210.16 112 T
+(iew) 390 112 T
+(, CA \050Mar) 406.54 112 T
+(. 1988\051.) 455.51 112 T
+4 F
+(Appendix. The UNIX System Manual Page for ) 72 80 T
+1 F
+(bdes) 313.2 80 T
+FMENDPAGE
+%%EndPage: "7" 10
+1 11 /Times-Bold FMDEFINEFONT
+%%Page: "8" 10
+612 792 0 FMBEGINPAGE
+72 745.99 540 756 R
+7 X
+0 K
+V
+72 32.69 540 42.7 R
+V
+0 F
+0 X
+(Page 8 of 11) 479.71 34.7 T
+72 72 540 720 R
+7 X
+V
+1 F
+0 X
+(NAME) 72 712.67 T
+0 F
+(bdes - encrypt/decrypt using the Data Encryption Standard) 108 689 T
+1 F
+(SYNOPSIS) 72 663.67 T
+4 F
+(bdes) 108 640 T
+0 F
+( [) 131.33 640 T
+3 F
+( ) 138.32 640 T
+4 F
+(-abdp) 141.32 640 T
+0 F
+( ] [ ) 171.31 640 T
+4 F
+(-F) 188.3 640 T
+0 F
+( ) 199.62 640 T
+3 F
+(b) 202.62 640 T
+0 F
+( ] [ ) 208.61 640 T
+4 F
+(-f) 225.6 640 T
+0 F
+( ) 233.58 640 T
+3 F
+(b) 236.58 640 T
+0 F
+( ] [ ) 242.58 640 T
+4 F
+(-k) 259.56 640 T
+0 F
+( ) 270.22 640 T
+3 F
+(key) 273.22 640 T
+0 F
+( ] [ ) 289.2 640 T
+4 F
+(-m) 306.18 640 T
+0 F
+( ) 320.16 640 T
+3 F
+(b) 323.16 640 T
+0 F
+( ] [ ) 329.16 640 T
+4 F
+(-o) 346.14 640 T
+0 F
+( ) 356.13 640 T
+3 F
+(b) 359.13 640 T
+0 F
+( ] [ ) 365.13 640 T
+4 F
+(-v) 382.11 640 T
+0 F
+( ) 392.1 640 T
+3 F
+(vector) 395.1 640 T
+0 F
+( ]) 425.07 640 T
+1 F
+(DESCRIPTION) 72 614.67 T
+3 F
+-0.69 (Bdes) 108 591 P
+0 F
+-0.69 ( reads from the standard input and writes on the standard output. It implements all DES) 131.32 591 P
+-0.09 (modes of operation described in FIPS PUB 81 including alternative cipher feedback mode) 108 577 P
+0.74 (and both authentication modes. All modes but the electronic code book mode require an) 108 563 P
+-0.14 (initialization vector; if none is supplied, the zero vector is used. T) 108 549 P
+-0.14 (o protect the key and ini-) 420.44 549 P
+0.29 (tialization vector from being read by) 108 535 P
+3 F
+0.29 ( ps) 284.98 535 P
+0 F
+0.29 (\0501\051, ) 298.94 535 P
+3 F
+0.29 (bdes ) 319.21 535 P
+0 F
+0.29 (hides its ar) 344.48 535 P
+0.29 (guments on entry) 396.81 535 P
+0.29 (. If no ) 479.89 535 P
+3 F
+0.29 (key ) 512.74 535 P
+0 F
+0.29 (is) 532 535 P
+-0.61 (given, one is requested from the controlling terminal if that can be opened, or from the stan-) 108 521 P
+(dard input if not.) 108 507 T
+-0.17 (The key and initialization vector are taken as sequences of ) 108 489 P
+5 F
+-0.14 (ASCII) 389.38 489 P
+0 F
+-0.17 ( characters which are then) 415.48 489 P
+-0.35 (mapped into their bit representations. If either begins with
+\3240x\325 or \3240X\325, that one is taken as) 108 475 P
+1.02 (a sequence of hexadecimal digits indicating the bit pattern; if either begins with \3240b\325 or) 108 461 P
+-0.73 (\3240B\325, that one is taken as a sequence of binary digits
+indicating the bit pattern. In either case,) 108 447 P
+-0.37 (only the leading 64 bits of the key or initialization vector are used, and if fewer than 64 bits) 108 433 P
+0.35 (are provided, enough 0 bits are appended to pad the key to 64 bits. Note that if the key is) 108 419 P
+0.03 (not entered on the command line, it is interpreted in the same way) 108 405 P
+0.03 (, because with 4.4 BSD,) 424.31 405 P
+-0.36 (the password reading function ) 108 391 P
+3 F
+-0.36 (getpass) 254.45 391 P
+0 F
+-0.36 (\0503\051 allows enough characters for either hex or binary) 290.43 391 P
+(keys to be entered.) 108 377 T
+0.04 (According to the DES standard, the low-order bit of each character in the key string is de-) 108 359 P
+-0.18 (leted. Since most ) 108 345 P
+5 F
+-0.15 (ASCII) 192.75 345 P
+0 F
+-0.18 ( representations set the high-order bit to 0, simply deleting the low-) 218.84 345 P
+-0.29 (order bit ef) 108 331 P
+-0.29 (fectively reduces the size of the key space from 2) 160.49 331 P
+5 F
+-0.24 (56) 394.67 335.8 P
+0 F
+-0.29 ( to 2) 404.67 331 P
+5 F
+-0.24 (48) 425.41 335.8 P
+0 F
+-0.29 ( keys. T) 435.4 331 P
+-0.29 (o prevent this,) 472.29 331 P
+-0.46 (the high-order bit must be a function depending in part upon the low-order bit; so, the high-) 108 317 P
+0.11 (order bit is set to whatever value gives odd parity) 108 303 P
+0.11 (. This preserves the key space size. Note) 345.05 303 P
+(this resetting of the parity bit is ) 108 289 T
+3 F
+(not) 260.92 289 T
+0 F
+( done if the key is given in binary or hex.) 276.24 289 T
+-0.38 (By default, the standard input is encrypted using cipher block chaining mode and is written) 108 271 P
+0.18 (to the standard output. Using the same key for encryption and decryption preserves plain-) 108 257 P
+(text, so) 108 243 T
+( bdes ) 225.81 225 T
+3 F
+(key) 253.79 225 T
+0 F
+( < plaintext | bdes \320i ) 269.77 225 T
+3 F
+(key) 370.21 225 T
+0 F
+( ) 386.19 225 T
+(is a very expensive equivalent of ) 108 201 T
+3 F
+(cat) 268.54 201 T
+0 F
+(\0501\051.) 283.2 201 T
+(Options are:) 108 183 T
+( ) 108 165 T
+4 F
+(\320a) 111 165 T
+0 F
+-0.75 (The key and initialization vector strings are to be taken as ) 144 165 P
+5 F
+-0.62 (ASCII) 415.89 165 P
+0 F
+-0.75 ( suppressing the spe-) 441.98 165 P
+0.3 (cial interpretation given to leading \3240x\325, \3240X\325, \3240b\325,
+and \3240B\325 characters. Note this) 144 151 P
+(\337ag applies to ) 144 137 T
+3 F
+(both) 214.29 137 T
+0 F
+( the key and initialization vector) 235.62 137 T
+(.) 389.85 137 T
+4 F
+(\320b) 108 119 T
+0 F
+(Use electronic code book mode.) 144 119 T
+4 F
+(\320d) 108 101 T
+0 F
+(Decrypt the input.) 144 101 T
+FMENDPAGE
+%%EndPage: "8" 11
+%%Page: "9" 11
+612 792 0 FMBEGINPAGE
+72 745.99 540 756 R
+7 X
+0 K
+V
+72 32.69 540 42.7 R
+V
+0 F
+0 X
+(Page 9 of 11) 479.71 34.7 T
+72 72 540 720 R
+7 X
+V
+4 F
+0 X
+(\320f) 108 712 T
+0 F
+( ) 117.99 712 T
+3 F
+(b) 120.99 712 T
+0 F
+-0.29 (Use ) 144 712 P
+3 F
+-0.29 (b) 165.36 712 P
+0 F
+-0.29 (-bit cipher feedback mode. Currently ) 171.35 712 P
+3 F
+-0.29 (b) 350.42 712 P
+0 F
+-0.29 ( must be a multiple of 8 between 8 and) 356.42 712 P
+(64 inclusive \050this does not conform to the standard CFB mode speci\336cation\051.) 144 698 T
+4 F
+(\320F) 108 680 T
+0 F
+( ) 121.32 680 T
+3 F
+(b) 124.32 680 T
+0 F
+-0.29 (Use ) 144 680 P
+3 F
+-0.29 (b) 165.36 680 P
+0 F
+-0.29 (-bit alternative cipher feedback mode. Currently ) 171.36 680 P
+3 F
+-0.29 (b) 403.77 680 P
+0 F
+-0.29 ( must be a multiple of 7 be-) 409.77 680 P
+-0.12 (tween 7 and 56 inclusive \050this does not conform to the alternative CFB mode spec-) 144 666 P
+(i\336cation\051.) 144 652 T
+4 F
+(\320k) 108 634 T
+0 F
+( ) 120.67 634 T
+3 F
+(key) 123.66 634 T
+0 F
+0.37 (Use the string ) 144 616 P
+3 F
+0.37 (key) 214.74 616 P
+0 F
+0.37 ( as the cryptographic key) 230.72 616 P
+0.37 (. If this ar) 352.01 616 P
+0.37 (gument is not given, the user) 399.54 616 P
+(will be prompted for the key) 144 602 T
+(.) 280.12 602 T
+4 F
+(\320m) 108 584 T
+0 F
+( ) 123.99 584 T
+3 F
+(b) 126.99 584 T
+0 F
+0.71 (Compute a message authentication code \050MAC\051 of ) 144 584 P
+3 F
+0.71 (b) 395.78 584 P
+0 F
+0.71 ( bits on the input. ) 401.77 584 P
+3 F
+0.71 (b) 491.94 584 P
+0 F
+0.71 ( must be) 497.94 584 P
+0.11 (between 1 and 64 inclusive; if ) 144 570 P
+3 F
+0.11 (b) 291.87 570 P
+0 F
+0.11 ( is not a multiple of 8, enough 0 bits will be added) 297.86 570 P
+-0.44 (to pad the MAC length to the nearest multiple of 8. Only the MAC is output. MACs) 144 556 P
+(are only available in cipher block chaining mode or in cipher feedback mode.) 144 542 T
+4 F
+(\320o) 108 524 T
+0 F
+( ) 119.99 524 T
+3 F
+(b) 122.99 524 T
+0 F
+-0.34 (Use ) 144 524 P
+3 F
+-0.34 (b) 165.31 524 P
+0 F
+-0.34 (-bit output feedback mode. Currently ) 171.31 524 P
+3 F
+-0.34 (b) 350.83 524 P
+0 F
+-0.34 ( must be a multiple of 8 between 8 and) 356.83 524 P
+(64 inclusive \050this does not conform to the OFB mode speci\336cation\051.) 144 510 T
+4 F
+(\320p) 108 492 T
+0 F
+-0.14 (Disable the resetting of the parity bit. This \337ag forces the parity bit of the key to be) 144 492 P
+0.03 (used as typed, rather than making each character be of odd parity) 144 478 P
+0.03 (. It is used only if) 455.91 478 P
+(the key is given in ) 144 464 T
+5 F
+(ASCII) 234.95 464 T
+0 F
+(.) 261.04 464 T
+4 F
+(\320v) 108 446 T
+0 F
+( ) 119.99 446 T
+3 F
+(vector) 122.99 446 T
+0 F
+-0.5 (Set the initialization vector to ) 144 428 P
+3 F
+-0.5 (v) 286.44 428 P
+0 F
+-0.5 (; the vector is interpreted in the same way as the key) 291.76 428 P
+-0.5 (.) 537 428 P
+(The vector is ignored in electronic codebook mode.) 144 414 T
+-0.55 (The DES is considered a very strong cryptosystem, and other than table lookup attacks, key) 108 396 P
+0.24 (search attacks, and Hellman\325) 108 382 P
+0.24 (s time-memory tradeof) 246.61 382 P
+0.24 (f \050all of which are very expensive and) 356.8 382 P
+0.66 (time-consuming\051, no cryptanalytic methods for breaking the DES are known in the open) 108 368 P
+0.33 (literature. No doubt the choice of keys and key security are the most vulnerable aspect of) 108 354 P
+3 F
+(bdes) 108 340 T
+0 F
+(.) 129.98 340 T
+4 F
+(IMPLEMENT) 72 314 T
+(A) 146.41 314 T
+(TION NOTES) 154.18 314 T
+0 F
+0.57 (For implementors wishing to write software compatible with this program, the following) 108 290 P
+-0.23 (notes are provided. This software is completely compatible with the implementation of the) 108 276 P
+(data encryption standard distributed by Sun Microsystems, Inc.) 108 262 T
+0.11 (In the ECB and CBC modes, plaintext is encrypted in units of 64 bits \0508 bytes, also called) 108 244 P
+0.52 (a block\051. T) 108 230 P
+0.52 (o ensure that the plaintext \336le is encrypted correctly) 160.49 230 P
+0.52 (, ) 413.01 230 P
+3 F
+0.52 (bdes ) 419.53 230 P
+0 F
+0.52 (will \050internally\051 ap-) 445.03 230 P
+0.29 (pend from 1 to 8 bytes, the last byte containing an integer stating how many bytes of that) 108 216 P
+-0.71 (\336nal block are from the plaintext \336le, and encrypt the resulting block. Hence, when decrypt-) 108 202 P
+0.27 (ing, the last block may contain from 0 to 7 characters present in the plaintext \336le, and the) 108 188 P
+-0.59 (last byte tells how many) 108 174 P
+-0.59 (. Note that if during decryption the last byte of the \336le does not con-) 221.46 174 P
+0.41 (tain an integer between 0 and 7, either the \336le has been corrupted or an incorrect key has) 108 160 P
+0.48 (been given. A similar mechanism is used for the OFB and CFB modes, except that those) 108 146 P
+0.26 (simply require the length of the input to be a multiple of the mode size, and the \336nal byte) 108 132 P
+-0.73 (contains an integer between 0 and one less than the number of bytes being used as the mode.) 108 118 P
+(\050This was another reason that the mode size must be a multiple of 8 for those modes.\051) 108 104 T
+FMENDPAGE
+%%EndPage: "9" 12
+%%Page: "10" 12
+612 792 0 FMBEGINPAGE
+72 745.99 540 756 R
+7 X
+0 K
+V
+72 32.69 540 42.7 R
+V
+0 F
+0 X
+(Page 10 of 11) 473.71 34.7 T
+72 72 540 720 R
+7 X
+V
+0 X
+0.94 (Unlike Sun\325) 108 712 P
+0.94 (s implementation, unused bytes of that last block are not \336lled with random) 166.58 712 P
+0.57 (data, but instead contain what was in those byte positions in the preceding block. This is) 108 698 P
+(quicker and more portable, and does not weaken the encryption signi\336cantly) 108 684 T
+(.) 473.95 684 T
+0.36 (If the key is entered in ) 108 666 P
+5 F
+0.3 (ASCII) 220.76 666 P
+0 F
+0.36 (, the parity bits of the key characters are set so that each key) 246.85 666 P
+1.03 (character is of odd parity) 108 652 P
+1.03 (. Unlike Sun\325) 231.23 652 P
+1.03 (s implementation, it is possible to enter binary or) 296.92 652 P
+-0.57 (hexadecimal keys on the command line, and if this is done, the parity bits are ) 108 638 P
+3 F
+-0.57 (not ) 472.85 638 P
+0 F
+-0.57 (reset. This) 490.61 638 P
+(allows testing using arbitrary bit patterns as keys.) 108 624 T
+0.64 (The Sun implementation always uses an initialization vector of 0 \050that is, all zeroes\051. By) 108 606 P
+(default, ) 108 592 T
+3 F
+(bdes ) 147.3 592 T
+0 F
+(does too, but this may be changed from the command line.) 172.29 592 T
+4 F
+(FILES) 72 566 T
+0 F
+(/dev/tty) 108 542 T
+(controlling terminal for typed key) 180 542 T
+4 F
+(SEE ALSO) 72 516 T
+3 F
+(crypt) 108 492 T
+0 F
+(\0501\051, ) 132.65 492 T
+3 F
+(crypt) 152.63 492 T
+0 F
+(\0503\051) 177.27 492 T
+3 F
+-0.4 (Data Encryption Standar) 108 474 P
+-0.4 (d) 228.02 474 P
+0 F
+-0.4 (, Federal Information Processing Standard #46, National Bureau) 234.02 474 P
+(of Standards, U.S. Department of Commerce, W) 108 460 T
+(ashington DC \050Jan. 1977\051.) 340.2 460 T
+3 F
+0.16 (DES) 108 442 P
+0 F
+0.16 ( ) 129.98 442 P
+3 F
+0.16 (Modes of Operation, ) 133.15 442 P
+0 F
+0.16 (Federal Information Processing Standard #81, National Bureau) 236.24 442 P
+(of Standards, U.S. Department of Commerce, W) 108 428 T
+(ashington DC \050Dec. 1980\051.) 340.2 428 T
+2.75 (Dorothy Denning, ) 108 410 P
+3 F
+2.75 (Cryptography and Data Security) 203.77 410 P
+0 F
+2.75 (, Addison-W) 368.8 410 P
+2.75 (esley Publishing Co.,) 432.55 410 P
+(Reading, MA \2511982.) 108 396 T
+-0.19 ( Matt Bishop, \322Implementation Notes on ) 108 378 P
+3 F
+-0.19 (bdes) 305.76 378 P
+0 F
+-0.19 (\0501\051\323, T) 327.75 378 P
+-0.19 (echnical Report PCS-TR-91-158, De-) 359.35 378 P
+0.34 (partment of Mathematics and Computer Science, Dartmouth College, Hanover) 108 364 P
+0.34 (, NH \050Apr) 488.01 364 P
+0.34 (.) 537 364 P
+(1991\051.) 108 350 T
+4 F
+(CAUTION) 72 324 T
+0 F
+-0.55 (Certain speci\336c keys should be avoided because they introduce potential weaknesses; these) 108 300 P
+-0.44 (keys, called the ) 108 286 P
+3 F
+-0.44 (weak) 183.95 286 P
+0 F
+-0.44 ( and ) 208.6 286 P
+3 F
+-0.44 (semiweak) 231.03 286 P
+0 F
+-0.44 ( keys, are \050in hex notation, where ) 277.66 286 P
+6 F
+-1.06 (p) 437.45 286 P
+0 F
+-0.44 ( is either ) 444.64 286 P
+6 F
+-1.06 (0) 487.63 286 P
+0 F
+-0.44 ( or ) 494.82 286 P
+6 F
+-1.06 (1) 509.93 286 P
+0 F
+-0.44 (, and) 517.12 286 P
+6 F
+(P) 108 272 T
+0 F
+( is either ) 115.2 272 T
+6 F
+(e) 159.5 272 T
+0 F
+( or ) 166.7 272 T
+6 F
+(f) 182.68 272 T
+0 F
+(\051:) 189.88 272 T
+6 F
+(0x0p0p0p0p0p0p0p0p) 144 254 T
+(0x0p1P0p1P0p0P0p0P) 360 254 T
+(0x0pep0pep0pfp0pfp) 144 236 T
+(0x0pfP0pfP0pfP0pfP) 360 236 T
+(0x1P0p1P0p0P0p0P0p) 144 218 T
+(0x1P1P1P1P0P0P0P0P) 360 218 T
+(0x1Pep1Pep0Pfp0Pfp) 144 200 T
+(0x1PfP1PfP0PfP0PfP) 360 200 T
+(0xep0pep0pfp0pfp0p) 144 182 T
+(0xep1Pep1pfp0Pfp0P) 360 182 T
+(0xepepepepepepepep) 144 164 T
+(0xepfPepfPfpfPfpfP) 360 164 T
+(0xfP0pfP0pfP0pfP0p) 144 146 T
+(0xfP1PfP1PfP0PfP0P) 360 146 T
+(0xfPepfPepfPepfPep) 144 128 T
+(0xfPfPfPfPfPfPfPfP) 360 128 T
+0 F
+0.13 (The weakness of these keys is inherent in the DES algorithm \050see for example Moore and) 108 110 P
+-0.57 (Simmons, \322Cycle structure of the DES with weak and semi-weak keys,\323) 108 96 P
+3 F
+-0.57 ( Advances in Cryp-) 449.43 96 P
+(tology \320 Crypto \32486 Pr) 108 82 T
+(oceedings) 216.83 82 T
+0 F
+(, Springer) 264.79 82 T
+(-V) 311.85 82 T
+(erlag New Y) 323.17 82 T
+(ork, \2511987, pp. 9-32\051.) 383.25 82 T
+FMENDPAGE
+%%EndPage: "10" 13
+%%Page: "11" 13
+612 792 0 FMBEGINPAGE
+72 745.99 540 756 R
+7 X
+0 K
+V
+72 32.69 540 42.7 R
+V
+0 F
+0 X
+(Page 11 of 11) 473.71 34.7 T
+72 72 540 720 R
+7 X
+V
+4 F
+0 X
+(BUGS) 72 712 T
+0 F
+-0.18 (There is a controversy raging over whether the DES will still be secure in a few years. The) 108 688 P
+0.31 (advent of special-purpose hardware could reduce the cost of any of the methods of attack) 108 674 P
+(named above so that they are no longer computationally infeasible.) 108 660 T
+0.32 (Programs which display programs\325 ar) 108 642 P
+0.32 (guments may compromise the key and initialization) 289.59 642 P
+0.76 (vector if they are speci\336ed on the command line. T) 108 628 P
+0.76 (o avoid this ) 358.46 628 P
+3 F
+0.76 (bdes) 419.7 628 P
+0 F
+0.76 ( overwrites its ar) 441.68 628 P
+0.76 (gu-) 524.01 628 P
+(ments. However) 108 614 T
+(, the obvious race cannot currently be avoided.) 186.12 614 T
+0.25 (As the key or key schedule is kept in memory throughout the run of this program, the en-) 108 596 P
+(cryption can be compromised if memory is readable.) 108 582 T
+-0.4 (There is no warranty of merchantability nor any warranty of \336tness for a particular purpose) 108 564 P
+0.05 (nor any other warranty) 108 550 P
+0.05 (, either express or implied, as to the accuracy of the enclosed mate-) 216.95 550 P
+(rials or as to their suitability for any particular purpose.) 108 536 T
+-0.06 (Accordingly) 108 518 P
+-0.06 (, the user assumes full responsibility for their use. Further) 167.18 518 P
+-0.06 (, the author assumes) 442.93 518 P
+-0.25 (no obligation to furnish any assistance of any kind whatsoever) 108 504 P
+-0.25 (, or to furnish any additional) 404.69 504 P
+(information or documentation.) 108 490 T
+4 F
+(AUTHOR) 72 464 T
+0 F
+-0.54 (Matt Bishop, Department of Mathematics and Computer Science, Bradley Hall, Dartmouth) 108 440 P
+(College, Hanover) 108 426 T
+(, NH 03755) 192.12 426 T
+(Electronic mail addresses:) 108 408 T
+(Internet: Matt.Bishop@dartmouth.edu) 108 390 T
+(UUCP: decvax!dartvax!Matt.Bishop) 108 372 T
+FMENDPAGE
+%%EndPage: "11" 14
+%%Trailer
+%%BoundingBox: 0 0 612 792
+%%Pages: 13 1
+%%DocumentFonts: Helvetica-Bold
+%%+ Helvetica-BoldOblique
+%%+ Times-Roman
+%%+ Times-Bold
+%%+ Times-BoldItalic
+%%+ Times-Italic
+%%+ Courier
+%%+ Courier-Oblique
+%%+ ZapfDingbats
+%%+ Symbol
+%%+ Courier-Bold
diff --git a/secure/usr.bin/openssl/Makefile b/secure/usr.bin/openssl/Makefile
new file mode 100644
index 0000000..8166254
--- /dev/null
+++ b/secure/usr.bin/openssl/Makefile
@@ -0,0 +1,26 @@
+# $FreeBSD$
+
+PROG= openssl
+
+DPADD= ${LIBSSL} ${LIBCRYPTO}
+LDADD= -lssl -lcrypto
+
+.if exists(Makefile.man)
+.include "Makefile.man"
+.endif
+.include "../../lib/libcrypto/Makefile.inc"
+
+CFLAGS+= -DMONOLITH -I${.CURDIR}
+
+SRCS+= app_rand.c apps.c asn1pars.c ca.c ciphers.c cms.c crl.c crl2p7.c \
+ dgst.c dh.c dhparam.c dsa.c dsaparam.c ec.c ecparam.c enc.c \
+ engine.c errstr.c \
+ gendh.c gendsa.c genrsa.c nseq.c ocsp.c openssl.c passwd.c \
+ pkcs12.c pkcs7.c pkcs8.c prime.c rand.c req.c rsa.c rsautl.c s_cb.c \
+ s_client.c s_server.c s_socket.c s_time.c sess_id.c smime.c \
+ speed.c spkac.c verify.c version.c x509.c
+
+.include <bsd.prog.mk>
+
+.PATH: ${LCRYPTO_SRC}/apps \
+ ${.CURDIR}/man
diff --git a/secure/usr.bin/openssl/Makefile.man b/secure/usr.bin/openssl/Makefile.man
new file mode 100644
index 0000000..b87642f
--- /dev/null
+++ b/secure/usr.bin/openssl/Makefile.man
@@ -0,0 +1,47 @@
+# $FreeBSD$
+# DO NOT EDIT: generated from man-makefile-update target
+MAN+= CA.pl.1
+MAN+= asn1parse.1
+MAN+= ca.1
+MAN+= ciphers.1
+MAN+= crl.1
+MAN+= crl2pkcs7.1
+MAN+= dgst.1
+MAN+= dhparam.1
+MAN+= dsa.1
+MAN+= dsaparam.1
+MAN+= ec.1
+MAN+= ecparam.1
+MAN+= enc.1
+MAN+= errstr.1
+MAN+= gendsa.1
+MAN+= genrsa.1
+MAN+= nseq.1
+MAN+= ocsp.1
+MAN+= openssl.1
+MAN+= passwd.1
+MAN+= pkcs12.1
+MAN+= pkcs7.1
+MAN+= pkcs8.1
+MAN+= rand.1
+MAN+= req.1
+MAN+= rsa.1
+MAN+= rsautl.1
+MAN+= s_client.1
+MAN+= s_server.1
+MAN+= s_time.1
+MAN+= sess_id.1
+MAN+= smime.1
+MAN+= speed.1
+MAN+= spkac.1
+MAN+= verify.1
+MAN+= version.1
+MAN+= x509.1
+MAN+= x509v3_config.1
+MLINKS+= dgst.1 md5.1
+MLINKS+= dgst.1 md4.1
+MLINKS+= dgst.1 md2.1
+MLINKS+= dgst.1 sha1.1
+MLINKS+= dgst.1 sha.1
+MLINKS+= dgst.1 mdc2.1
+MLINKS+= dgst.1 ripemd160.1
diff --git a/secure/usr.bin/openssl/man/CA.pl.1 b/secure/usr.bin/openssl/man/CA.pl.1
new file mode 100644
index 0000000..7c3c4eb
--- /dev/null
+++ b/secure/usr.bin/openssl/man/CA.pl.1
@@ -0,0 +1,297 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "CA.PL 1"
+.TH CA.PL 1 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+CA.pl \- friendlier interface for OpenSSL certificate programs
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+\&\fB\s-1CA\s0.pl\fR
+[\fB\-?\fR]
+[\fB\-h\fR]
+[\fB\-help\fR]
+[\fB\-newcert\fR]
+[\fB\-newreq\fR]
+[\fB\-newreq\-nodes\fR]
+[\fB\-newca\fR]
+[\fB\-xsign\fR]
+[\fB\-sign\fR]
+[\fB\-signreq\fR]
+[\fB\-signcert\fR]
+[\fB\-verify\fR]
+[\fBfiles\fR]
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+The \fB\s-1CA\s0.pl\fR script is a perl script that supplies the relevant command line
+arguments to the \fBopenssl\fR command for some common certificate operations.
+It is intended to simplify the process of certificate creation and management
+by the use of some simple options.
+.SH "COMMAND OPTIONS"
+.IX Header "COMMAND OPTIONS"
+.IP "\fB?\fR, \fB\-h\fR, \fB\-help\fR" 4
+.IX Item "?, -h, -help"
+prints a usage message.
+.IP "\fB\-newcert\fR" 4
+.IX Item "-newcert"
+creates a new self signed certificate. The private key and certificate are
+written to the file \*(L"newreq.pem\*(R".
+.IP "\fB\-newreq\fR" 4
+.IX Item "-newreq"
+creates a new certificate request. The private key and request are
+written to the file \*(L"newreq.pem\*(R".
+.IP "\fB\-newreq\-nodes\fR" 4
+.IX Item "-newreq-nodes"
+is like \fB\-newreq\fR except that the private key will not be encrypted.
+.IP "\fB\-newca\fR" 4
+.IX Item "-newca"
+creates a new \s-1CA\s0 hierarchy for use with the \fBca\fR program (or the \fB\-signcert\fR
+and \fB\-xsign\fR options). The user is prompted to enter the filename of the \s-1CA\s0
+certificates (which should also contain the private key) or by hitting \s-1ENTER\s0
+details of the \s-1CA\s0 will be prompted for. The relevant files and directories
+are created in a directory called \*(L"demoCA\*(R" in the current directory.
+.IP "\fB\-pkcs12\fR" 4
+.IX Item "-pkcs12"
+create a PKCS#12 file containing the user certificate, private key and \s-1CA\s0
+certificate. It expects the user certificate and private key to be in the
+file \*(L"newcert.pem\*(R" and the \s-1CA\s0 certificate to be in the file demoCA/cacert.pem,
+it creates a file \*(L"newcert.p12\*(R". This command can thus be called after the
+\&\fB\-sign\fR option. The PKCS#12 file can be imported directly into a browser.
+If there is an additional argument on the command line it will be used as the
+\&\*(L"friendly name\*(R" for the certificate (which is typically displayed in the browser
+list box), otherwise the name \*(L"My Certificate\*(R" is used.
+.IP "\fB\-sign\fR, \fB\-signreq\fR, \fB\-xsign\fR" 4
+.IX Item "-sign, -signreq, -xsign"
+calls the \fBca\fR program to sign a certificate request. It expects the request
+to be in the file \*(L"newreq.pem\*(R". The new certificate is written to the file
+\&\*(L"newcert.pem\*(R" except in the case of the \fB\-xsign\fR option when it is written
+to standard output.
+.IP "\fB\-signCA\fR" 4
+.IX Item "-signCA"
+this option is the same as the \fB\-signreq\fR option except it uses the configuration
+file section \fBv3_ca\fR and so makes the signed request a valid \s-1CA\s0 certificate. This
+is useful when creating intermediate \s-1CA\s0 from a root \s-1CA\s0.
+.IP "\fB\-signcert\fR" 4
+.IX Item "-signcert"
+this option is the same as \fB\-sign\fR except it expects a self signed certificate
+to be present in the file \*(L"newreq.pem\*(R".
+.IP "\fB\-verify\fR" 4
+.IX Item "-verify"
+verifies certificates against the \s-1CA\s0 certificate for \*(L"demoCA\*(R". If no certificates
+are specified on the command line it tries to verify the file \*(L"newcert.pem\*(R".
+.IP "\fBfiles\fR" 4
+.IX Item "files"
+one or more optional certificate file names for use with the \fB\-verify\fR command.
+.SH "EXAMPLES"
+.IX Header "EXAMPLES"
+Create a \s-1CA\s0 hierarchy:
+.PP
+.Vb 1
+\& CA.pl \-newca
+.Ve
+.PP
+Complete certificate creation example: create a \s-1CA\s0, create a request, sign
+the request and finally create a PKCS#12 file containing it.
+.PP
+.Vb 4
+\& CA.pl \-newca
+\& CA.pl \-newreq
+\& CA.pl \-signreq
+\& CA.pl \-pkcs12 "My Test Certificate"
+.Ve
+.SH "DSA CERTIFICATES"
+.IX Header "DSA CERTIFICATES"
+Although the \fB\s-1CA\s0.pl\fR creates \s-1RSA\s0 CAs and requests it is still possible to
+use it with \s-1DSA\s0 certificates and requests using the \fIreq\fR\|(1) command
+directly. The following example shows the steps that would typically be taken.
+.PP
+Create some \s-1DSA\s0 parameters:
+.PP
+.Vb 1
+\& openssl dsaparam \-out dsap.pem 1024
+.Ve
+.PP
+Create a \s-1DSA\s0 \s-1CA\s0 certificate and private key:
+.PP
+.Vb 1
+\& openssl req \-x509 \-newkey dsa:dsap.pem \-keyout cacert.pem \-out cacert.pem
+.Ve
+.PP
+Create the \s-1CA\s0 directories and files:
+.PP
+.Vb 1
+\& CA.pl \-newca
+.Ve
+.PP
+enter cacert.pem when prompted for the \s-1CA\s0 file name.
+.PP
+Create a \s-1DSA\s0 certificate request and private key (a different set of parameters
+can optionally be created first):
+.PP
+.Vb 1
+\& openssl req \-out newreq.pem \-newkey dsa:dsap.pem
+.Ve
+.PP
+Sign the request:
+.PP
+.Vb 1
+\& CA.pl \-signreq
+.Ve
+.SH "NOTES"
+.IX Header "NOTES"
+Most of the filenames mentioned can be modified by editing the \fB\s-1CA\s0.pl\fR script.
+.PP
+If the demoCA directory already exists then the \fB\-newca\fR command will not
+overwrite it and will do nothing. This can happen if a previous call using
+the \fB\-newca\fR option terminated abnormally. To get the correct behaviour
+delete the demoCA directory if it already exists.
+.PP
+Under some environments it may not be possible to run the \fB\s-1CA\s0.pl\fR script
+directly (for example Win32) and the default configuration file location may
+be wrong. In this case the command:
+.PP
+.Vb 1
+\& perl \-S CA.pl
+.Ve
+.PP
+can be used and the \fB\s-1OPENSSL_CONF\s0\fR environment variable changed to point to
+the correct path of the configuration file \*(L"openssl.cnf\*(R".
+.PP
+The script is intended as a simple front end for the \fBopenssl\fR program for use
+by a beginner. Its behaviour isn't always what is wanted. For more control over the
+behaviour of the certificate commands call the \fBopenssl\fR command directly.
+.SH "ENVIRONMENT VARIABLES"
+.IX Header "ENVIRONMENT VARIABLES"
+The variable \fB\s-1OPENSSL_CONF\s0\fR if defined allows an alternative configuration
+file location to be specified, it should contain the full path to the
+configuration file, not just its directory.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIx509\fR\|(1), \fIca\fR\|(1), \fIreq\fR\|(1), \fIpkcs12\fR\|(1),
+\&\fIconfig\fR\|(5)
diff --git a/secure/usr.bin/openssl/man/asn1parse.1 b/secure/usr.bin/openssl/man/asn1parse.1
new file mode 100644
index 0000000..3fd727b
--- /dev/null
+++ b/secure/usr.bin/openssl/man/asn1parse.1
@@ -0,0 +1,294 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "ASN1PARSE 1"
+.TH ASN1PARSE 1 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+asn1parse \- ASN.1 parsing tool
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+\&\fBopenssl\fR \fBasn1parse\fR
+[\fB\-inform PEM|DER\fR]
+[\fB\-in filename\fR]
+[\fB\-out filename\fR]
+[\fB\-noout\fR]
+[\fB\-offset number\fR]
+[\fB\-length number\fR]
+[\fB\-i\fR]
+[\fB\-oid filename\fR]
+[\fB\-strparse offset\fR]
+[\fB\-genstr string\fR]
+[\fB\-genconf file\fR]
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+The \fBasn1parse\fR command is a diagnostic utility that can parse \s-1ASN\s0.1
+structures. It can also be used to extract data from \s-1ASN\s0.1 formatted data.
+.SH "OPTIONS"
+.IX Header "OPTIONS"
+.IP "\fB\-inform\fR \fBDER|PEM\fR" 4
+.IX Item "-inform DER|PEM"
+the input format. \fB\s-1DER\s0\fR is binary format and \fB\s-1PEM\s0\fR (the default) is base64
+encoded.
+.IP "\fB\-in filename\fR" 4
+.IX Item "-in filename"
+the input file, default is standard input
+.IP "\fB\-out filename\fR" 4
+.IX Item "-out filename"
+output file to place the \s-1DER\s0 encoded data into. If this
+option is not present then no data will be output. This is most useful when
+combined with the \fB\-strparse\fR option.
+.IP "\fB\-noout\fR" 4
+.IX Item "-noout"
+don't output the parsed version of the input file.
+.IP "\fB\-offset number\fR" 4
+.IX Item "-offset number"
+starting offset to begin parsing, default is start of file.
+.IP "\fB\-length number\fR" 4
+.IX Item "-length number"
+number of bytes to parse, default is until end of file.
+.IP "\fB\-i\fR" 4
+.IX Item "-i"
+indents the output according to the \*(L"depth\*(R" of the structures.
+.IP "\fB\-oid filename\fR" 4
+.IX Item "-oid filename"
+a file containing additional \s-1OBJECT\s0 IDENTIFIERs (OIDs). The format of this
+file is described in the \s-1NOTES\s0 section below.
+.IP "\fB\-strparse offset\fR" 4
+.IX Item "-strparse offset"
+parse the contents octets of the \s-1ASN\s0.1 object starting at \fBoffset\fR. This
+option can be used multiple times to \*(L"drill down\*(R" into a nested structure.
+.IP "\fB\-genstr string\fR, \fB\-genconf file\fR" 4
+.IX Item "-genstr string, -genconf file"
+generate encoded data based on \fBstring\fR, \fBfile\fR or both using
+\&\fIASN1_generate_nconf()\fR format. If \fBfile\fR only is present then the string
+is obtained from the default section using the name \fBasn1\fR. The encoded
+data is passed through the \s-1ASN1\s0 parser and printed out as though it came
+from a file, the contents can thus be examined and written to a file
+using the \fBout\fR option.
+.SS "\s-1OUTPUT\s0"
+.IX Subsection "OUTPUT"
+The output will typically contain lines like this:
+.PP
+.Vb 1
+\& 0:d=0 hl=4 l= 681 cons: SEQUENCE
+.Ve
+.PP
+\&.....
+.PP
+.Vb 10
+\& 229:d=3 hl=3 l= 141 prim: BIT STRING
+\& 373:d=2 hl=3 l= 162 cons: cont [ 3 ]
+\& 376:d=3 hl=3 l= 159 cons: SEQUENCE
+\& 379:d=4 hl=2 l= 29 cons: SEQUENCE
+\& 381:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Subject Key Identifier
+\& 386:d=5 hl=2 l= 22 prim: OCTET STRING
+\& 410:d=4 hl=2 l= 112 cons: SEQUENCE
+\& 412:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Authority Key Identifier
+\& 417:d=5 hl=2 l= 105 prim: OCTET STRING
+\& 524:d=4 hl=2 l= 12 cons: SEQUENCE
+.Ve
+.PP
+\&.....
+.PP
+This example is part of a self signed certificate. Each line starts with the
+offset in decimal. \fBd=XX\fR specifies the current depth. The depth is increased
+within the scope of any \s-1SET\s0 or \s-1SEQUENCE\s0. \fBhl=XX\fR gives the header length
+(tag and length octets) of the current type. \fBl=XX\fR gives the length of
+the contents octets.
+.PP
+The \fB\-i\fR option can be used to make the output more readable.
+.PP
+Some knowledge of the \s-1ASN\s0.1 structure is needed to interpret the output.
+.PP
+In this example the \s-1BIT\s0 \s-1STRING\s0 at offset 229 is the certificate public key.
+The contents octets of this will contain the public key information. This can
+be examined using the option \fB\-strparse 229\fR to yield:
+.PP
+.Vb 3
+\& 0:d=0 hl=3 l= 137 cons: SEQUENCE
+\& 3:d=1 hl=3 l= 129 prim: INTEGER :E5D21E1F5C8D208EA7A2166C7FAF9F6BDF2059669C60876DDB70840F1A5AAFA59699FE471F379F1DD6A487E7D5409AB6A88D4A9746E24B91D8CF55DB3521015460C8EDE44EE8A4189F7A7BE77D6CD3A9AF2696F486855CF58BF0EDF2B4068058C7A947F52548DDF7E15E96B385F86422BEA9064A3EE9E1158A56E4A6F47E5897
+\& 135:d=1 hl=2 l= 3 prim: INTEGER :010001
+.Ve
+.SH "NOTES"
+.IX Header "NOTES"
+If an \s-1OID\s0 is not part of OpenSSL's internal table it will be represented in
+numerical form (for example 1.2.3.4). The file passed to the \fB\-oid\fR option
+allows additional OIDs to be included. Each line consists of three columns,
+the first column is the \s-1OID\s0 in numerical format and should be followed by white
+space. The second column is the \*(L"short name\*(R" which is a single word followed
+by white space. The final column is the rest of the line and is the
+\&\*(L"long name\*(R". \fBasn1parse\fR displays the long name. Example:
+.PP
+\&\f(CW\*(C`1.2.3.4 shortName A long name\*(C'\fR
+.SH "EXAMPLES"
+.IX Header "EXAMPLES"
+Parse a file:
+.PP
+.Vb 1
+\& openssl asn1parse \-in file.pem
+.Ve
+.PP
+Parse a \s-1DER\s0 file:
+.PP
+.Vb 1
+\& openssl asn1parse \-inform DER \-in file.der
+.Ve
+.PP
+Generate a simple UTF8String:
+.PP
+.Vb 1
+\& openssl asn1parse \-genstr \*(AqUTF8:Hello World\*(Aq
+.Ve
+.PP
+Generate and write out a UTF8String, don't print parsed output:
+.PP
+.Vb 1
+\& openssl asn1parse \-genstr \*(AqUTF8:Hello World\*(Aq \-noout \-out utf8.der
+.Ve
+.PP
+Generate using a config file:
+.PP
+.Vb 1
+\& openssl asn1parse \-genconf asn1.cnf \-noout \-out asn1.der
+.Ve
+.PP
+Example config file:
+.PP
+.Vb 1
+\& asn1=SEQUENCE:seq_sect
+\&
+\& [seq_sect]
+\&
+\& field1=BOOL:TRUE
+\& field2=EXP:0, UTF8:some random string
+.Ve
+.SH "BUGS"
+.IX Header "BUGS"
+There should be options to change the format of output lines. The output of some
+\&\s-1ASN\s0.1 types is not well handled (if at all).
diff --git a/secure/usr.bin/openssl/man/ca.1 b/secure/usr.bin/openssl/man/ca.1
new file mode 100644
index 0000000..9de935d
--- /dev/null
+++ b/secure/usr.bin/openssl/man/ca.1
@@ -0,0 +1,727 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "CA 1"
+.TH CA 1 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+ca \- sample minimal CA application
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+\&\fBopenssl\fR \fBca\fR
+[\fB\-verbose\fR]
+[\fB\-config filename\fR]
+[\fB\-name section\fR]
+[\fB\-gencrl\fR]
+[\fB\-revoke file\fR]
+[\fB\-crl_reason reason\fR]
+[\fB\-crl_hold instruction\fR]
+[\fB\-crl_compromise time\fR]
+[\fB\-crl_CA_compromise time\fR]
+[\fB\-crldays days\fR]
+[\fB\-crlhours hours\fR]
+[\fB\-crlexts section\fR]
+[\fB\-startdate date\fR]
+[\fB\-enddate date\fR]
+[\fB\-days arg\fR]
+[\fB\-md arg\fR]
+[\fB\-policy arg\fR]
+[\fB\-keyfile arg\fR]
+[\fB\-key arg\fR]
+[\fB\-passin arg\fR]
+[\fB\-cert file\fR]
+[\fB\-selfsign\fR]
+[\fB\-in file\fR]
+[\fB\-out file\fR]
+[\fB\-notext\fR]
+[\fB\-outdir dir\fR]
+[\fB\-infiles\fR]
+[\fB\-spkac file\fR]
+[\fB\-ss_cert file\fR]
+[\fB\-preserveDN\fR]
+[\fB\-noemailDN\fR]
+[\fB\-batch\fR]
+[\fB\-msie_hack\fR]
+[\fB\-extensions section\fR]
+[\fB\-extfile section\fR]
+[\fB\-engine id\fR]
+[\fB\-subj arg\fR]
+[\fB\-utf8\fR]
+[\fB\-multivalue\-rdn\fR]
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+The \fBca\fR command is a minimal \s-1CA\s0 application. It can be used
+to sign certificate requests in a variety of forms and generate
+CRLs it also maintains a text database of issued certificates
+and their status.
+.PP
+The options descriptions will be divided into each purpose.
+.SH "CA OPTIONS"
+.IX Header "CA OPTIONS"
+.IP "\fB\-config filename\fR" 4
+.IX Item "-config filename"
+specifies the configuration file to use.
+.IP "\fB\-name section\fR" 4
+.IX Item "-name section"
+specifies the configuration file section to use (overrides
+\&\fBdefault_ca\fR in the \fBca\fR section).
+.IP "\fB\-in filename\fR" 4
+.IX Item "-in filename"
+an input filename containing a single certificate request to be
+signed by the \s-1CA\s0.
+.IP "\fB\-ss_cert filename\fR" 4
+.IX Item "-ss_cert filename"
+a single self signed certificate to be signed by the \s-1CA\s0.
+.IP "\fB\-spkac filename\fR" 4
+.IX Item "-spkac filename"
+a file containing a single Netscape signed public key and challenge
+and additional field values to be signed by the \s-1CA\s0. See the \fB\s-1SPKAC\s0 \s-1FORMAT\s0\fR
+section for information on the required format.
+.IP "\fB\-infiles\fR" 4
+.IX Item "-infiles"
+if present this should be the last option, all subsequent arguments
+are assumed to the the names of files containing certificate requests.
+.IP "\fB\-out filename\fR" 4
+.IX Item "-out filename"
+the output file to output certificates to. The default is standard
+output. The certificate details will also be printed out to this
+file.
+.IP "\fB\-outdir directory\fR" 4
+.IX Item "-outdir directory"
+the directory to output certificates to. The certificate will be
+written to a filename consisting of the serial number in hex with
+\&\*(L".pem\*(R" appended.
+.IP "\fB\-cert\fR" 4
+.IX Item "-cert"
+the \s-1CA\s0 certificate file.
+.IP "\fB\-keyfile filename\fR" 4
+.IX Item "-keyfile filename"
+the private key to sign requests with.
+.IP "\fB\-key password\fR" 4
+.IX Item "-key password"
+the password used to encrypt the private key. Since on some
+systems the command line arguments are visible (e.g. Unix with
+the 'ps' utility) this option should be used with caution.
+.IP "\fB\-selfsign\fR" 4
+.IX Item "-selfsign"
+indicates the issued certificates are to be signed with the key
+the certificate requests were signed with (given with \fB\-keyfile\fR).
+Cerificate requests signed with a different key are ignored. If
+\&\fB\-spkac\fR, \fB\-ss_cert\fR or \fB\-gencrl\fR are given, \fB\-selfsign\fR is
+ignored.
+.Sp
+A consequence of using \fB\-selfsign\fR is that the self-signed
+certificate appears among the entries in the certificate database
+(see the configuration option \fBdatabase\fR), and uses the same
+serial number counter as all other certificates sign with the
+self-signed certificate.
+.IP "\fB\-passin arg\fR" 4
+.IX Item "-passin arg"
+the key password source. For more information about the format of \fBarg\fR
+see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
+.IP "\fB\-verbose\fR" 4
+.IX Item "-verbose"
+this prints extra details about the operations being performed.
+.IP "\fB\-notext\fR" 4
+.IX Item "-notext"
+don't output the text form of a certificate to the output file.
+.IP "\fB\-startdate date\fR" 4
+.IX Item "-startdate date"
+this allows the start date to be explicitly set. The format of the
+date is \s-1YYMMDDHHMMSSZ\s0 (the same as an \s-1ASN1\s0 UTCTime structure).
+.IP "\fB\-enddate date\fR" 4
+.IX Item "-enddate date"
+this allows the expiry date to be explicitly set. The format of the
+date is \s-1YYMMDDHHMMSSZ\s0 (the same as an \s-1ASN1\s0 UTCTime structure).
+.IP "\fB\-days arg\fR" 4
+.IX Item "-days arg"
+the number of days to certify the certificate for.
+.IP "\fB\-md alg\fR" 4
+.IX Item "-md alg"
+the message digest to use. Possible values include md5, sha1 and mdc2.
+This option also applies to CRLs.
+.IP "\fB\-policy arg\fR" 4
+.IX Item "-policy arg"
+this option defines the \s-1CA\s0 \*(L"policy\*(R" to use. This is a section in
+the configuration file which decides which fields should be mandatory
+or match the \s-1CA\s0 certificate. Check out the \fB\s-1POLICY\s0 \s-1FORMAT\s0\fR section
+for more information.
+.IP "\fB\-msie_hack\fR" 4
+.IX Item "-msie_hack"
+this is a legacy option to make \fBca\fR work with very old versions of
+the \s-1IE\s0 certificate enrollment control \*(L"certenr3\*(R". It used UniversalStrings
+for almost everything. Since the old control has various security bugs
+its use is strongly discouraged. The newer control \*(L"Xenroll\*(R" does not
+need this option.
+.IP "\fB\-preserveDN\fR" 4
+.IX Item "-preserveDN"
+Normally the \s-1DN\s0 order of a certificate is the same as the order of the
+fields in the relevant policy section. When this option is set the order
+is the same as the request. This is largely for compatibility with the
+older \s-1IE\s0 enrollment control which would only accept certificates if their
+DNs match the order of the request. This is not needed for Xenroll.
+.IP "\fB\-noemailDN\fR" 4
+.IX Item "-noemailDN"
+The \s-1DN\s0 of a certificate can contain the \s-1EMAIL\s0 field if present in the
+request \s-1DN\s0, however it is good policy just having the e\-mail set into
+the altName extension of the certificate. When this option is set the
+\&\s-1EMAIL\s0 field is removed from the certificate' subject and set only in
+the, eventually present, extensions. The \fBemail_in_dn\fR keyword can be
+used in the configuration file to enable this behaviour.
+.IP "\fB\-batch\fR" 4
+.IX Item "-batch"
+this sets the batch mode. In this mode no questions will be asked
+and all certificates will be certified automatically.
+.IP "\fB\-extensions section\fR" 4
+.IX Item "-extensions section"
+the section of the configuration file containing certificate extensions
+to be added when a certificate is issued (defaults to \fBx509_extensions\fR
+unless the \fB\-extfile\fR option is used). If no extension section is
+present then, a V1 certificate is created. If the extension section
+is present (even if it is empty), then a V3 certificate is created.
+.IP "\fB\-extfile file\fR" 4
+.IX Item "-extfile file"
+an additional configuration file to read certificate extensions from
+(using the default section unless the \fB\-extensions\fR option is also
+used).
+.IP "\fB\-engine id\fR" 4
+.IX Item "-engine id"
+specifying an engine (by it's unique \fBid\fR string) will cause \fBreq\fR
+to attempt to obtain a functional reference to the specified engine,
+thus initialising it if needed. The engine will then be set as the default
+for all available algorithms.
+.IP "\fB\-subj arg\fR" 4
+.IX Item "-subj arg"
+supersedes subject name given in the request.
+The arg must be formatted as \fI/type0=value0/type1=value1/type2=...\fR,
+characters may be escaped by \e (backslash), no spaces are skipped.
+.IP "\fB\-utf8\fR" 4
+.IX Item "-utf8"
+this option causes field values to be interpreted as \s-1UTF8\s0 strings, by
+default they are interpreted as \s-1ASCII\s0. This means that the field
+values, whether prompted from a terminal or obtained from a
+configuration file, must be valid \s-1UTF8\s0 strings.
+.IP "\fB\-multivalue\-rdn\fR" 4
+.IX Item "-multivalue-rdn"
+this option causes the \-subj argument to be interpretedt with full
+support for multivalued RDNs. Example:
+.Sp
+\&\fI/DC=org/DC=OpenSSL/DC=users/UID=123456+CN=John Doe\fR
+.Sp
+If \-multi\-rdn is not used then the \s-1UID\s0 value is \fI123456+CN=John Doe\fR.
+.SH "CRL OPTIONS"
+.IX Header "CRL OPTIONS"
+.IP "\fB\-gencrl\fR" 4
+.IX Item "-gencrl"
+this option generates a \s-1CRL\s0 based on information in the index file.
+.IP "\fB\-crldays num\fR" 4
+.IX Item "-crldays num"
+the number of days before the next \s-1CRL\s0 is due. That is the days from
+now to place in the \s-1CRL\s0 nextUpdate field.
+.IP "\fB\-crlhours num\fR" 4
+.IX Item "-crlhours num"
+the number of hours before the next \s-1CRL\s0 is due.
+.IP "\fB\-revoke filename\fR" 4
+.IX Item "-revoke filename"
+a filename containing a certificate to revoke.
+.IP "\fB\-crl_reason reason\fR" 4
+.IX Item "-crl_reason reason"
+revocation reason, where \fBreason\fR is one of: \fBunspecified\fR, \fBkeyCompromise\fR,
+\&\fBCACompromise\fR, \fBaffiliationChanged\fR, \fBsuperseded\fR, \fBcessationOfOperation\fR,
+\&\fBcertificateHold\fR or \fBremoveFromCRL\fR. The matching of \fBreason\fR is case
+insensitive. Setting any revocation reason will make the \s-1CRL\s0 v2.
+.Sp
+In practive \fBremoveFromCRL\fR is not particularly useful because it is only used
+in delta CRLs which are not currently implemented.
+.IP "\fB\-crl_hold instruction\fR" 4
+.IX Item "-crl_hold instruction"
+This sets the \s-1CRL\s0 revocation reason code to \fBcertificateHold\fR and the hold
+instruction to \fBinstruction\fR which must be an \s-1OID\s0. Although any \s-1OID\s0 can be
+used only \fBholdInstructionNone\fR (the use of which is discouraged by \s-1RFC2459\s0)
+\&\fBholdInstructionCallIssuer\fR or \fBholdInstructionReject\fR will normally be used.
+.IP "\fB\-crl_compromise time\fR" 4
+.IX Item "-crl_compromise time"
+This sets the revocation reason to \fBkeyCompromise\fR and the compromise time to
+\&\fBtime\fR. \fBtime\fR should be in GeneralizedTime format that is \fB\s-1YYYYMMDDHHMMSSZ\s0\fR.
+.IP "\fB\-crl_CA_compromise time\fR" 4
+.IX Item "-crl_CA_compromise time"
+This is the same as \fBcrl_compromise\fR except the revocation reason is set to
+\&\fBCACompromise\fR.
+.IP "\fB\-crlexts section\fR" 4
+.IX Item "-crlexts section"
+the section of the configuration file containing \s-1CRL\s0 extensions to
+include. If no \s-1CRL\s0 extension section is present then a V1 \s-1CRL\s0 is
+created, if the \s-1CRL\s0 extension section is present (even if it is
+empty) then a V2 \s-1CRL\s0 is created. The \s-1CRL\s0 extensions specified are
+\&\s-1CRL\s0 extensions and \fBnot\fR \s-1CRL\s0 entry extensions. It should be noted
+that some software (for example Netscape) can't handle V2 CRLs.
+.SH "CONFIGURATION FILE OPTIONS"
+.IX Header "CONFIGURATION FILE OPTIONS"
+The section of the configuration file containing options for \fBca\fR
+is found as follows: If the \fB\-name\fR command line option is used,
+then it names the section to be used. Otherwise the section to
+be used must be named in the \fBdefault_ca\fR option of the \fBca\fR section
+of the configuration file (or in the default section of the
+configuration file). Besides \fBdefault_ca\fR, the following options are
+read directly from the \fBca\fR section:
+ \s-1RANDFILE\s0
+ preserve
+ msie_hack
+With the exception of \fB\s-1RANDFILE\s0\fR, this is probably a bug and may
+change in future releases.
+.PP
+Many of the configuration file options are identical to command line
+options. Where the option is present in the configuration file
+and the command line the command line value is used. Where an
+option is described as mandatory then it must be present in
+the configuration file or the command line equivalent (if
+any) used.
+.IP "\fBoid_file\fR" 4
+.IX Item "oid_file"
+This specifies a file containing additional \fB\s-1OBJECT\s0 \s-1IDENTIFIERS\s0\fR.
+Each line of the file should consist of the numerical form of the
+object identifier followed by white space then the short name followed
+by white space and finally the long name.
+.IP "\fBoid_section\fR" 4
+.IX Item "oid_section"
+This specifies a section in the configuration file containing extra
+object identifiers. Each line should consist of the short name of the
+object identifier followed by \fB=\fR and the numerical form. The short
+and long names are the same when this option is used.
+.IP "\fBnew_certs_dir\fR" 4
+.IX Item "new_certs_dir"
+the same as the \fB\-outdir\fR command line option. It specifies
+the directory where new certificates will be placed. Mandatory.
+.IP "\fBcertificate\fR" 4
+.IX Item "certificate"
+the same as \fB\-cert\fR. It gives the file containing the \s-1CA\s0
+certificate. Mandatory.
+.IP "\fBprivate_key\fR" 4
+.IX Item "private_key"
+same as the \fB\-keyfile\fR option. The file containing the
+\&\s-1CA\s0 private key. Mandatory.
+.IP "\fB\s-1RANDFILE\s0\fR" 4
+.IX Item "RANDFILE"
+a file used to read and write random number seed information, or
+an \s-1EGD\s0 socket (see \fIRAND_egd\fR\|(3)).
+.IP "\fBdefault_days\fR" 4
+.IX Item "default_days"
+the same as the \fB\-days\fR option. The number of days to certify
+a certificate for.
+.IP "\fBdefault_startdate\fR" 4
+.IX Item "default_startdate"
+the same as the \fB\-startdate\fR option. The start date to certify
+a certificate for. If not set the current time is used.
+.IP "\fBdefault_enddate\fR" 4
+.IX Item "default_enddate"
+the same as the \fB\-enddate\fR option. Either this option or
+\&\fBdefault_days\fR (or the command line equivalents) must be
+present.
+.IP "\fBdefault_crl_hours default_crl_days\fR" 4
+.IX Item "default_crl_hours default_crl_days"
+the same as the \fB\-crlhours\fR and the \fB\-crldays\fR options. These
+will only be used if neither command line option is present. At
+least one of these must be present to generate a \s-1CRL\s0.
+.IP "\fBdefault_md\fR" 4
+.IX Item "default_md"
+the same as the \fB\-md\fR option. The message digest to use. Mandatory.
+.IP "\fBdatabase\fR" 4
+.IX Item "database"
+the text database file to use. Mandatory. This file must be present
+though initially it will be empty.
+.IP "\fBunique_subject\fR" 4
+.IX Item "unique_subject"
+if the value \fByes\fR is given, the valid certificate entries in the
+database must have unique subjects. if the value \fBno\fR is given,
+several valid certificate entries may have the exact same subject.
+The default value is \fByes\fR, to be compatible with older (pre 0.9.8)
+versions of OpenSSL. However, to make \s-1CA\s0 certificate roll-over easier,
+it's recommended to use the value \fBno\fR, especially if combined with
+the \fB\-selfsign\fR command line option.
+.IP "\fBserial\fR" 4
+.IX Item "serial"
+a text file containing the next serial number to use in hex. Mandatory.
+This file must be present and contain a valid serial number.
+.IP "\fBcrlnumber\fR" 4
+.IX Item "crlnumber"
+a text file containing the next \s-1CRL\s0 number to use in hex. The crl number
+will be inserted in the CRLs only if this file exists. If this file is
+present, it must contain a valid \s-1CRL\s0 number.
+.IP "\fBx509_extensions\fR" 4
+.IX Item "x509_extensions"
+the same as \fB\-extensions\fR.
+.IP "\fBcrl_extensions\fR" 4
+.IX Item "crl_extensions"
+the same as \fB\-crlexts\fR.
+.IP "\fBpreserve\fR" 4
+.IX Item "preserve"
+the same as \fB\-preserveDN\fR
+.IP "\fBemail_in_dn\fR" 4
+.IX Item "email_in_dn"
+the same as \fB\-noemailDN\fR. If you want the \s-1EMAIL\s0 field to be removed
+from the \s-1DN\s0 of the certificate simply set this to 'no'. If not present
+the default is to allow for the \s-1EMAIL\s0 filed in the certificate's \s-1DN\s0.
+.IP "\fBmsie_hack\fR" 4
+.IX Item "msie_hack"
+the same as \fB\-msie_hack\fR
+.IP "\fBpolicy\fR" 4
+.IX Item "policy"
+the same as \fB\-policy\fR. Mandatory. See the \fB\s-1POLICY\s0 \s-1FORMAT\s0\fR section
+for more information.
+.IP "\fBname_opt\fR, \fBcert_opt\fR" 4
+.IX Item "name_opt, cert_opt"
+these options allow the format used to display the certificate details
+when asking the user to confirm signing. All the options supported by
+the \fBx509\fR utilities \fB\-nameopt\fR and \fB\-certopt\fR switches can be used
+here, except the \fBno_signame\fR and \fBno_sigdump\fR are permanently set
+and cannot be disabled (this is because the certificate signature cannot
+be displayed because the certificate has not been signed at this point).
+.Sp
+For convenience the values \fBca_default\fR are accepted by both to produce
+a reasonable output.
+.Sp
+If neither option is present the format used in earlier versions of
+OpenSSL is used. Use of the old format is \fBstrongly\fR discouraged because
+it only displays fields mentioned in the \fBpolicy\fR section, mishandles
+multicharacter string types and does not display extensions.
+.IP "\fBcopy_extensions\fR" 4
+.IX Item "copy_extensions"
+determines how extensions in certificate requests should be handled.
+If set to \fBnone\fR or this option is not present then extensions are
+ignored and not copied to the certificate. If set to \fBcopy\fR then any
+extensions present in the request that are not already present are copied
+to the certificate. If set to \fBcopyall\fR then all extensions in the
+request are copied to the certificate: if the extension is already present
+in the certificate it is deleted first. See the \fB\s-1WARNINGS\s0\fR section before
+using this option.
+.Sp
+The main use of this option is to allow a certificate request to supply
+values for certain extensions such as subjectAltName.
+.SH "POLICY FORMAT"
+.IX Header "POLICY FORMAT"
+The policy section consists of a set of variables corresponding to
+certificate \s-1DN\s0 fields. If the value is \*(L"match\*(R" then the field value
+must match the same field in the \s-1CA\s0 certificate. If the value is
+\&\*(L"supplied\*(R" then it must be present. If the value is \*(L"optional\*(R" then
+it may be present. Any fields not mentioned in the policy section
+are silently deleted, unless the \fB\-preserveDN\fR option is set but
+this can be regarded more of a quirk than intended behaviour.
+.SH "SPKAC FORMAT"
+.IX Header "SPKAC FORMAT"
+The input to the \fB\-spkac\fR command line option is a Netscape
+signed public key and challenge. This will usually come from
+the \fB\s-1KEYGEN\s0\fR tag in an \s-1HTML\s0 form to create a new private key.
+It is however possible to create SPKACs using the \fBspkac\fR utility.
+.PP
+The file should contain the variable \s-1SPKAC\s0 set to the value of
+the \s-1SPKAC\s0 and also the required \s-1DN\s0 components as name value pairs.
+If you need to include the same component twice then it can be
+preceded by a number and a '.'.
+.SH "EXAMPLES"
+.IX Header "EXAMPLES"
+Note: these examples assume that the \fBca\fR directory structure is
+already set up and the relevant files already exist. This usually
+involves creating a \s-1CA\s0 certificate and private key with \fBreq\fR, a
+serial number file and an empty index file and placing them in
+the relevant directories.
+.PP
+To use the sample configuration file below the directories demoCA,
+demoCA/private and demoCA/newcerts would be created. The \s-1CA\s0
+certificate would be copied to demoCA/cacert.pem and its private
+key to demoCA/private/cakey.pem. A file demoCA/serial would be
+created containing for example \*(L"01\*(R" and the empty index file
+demoCA/index.txt.
+.PP
+Sign a certificate request:
+.PP
+.Vb 1
+\& openssl ca \-in req.pem \-out newcert.pem
+.Ve
+.PP
+Sign a certificate request, using \s-1CA\s0 extensions:
+.PP
+.Vb 1
+\& openssl ca \-in req.pem \-extensions v3_ca \-out newcert.pem
+.Ve
+.PP
+Generate a \s-1CRL\s0
+.PP
+.Vb 1
+\& openssl ca \-gencrl \-out crl.pem
+.Ve
+.PP
+Sign several requests:
+.PP
+.Vb 1
+\& openssl ca \-infiles req1.pem req2.pem req3.pem
+.Ve
+.PP
+Certify a Netscape \s-1SPKAC:\s0
+.PP
+.Vb 1
+\& openssl ca \-spkac spkac.txt
+.Ve
+.PP
+A sample \s-1SPKAC\s0 file (the \s-1SPKAC\s0 line has been truncated for clarity):
+.PP
+.Vb 5
+\& SPKAC=MIG0MGAwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAn7PDhCeV/xIxUg8V70YRxK2A5
+\& CN=Steve Test
+\& emailAddress=steve@openssl.org
+\& 0.OU=OpenSSL Group
+\& 1.OU=Another Group
+.Ve
+.PP
+A sample configuration file with the relevant sections for \fBca\fR:
+.PP
+.Vb 2
+\& [ ca ]
+\& default_ca = CA_default # The default ca section
+\&
+\& [ CA_default ]
+\&
+\& dir = ./demoCA # top dir
+\& database = $dir/index.txt # index file.
+\& new_certs_dir = $dir/newcerts # new certs dir
+\&
+\& certificate = $dir/cacert.pem # The CA cert
+\& serial = $dir/serial # serial no file
+\& private_key = $dir/private/cakey.pem# CA private key
+\& RANDFILE = $dir/private/.rand # random number file
+\&
+\& default_days = 365 # how long to certify for
+\& default_crl_days= 30 # how long before next CRL
+\& default_md = md5 # md to use
+\&
+\& policy = policy_any # default policy
+\& email_in_dn = no # Don\*(Aqt add the email into cert DN
+\&
+\& name_opt = ca_default # Subject name display option
+\& cert_opt = ca_default # Certificate display option
+\& copy_extensions = none # Don\*(Aqt copy extensions from request
+\&
+\& [ policy_any ]
+\& countryName = supplied
+\& stateOrProvinceName = optional
+\& organizationName = optional
+\& organizationalUnitName = optional
+\& commonName = supplied
+\& emailAddress = optional
+.Ve
+.SH "FILES"
+.IX Header "FILES"
+Note: the location of all files can change either by compile time options,
+configuration file entries, environment variables or command line options.
+The values below reflect the default values.
+.PP
+.Vb 10
+\& /usr/local/ssl/lib/openssl.cnf \- master configuration file
+\& ./demoCA \- main CA directory
+\& ./demoCA/cacert.pem \- CA certificate
+\& ./demoCA/private/cakey.pem \- CA private key
+\& ./demoCA/serial \- CA serial number file
+\& ./demoCA/serial.old \- CA serial number backup file
+\& ./demoCA/index.txt \- CA text database file
+\& ./demoCA/index.txt.old \- CA text database backup file
+\& ./demoCA/certs \- certificate output file
+\& ./demoCA/.rnd \- CA random seed information
+.Ve
+.SH "ENVIRONMENT VARIABLES"
+.IX Header "ENVIRONMENT VARIABLES"
+\&\fB\s-1OPENSSL_CONF\s0\fR reflects the location of master configuration file it can
+be overridden by the \fB\-config\fR command line option.
+.SH "RESTRICTIONS"
+.IX Header "RESTRICTIONS"
+The text database index file is a critical part of the process and
+if corrupted it can be difficult to fix. It is theoretically possible
+to rebuild the index file from all the issued certificates and a current
+\&\s-1CRL:\s0 however there is no option to do this.
+.PP
+V2 \s-1CRL\s0 features like delta CRLs are not currently supported.
+.PP
+Although several requests can be input and handled at once it is only
+possible to include one \s-1SPKAC\s0 or self signed certificate.
+.SH "BUGS"
+.IX Header "BUGS"
+The use of an in memory text database can cause problems when large
+numbers of certificates are present because, as the name implies
+the database has to be kept in memory.
+.PP
+The \fBca\fR command really needs rewriting or the required functionality
+exposed at either a command or interface level so a more friendly utility
+(perl script or \s-1GUI\s0) can handle things properly. The scripts \fB\s-1CA\s0.sh\fR and
+\&\fB\s-1CA\s0.pl\fR help a little but not very much.
+.PP
+Any fields in a request that are not present in a policy are silently
+deleted. This does not happen if the \fB\-preserveDN\fR option is used. To
+enforce the absence of the \s-1EMAIL\s0 field within the \s-1DN\s0, as suggested by
+RFCs, regardless the contents of the request' subject the \fB\-noemailDN\fR
+option can be used. The behaviour should be more friendly and
+configurable.
+.PP
+Cancelling some commands by refusing to certify a certificate can
+create an empty file.
+.SH "WARNINGS"
+.IX Header "WARNINGS"
+The \fBca\fR command is quirky and at times downright unfriendly.
+.PP
+The \fBca\fR utility was originally meant as an example of how to do things
+in a \s-1CA\s0. It was not supposed to be used as a full blown \s-1CA\s0 itself:
+nevertheless some people are using it for this purpose.
+.PP
+The \fBca\fR command is effectively a single user command: no locking is
+done on the various files and attempts to run more than one \fBca\fR command
+on the same database can have unpredictable results.
+.PP
+The \fBcopy_extensions\fR option should be used with caution. If care is
+not taken then it can be a security risk. For example if a certificate
+request contains a basicConstraints extension with \s-1CA:TRUE\s0 and the
+\&\fBcopy_extensions\fR value is set to \fBcopyall\fR and the user does not spot
+this when the certificate is displayed then this will hand the requestor
+a valid \s-1CA\s0 certificate.
+.PP
+This situation can be avoided by setting \fBcopy_extensions\fR to \fBcopy\fR
+and including basicConstraints with \s-1CA:FALSE\s0 in the configuration file.
+Then if the request contains a basicConstraints extension it will be
+ignored.
+.PP
+It is advisable to also include values for other extensions such
+as \fBkeyUsage\fR to prevent a request supplying its own values.
+.PP
+Additional restrictions can be placed on the \s-1CA\s0 certificate itself.
+For example if the \s-1CA\s0 certificate has:
+.PP
+.Vb 1
+\& basicConstraints = CA:TRUE, pathlen:0
+.Ve
+.PP
+then even if a certificate is issued with \s-1CA:TRUE\s0 it will not be valid.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIreq\fR\|(1), \fIspkac\fR\|(1), \fIx509\fR\|(1), \s-1\fICA\s0.pl\fR\|(1),
+\&\fIconfig\fR\|(5)
diff --git a/secure/usr.bin/openssl/man/ciphers.1 b/secure/usr.bin/openssl/man/ciphers.1
new file mode 100644
index 0000000..46f1f97
--- /dev/null
+++ b/secure/usr.bin/openssl/man/ciphers.1
@@ -0,0 +1,522 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "CIPHERS 1"
+.TH CIPHERS 1 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+ciphers \- SSL cipher display and cipher list tool.
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+\&\fBopenssl\fR \fBciphers\fR
+[\fB\-v\fR]
+[\fB\-ssl2\fR]
+[\fB\-ssl3\fR]
+[\fB\-tls1\fR]
+[\fBcipherlist\fR]
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+The \fBcipherlist\fR command converts OpenSSL cipher lists into ordered
+\&\s-1SSL\s0 cipher preference lists. It can be used as a test tool to determine
+the appropriate cipherlist.
+.SH "COMMAND OPTIONS"
+.IX Header "COMMAND OPTIONS"
+.IP "\fB\-v\fR" 4
+.IX Item "-v"
+verbose option. List ciphers with a complete description of
+protocol version (SSLv2 or SSLv3; the latter includes \s-1TLS\s0), key exchange,
+authentication, encryption and mac algorithms used along with any key size
+restrictions and whether the algorithm is classed as an \*(L"export\*(R" cipher.
+Note that without the \fB\-v\fR option, ciphers may seem to appear twice
+in a cipher list; this is when similar ciphers are available for
+\&\s-1SSL\s0 v2 and for \s-1SSL\s0 v3/TLS v1.
+.IP "\fB\-ssl3\fR" 4
+.IX Item "-ssl3"
+only include \s-1SSL\s0 v3 ciphers.
+.IP "\fB\-ssl2\fR" 4
+.IX Item "-ssl2"
+only include \s-1SSL\s0 v2 ciphers.
+.IP "\fB\-tls1\fR" 4
+.IX Item "-tls1"
+only include \s-1TLS\s0 v1 ciphers.
+.IP "\fB\-h\fR, \fB\-?\fR" 4
+.IX Item "-h, -?"
+print a brief usage message.
+.IP "\fBcipherlist\fR" 4
+.IX Item "cipherlist"
+a cipher list to convert to a cipher preference list. If it is not included
+then the default cipher list will be used. The format is described below.
+.SH "CIPHER LIST FORMAT"
+.IX Header "CIPHER LIST FORMAT"
+The cipher list consists of one or more \fIcipher strings\fR separated by colons.
+Commas or spaces are also acceptable separators but colons are normally used.
+.PP
+The actual cipher string can take several different forms.
+.PP
+It can consist of a single cipher suite such as \fB\s-1RC4\-SHA\s0\fR.
+.PP
+It can represent a list of cipher suites containing a certain algorithm, or
+cipher suites of a certain type. For example \fB\s-1SHA1\s0\fR represents all ciphers
+suites using the digest algorithm \s-1SHA1\s0 and \fBSSLv3\fR represents all \s-1SSL\s0 v3
+algorithms.
+.PP
+Lists of cipher suites can be combined in a single cipher string using the
+\&\fB+\fR character. This is used as a logical \fBand\fR operation. For example
+\&\fB\s-1SHA1+DES\s0\fR represents all cipher suites containing the \s-1SHA1\s0 \fBand\fR the \s-1DES\s0
+algorithms.
+.PP
+Each cipher string can be optionally preceded by the characters \fB!\fR,
+\&\fB\-\fR or \fB+\fR.
+.PP
+If \fB!\fR is used then the ciphers are permanently deleted from the list.
+The ciphers deleted can never reappear in the list even if they are
+explicitly stated.
+.PP
+If \fB\-\fR is used then the ciphers are deleted from the list, but some or
+all of the ciphers can be added again by later options.
+.PP
+If \fB+\fR is used then the ciphers are moved to the end of the list. This
+option doesn't add any new ciphers it just moves matching existing ones.
+.PP
+If none of these characters is present then the string is just interpreted
+as a list of ciphers to be appended to the current preference list. If the
+list includes any ciphers already present they will be ignored: that is they
+will not moved to the end of the list.
+.PP
+Additionally the cipher string \fB\f(CB@STRENGTH\fB\fR can be used at any point to sort
+the current cipher list in order of encryption algorithm key length.
+.SH "CIPHER STRINGS"
+.IX Header "CIPHER STRINGS"
+The following is a list of all permitted cipher strings and their meanings.
+.IP "\fB\s-1DEFAULT\s0\fR" 4
+.IX Item "DEFAULT"
+the default cipher list. This is determined at compile time and is normally
+\&\fB\s-1AES:ALL:\s0!aNULL:!eNULL:+RC4:@STRENGTH\fR. This must be the first cipher string
+specified.
+.IP "\fB\s-1COMPLEMENTOFDEFAULT\s0\fR" 4
+.IX Item "COMPLEMENTOFDEFAULT"
+the ciphers included in \fB\s-1ALL\s0\fR, but not enabled by default. Currently
+this is \fB\s-1ADH\s0\fR. Note that this rule does not cover \fBeNULL\fR, which is
+not included by \fB\s-1ALL\s0\fR (use \fB\s-1COMPLEMENTOFALL\s0\fR if necessary).
+.IP "\fB\s-1ALL\s0\fR" 4
+.IX Item "ALL"
+all ciphers suites except the \fBeNULL\fR ciphers which must be explicitly enabled.
+.IP "\fB\s-1COMPLEMENTOFALL\s0\fR" 4
+.IX Item "COMPLEMENTOFALL"
+the cipher suites not enabled by \fB\s-1ALL\s0\fR, currently being \fBeNULL\fR.
+.IP "\fB\s-1HIGH\s0\fR" 4
+.IX Item "HIGH"
+\&\*(L"high\*(R" encryption cipher suites. This currently means those with key lengths larger
+than 128 bits, and some cipher suites with 128\-bit keys.
+.IP "\fB\s-1MEDIUM\s0\fR" 4
+.IX Item "MEDIUM"
+\&\*(L"medium\*(R" encryption cipher suites, currently some of those using 128 bit encryption.
+.IP "\fB\s-1LOW\s0\fR" 4
+.IX Item "LOW"
+\&\*(L"low\*(R" encryption cipher suites, currently those using 64 or 56 bit encryption algorithms
+but excluding export cipher suites.
+.IP "\fB\s-1EXP\s0\fR, \fB\s-1EXPORT\s0\fR" 4
+.IX Item "EXP, EXPORT"
+export encryption algorithms. Including 40 and 56 bits algorithms.
+.IP "\fB\s-1EXPORT40\s0\fR" 4
+.IX Item "EXPORT40"
+40 bit export encryption algorithms
+.IP "\fB\s-1EXPORT56\s0\fR" 4
+.IX Item "EXPORT56"
+56 bit export encryption algorithms. In OpenSSL 0.9.8c and later the set of
+56 bit export ciphers is empty unless OpenSSL has been explicitly configured
+with support for experimental ciphers.
+.IP "\fBeNULL\fR, \fB\s-1NULL\s0\fR" 4
+.IX Item "eNULL, NULL"
+the \*(L"\s-1NULL\s0\*(R" ciphers that is those offering no encryption. Because these offer no
+encryption at all and are a security risk they are disabled unless explicitly
+included.
+.IP "\fBaNULL\fR" 4
+.IX Item "aNULL"
+the cipher suites offering no authentication. This is currently the anonymous
+\&\s-1DH\s0 algorithms. These cipher suites are vulnerable to a \*(L"man in the middle\*(R"
+attack and so their use is normally discouraged.
+.IP "\fBkRSA\fR, \fB\s-1RSA\s0\fR" 4
+.IX Item "kRSA, RSA"
+cipher suites using \s-1RSA\s0 key exchange.
+.IP "\fBkEDH\fR" 4
+.IX Item "kEDH"
+cipher suites using ephemeral \s-1DH\s0 key agreement.
+.IP "\fBkDHr\fR, \fBkDHd\fR" 4
+.IX Item "kDHr, kDHd"
+cipher suites using \s-1DH\s0 key agreement and \s-1DH\s0 certificates signed by CAs with \s-1RSA\s0
+and \s-1DSS\s0 keys respectively. Not implemented.
+.IP "\fBaRSA\fR" 4
+.IX Item "aRSA"
+cipher suites using \s-1RSA\s0 authentication, i.e. the certificates carry \s-1RSA\s0 keys.
+.IP "\fBaDSS\fR, \fB\s-1DSS\s0\fR" 4
+.IX Item "aDSS, DSS"
+cipher suites using \s-1DSS\s0 authentication, i.e. the certificates carry \s-1DSS\s0 keys.
+.IP "\fBaDH\fR" 4
+.IX Item "aDH"
+cipher suites effectively using \s-1DH\s0 authentication, i.e. the certificates carry
+\&\s-1DH\s0 keys. Not implemented.
+.IP "\fBkFZA\fR, \fBaFZA\fR, \fBeFZA\fR, \fB\s-1FZA\s0\fR" 4
+.IX Item "kFZA, aFZA, eFZA, FZA"
+ciphers suites using \s-1FORTEZZA\s0 key exchange, authentication, encryption or all
+\&\s-1FORTEZZA\s0 algorithms. Not implemented.
+.IP "\fBTLSv1\fR, \fBSSLv3\fR, \fBSSLv2\fR" 4
+.IX Item "TLSv1, SSLv3, SSLv2"
+\&\s-1TLS\s0 v1.0, \s-1SSL\s0 v3.0 or \s-1SSL\s0 v2.0 cipher suites respectively.
+.IP "\fB\s-1DH\s0\fR" 4
+.IX Item "DH"
+cipher suites using \s-1DH\s0, including anonymous \s-1DH\s0.
+.IP "\fB\s-1ADH\s0\fR" 4
+.IX Item "ADH"
+anonymous \s-1DH\s0 cipher suites.
+.IP "\fB\s-1AES\s0\fR" 4
+.IX Item "AES"
+cipher suites using \s-1AES\s0.
+.IP "\fB\s-1CAMELLIA\s0\fR" 4
+.IX Item "CAMELLIA"
+cipher suites using Camellia.
+.IP "\fB3DES\fR" 4
+.IX Item "3DES"
+cipher suites using triple \s-1DES\s0.
+.IP "\fB\s-1DES\s0\fR" 4
+.IX Item "DES"
+cipher suites using \s-1DES\s0 (not triple \s-1DES\s0).
+.IP "\fB\s-1RC4\s0\fR" 4
+.IX Item "RC4"
+cipher suites using \s-1RC4\s0.
+.IP "\fB\s-1RC2\s0\fR" 4
+.IX Item "RC2"
+cipher suites using \s-1RC2\s0.
+.IP "\fB\s-1IDEA\s0\fR" 4
+.IX Item "IDEA"
+cipher suites using \s-1IDEA\s0.
+.IP "\fB\s-1SEED\s0\fR" 4
+.IX Item "SEED"
+cipher suites using \s-1SEED\s0.
+.IP "\fB\s-1MD5\s0\fR" 4
+.IX Item "MD5"
+cipher suites using \s-1MD5\s0.
+.IP "\fB\s-1SHA1\s0\fR, \fB\s-1SHA\s0\fR" 4
+.IX Item "SHA1, SHA"
+cipher suites using \s-1SHA1\s0.
+.SH "CIPHER SUITE NAMES"
+.IX Header "CIPHER SUITE NAMES"
+The following lists give the \s-1SSL\s0 or \s-1TLS\s0 cipher suites names from the
+relevant specification and their OpenSSL equivalents. It should be noted,
+that several cipher suite names do not include the authentication used,
+e.g. \s-1DES\-CBC3\-SHA\s0. In these cases, \s-1RSA\s0 authentication is used.
+.SS "\s-1SSL\s0 v3.0 cipher suites."
+.IX Subsection "SSL v3.0 cipher suites."
+.Vb 10
+\& SSL_RSA_WITH_NULL_MD5 NULL\-MD5
+\& SSL_RSA_WITH_NULL_SHA NULL\-SHA
+\& SSL_RSA_EXPORT_WITH_RC4_40_MD5 EXP\-RC4\-MD5
+\& SSL_RSA_WITH_RC4_128_MD5 RC4\-MD5
+\& SSL_RSA_WITH_RC4_128_SHA RC4\-SHA
+\& SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5 EXP\-RC2\-CBC\-MD5
+\& SSL_RSA_WITH_IDEA_CBC_SHA IDEA\-CBC\-SHA
+\& SSL_RSA_EXPORT_WITH_DES40_CBC_SHA EXP\-DES\-CBC\-SHA
+\& SSL_RSA_WITH_DES_CBC_SHA DES\-CBC\-SHA
+\& SSL_RSA_WITH_3DES_EDE_CBC_SHA DES\-CBC3\-SHA
+\&
+\& SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA Not implemented.
+\& SSL_DH_DSS_WITH_DES_CBC_SHA Not implemented.
+\& SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA Not implemented.
+\& SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA Not implemented.
+\& SSL_DH_RSA_WITH_DES_CBC_SHA Not implemented.
+\& SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA Not implemented.
+\& SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA EXP\-EDH\-DSS\-DES\-CBC\-SHA
+\& SSL_DHE_DSS_WITH_DES_CBC_SHA EDH\-DSS\-CBC\-SHA
+\& SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA EDH\-DSS\-DES\-CBC3\-SHA
+\& SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA EXP\-EDH\-RSA\-DES\-CBC\-SHA
+\& SSL_DHE_RSA_WITH_DES_CBC_SHA EDH\-RSA\-DES\-CBC\-SHA
+\& SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA EDH\-RSA\-DES\-CBC3\-SHA
+\&
+\& SSL_DH_anon_EXPORT_WITH_RC4_40_MD5 EXP\-ADH\-RC4\-MD5
+\& SSL_DH_anon_WITH_RC4_128_MD5 ADH\-RC4\-MD5
+\& SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA EXP\-ADH\-DES\-CBC\-SHA
+\& SSL_DH_anon_WITH_DES_CBC_SHA ADH\-DES\-CBC\-SHA
+\& SSL_DH_anon_WITH_3DES_EDE_CBC_SHA ADH\-DES\-CBC3\-SHA
+\&
+\& SSL_FORTEZZA_KEA_WITH_NULL_SHA Not implemented.
+\& SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA Not implemented.
+\& SSL_FORTEZZA_KEA_WITH_RC4_128_SHA Not implemented.
+.Ve
+.SS "\s-1TLS\s0 v1.0 cipher suites."
+.IX Subsection "TLS v1.0 cipher suites."
+.Vb 10
+\& TLS_RSA_WITH_NULL_MD5 NULL\-MD5
+\& TLS_RSA_WITH_NULL_SHA NULL\-SHA
+\& TLS_RSA_EXPORT_WITH_RC4_40_MD5 EXP\-RC4\-MD5
+\& TLS_RSA_WITH_RC4_128_MD5 RC4\-MD5
+\& TLS_RSA_WITH_RC4_128_SHA RC4\-SHA
+\& TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 EXP\-RC2\-CBC\-MD5
+\& TLS_RSA_WITH_IDEA_CBC_SHA IDEA\-CBC\-SHA
+\& TLS_RSA_EXPORT_WITH_DES40_CBC_SHA EXP\-DES\-CBC\-SHA
+\& TLS_RSA_WITH_DES_CBC_SHA DES\-CBC\-SHA
+\& TLS_RSA_WITH_3DES_EDE_CBC_SHA DES\-CBC3\-SHA
+\&
+\& TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA Not implemented.
+\& TLS_DH_DSS_WITH_DES_CBC_SHA Not implemented.
+\& TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA Not implemented.
+\& TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA Not implemented.
+\& TLS_DH_RSA_WITH_DES_CBC_SHA Not implemented.
+\& TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA Not implemented.
+\& TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA EXP\-EDH\-DSS\-DES\-CBC\-SHA
+\& TLS_DHE_DSS_WITH_DES_CBC_SHA EDH\-DSS\-CBC\-SHA
+\& TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA EDH\-DSS\-DES\-CBC3\-SHA
+\& TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA EXP\-EDH\-RSA\-DES\-CBC\-SHA
+\& TLS_DHE_RSA_WITH_DES_CBC_SHA EDH\-RSA\-DES\-CBC\-SHA
+\& TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA EDH\-RSA\-DES\-CBC3\-SHA
+\&
+\& TLS_DH_anon_EXPORT_WITH_RC4_40_MD5 EXP\-ADH\-RC4\-MD5
+\& TLS_DH_anon_WITH_RC4_128_MD5 ADH\-RC4\-MD5
+\& TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA EXP\-ADH\-DES\-CBC\-SHA
+\& TLS_DH_anon_WITH_DES_CBC_SHA ADH\-DES\-CBC\-SHA
+\& TLS_DH_anon_WITH_3DES_EDE_CBC_SHA ADH\-DES\-CBC3\-SHA
+.Ve
+.SS "\s-1AES\s0 ciphersuites from \s-1RFC3268\s0, extending \s-1TLS\s0 v1.0"
+.IX Subsection "AES ciphersuites from RFC3268, extending TLS v1.0"
+.Vb 2
+\& TLS_RSA_WITH_AES_128_CBC_SHA AES128\-SHA
+\& TLS_RSA_WITH_AES_256_CBC_SHA AES256\-SHA
+\&
+\& TLS_DH_DSS_WITH_AES_128_CBC_SHA Not implemented.
+\& TLS_DH_DSS_WITH_AES_256_CBC_SHA Not implemented.
+\& TLS_DH_RSA_WITH_AES_128_CBC_SHA Not implemented.
+\& TLS_DH_RSA_WITH_AES_256_CBC_SHA Not implemented.
+\&
+\& TLS_DHE_DSS_WITH_AES_128_CBC_SHA DHE\-DSS\-AES128\-SHA
+\& TLS_DHE_DSS_WITH_AES_256_CBC_SHA DHE\-DSS\-AES256\-SHA
+\& TLS_DHE_RSA_WITH_AES_128_CBC_SHA DHE\-RSA\-AES128\-SHA
+\& TLS_DHE_RSA_WITH_AES_256_CBC_SHA DHE\-RSA\-AES256\-SHA
+\&
+\& TLS_DH_anon_WITH_AES_128_CBC_SHA ADH\-AES128\-SHA
+\& TLS_DH_anon_WITH_AES_256_CBC_SHA ADH\-AES256\-SHA
+.Ve
+.SS "Camellia ciphersuites from \s-1RFC4132\s0, extending \s-1TLS\s0 v1.0"
+.IX Subsection "Camellia ciphersuites from RFC4132, extending TLS v1.0"
+.Vb 2
+\& TLS_RSA_WITH_CAMELLIA_128_CBC_SHA CAMELLIA128\-SHA
+\& TLS_RSA_WITH_CAMELLIA_256_CBC_SHA CAMELLIA256\-SHA
+\&
+\& TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA Not implemented.
+\& TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA Not implemented.
+\& TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA Not implemented.
+\& TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA Not implemented.
+\&
+\& TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA DHE\-DSS\-CAMELLIA128\-SHA
+\& TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA DHE\-DSS\-CAMELLIA256\-SHA
+\& TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA DHE\-RSA\-CAMELLIA128\-SHA
+\& TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA DHE\-RSA\-CAMELLIA256\-SHA
+\&
+\& TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA ADH\-CAMELLIA128\-SHA
+\& TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA ADH\-CAMELLIA256\-SHA
+.Ve
+.SS "\s-1SEED\s0 ciphersuites from \s-1RFC4162\s0, extending \s-1TLS\s0 v1.0"
+.IX Subsection "SEED ciphersuites from RFC4162, extending TLS v1.0"
+.Vb 1
+\& TLS_RSA_WITH_SEED_CBC_SHA SEED\-SHA
+\&
+\& TLS_DH_DSS_WITH_SEED_CBC_SHA Not implemented.
+\& TLS_DH_RSA_WITH_SEED_CBC_SHA Not implemented.
+\&
+\& TLS_DHE_DSS_WITH_SEED_CBC_SHA DHE\-DSS\-SEED\-SHA
+\& TLS_DHE_RSA_WITH_SEED_CBC_SHA DHE\-RSA\-SEED\-SHA
+\&
+\& TLS_DH_anon_WITH_SEED_CBC_SHA ADH\-SEED\-SHA
+.Ve
+.SS "Additional Export 1024 and other cipher suites"
+.IX Subsection "Additional Export 1024 and other cipher suites"
+Note: these ciphers can also be used in \s-1SSL\s0 v3.
+.PP
+.Vb 5
+\& TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA EXP1024\-DES\-CBC\-SHA
+\& TLS_RSA_EXPORT1024_WITH_RC4_56_SHA EXP1024\-RC4\-SHA
+\& TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA EXP1024\-DHE\-DSS\-DES\-CBC\-SHA
+\& TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA EXP1024\-DHE\-DSS\-RC4\-SHA
+\& TLS_DHE_DSS_WITH_RC4_128_SHA DHE\-DSS\-RC4\-SHA
+.Ve
+.SS "\s-1SSL\s0 v2.0 cipher suites."
+.IX Subsection "SSL v2.0 cipher suites."
+.Vb 7
+\& SSL_CK_RC4_128_WITH_MD5 RC4\-MD5
+\& SSL_CK_RC4_128_EXPORT40_WITH_MD5 EXP\-RC4\-MD5
+\& SSL_CK_RC2_128_CBC_WITH_MD5 RC2\-MD5
+\& SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5 EXP\-RC2\-MD5
+\& SSL_CK_IDEA_128_CBC_WITH_MD5 IDEA\-CBC\-MD5
+\& SSL_CK_DES_64_CBC_WITH_MD5 DES\-CBC\-MD5
+\& SSL_CK_DES_192_EDE3_CBC_WITH_MD5 DES\-CBC3\-MD5
+.Ve
+.SH "NOTES"
+.IX Header "NOTES"
+The non-ephemeral \s-1DH\s0 modes are currently unimplemented in OpenSSL
+because there is no support for \s-1DH\s0 certificates.
+.PP
+Some compiled versions of OpenSSL may not include all the ciphers
+listed here because some ciphers were excluded at compile time.
+.SH "EXAMPLES"
+.IX Header "EXAMPLES"
+Verbose listing of all OpenSSL ciphers including \s-1NULL\s0 ciphers:
+.PP
+.Vb 1
+\& openssl ciphers \-v \*(AqALL:eNULL\*(Aq
+.Ve
+.PP
+Include all ciphers except \s-1NULL\s0 and anonymous \s-1DH\s0 then sort by
+strength:
+.PP
+.Vb 1
+\& openssl ciphers \-v \*(AqALL:!ADH:@STRENGTH\*(Aq
+.Ve
+.PP
+Include only 3DES ciphers and then place \s-1RSA\s0 ciphers last:
+.PP
+.Vb 1
+\& openssl ciphers \-v \*(Aq3DES:+RSA\*(Aq
+.Ve
+.PP
+Include all \s-1RC4\s0 ciphers but leave out those without authentication:
+.PP
+.Vb 1
+\& openssl ciphers \-v \*(AqRC4:!COMPLEMENTOFDEFAULT\*(Aq
+.Ve
+.PP
+Include all chiphers with \s-1RSA\s0 authentication but leave out ciphers without
+encryption.
+.PP
+.Vb 1
+\& openssl ciphers \-v \*(AqRSA:!COMPLEMENTOFALL\*(Aq
+.Ve
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIs_client\fR\|(1), \fIs_server\fR\|(1), \fIssl\fR\|(3)
+.SH "HISTORY"
+.IX Header "HISTORY"
+The \fB\s-1COMPLENTOFALL\s0\fR and \fB\s-1COMPLEMENTOFDEFAULT\s0\fR selection options were
+added in version 0.9.7.
diff --git a/secure/usr.bin/openssl/man/config.1 b/secure/usr.bin/openssl/man/config.1
new file mode 100644
index 0000000..b6d8584
--- /dev/null
+++ b/secure/usr.bin/openssl/man/config.1
@@ -0,0 +1,282 @@
+.\" Automatically generated by Pod::Man version 1.15
+.\" Sun Jan 12 18:05:02 2003
+.\"
+.\" Standard preamble:
+.\" ======================================================================
+.de Sh \" Subsection heading
+.br
+.if t .Sp
+.ne 5
+.PP
+\fB\\$1\fR
+.PP
+..
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Ip \" List item
+.br
+.ie \\n(.$>=3 .ne \\$3
+.el .ne 3
+.IP "\\$1" \\$2
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. | will give a
+.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used
+.\" to do unbreakable dashes and therefore won't be available. \*(C` and
+.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<>
+.tr \(*W-|\(bv\*(Tr
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr
+.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and
+.\" index entries marked with X<> in POD. Of course, you'll have to process
+.\" the output yourself in some meaningful fashion.
+.if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.\"
+.\" For nroff, turn off justification. Always turn off hyphenation; it
+.\" makes way too many mistakes in technical documents.
+.hy 0
+.if n .na
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+.bd B 3
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ======================================================================
+.\"
+.IX Title "config 3"
+.TH config 3 "0.9.7" "2003-01-12" "OpenSSL"
+.UC
+.SH "NAME"
+config \- OpenSSL \s-1CONF\s0 library configuration files
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+The OpenSSL \s-1CONF\s0 library can be used to read configuration files.
+It is used for the OpenSSL master configuration file \fBopenssl.cnf\fR
+and in a few other places like \fB\s-1SPKAC\s0\fR files and certificate extension
+files for the \fBx509\fR utility.
+.PP
+A configuration file is divided into a number of sections. Each section
+starts with a line \fB[ section_name ]\fR and ends when a new section is
+started or end of file is reached. A section name can consist of
+alphanumeric characters and underscores.
+.PP
+The first section of a configuration file is special and is referred
+to as the \fBdefault\fR section this is usually unnamed and is from the
+start of file until the first named section. When a name is being looked up
+it is first looked up in a named section (if any) and then the
+default section.
+.PP
+The environment is mapped onto a section called \fB\s-1ENV\s0\fR.
+.PP
+Comments can be included by preceding them with the \fB#\fR character
+.PP
+Each section in a configuration file consists of a number of name and
+value pairs of the form \fBname=value\fR
+.PP
+The \fBname\fR string can contain any alphanumeric characters as well as
+a few punctuation symbols such as \fB.\fR \fB,\fR \fB;\fR and \fB_\fR.
+.PP
+The \fBvalue\fR string consists of the string following the \fB=\fR character
+until end of line with any leading and trailing white space removed.
+.PP
+The value string undergoes variable expansion. This can be done by
+including the form \fB$var\fR or \fB${var}\fR: this will substitute the value
+of the named variable in the current section. It is also possible to
+substitute a value from another section using the syntax \fB$section::name\fR
+or \fB${section::name}\fR. By using the form \fB$ENV::name\fR environment
+variables can be substituted. It is also possible to assign values to
+environment variables by using the name \fB\s-1ENV:\s0:name\fR, this will work
+if the program looks up environment variables using the \fB\s-1CONF\s0\fR library
+instead of calling \fB\f(BIgetenv()\fB\fR directly.
+.PP
+It is possible to escape certain characters by using any kind of quote
+or the \fB\e\fR character. By making the last character of a line a \fB\e\fR
+a \fBvalue\fR string can be spread across multiple lines. In addition
+the sequences \fB\en\fR, \fB\er\fR, \fB\eb\fR and \fB\et\fR are recognized.
+.SH "NOTES"
+.IX Header "NOTES"
+If a configuration file attempts to expand a variable that doesn't exist
+then an error is flagged and the file will not load. This can happen
+if an attempt is made to expand an environment variable that doesn't
+exist. For example the default OpenSSL master configuration file used
+the value of \fB\s-1HOME\s0\fR which may not be defined on non Unix systems.
+.PP
+This can be worked around by including a \fBdefault\fR section to provide
+a default value: then if the environment lookup fails the default value
+will be used instead. For this to work properly the default value must
+be defined earlier in the configuration file than the expansion. See
+the \fB\s-1EXAMPLES\s0\fR section for an example of how to do this.
+.PP
+If the same variable exists in the same section then all but the last
+value will be silently ignored. In certain circumstances such as with
+DNs the same field may occur multiple times. This is usually worked
+around by ignoring any characters before an initial \fB.\fR e.g.
+.PP
+.Vb 2
+\& 1.OU="My first OU"
+\& 2.OU="My Second OU"
+.Ve
+.SH "EXAMPLES"
+.IX Header "EXAMPLES"
+Here is a sample configuration file using some of the features
+mentioned above.
+.PP
+.Vb 1
+\& # This is the default section.
+.Ve
+.Vb 3
+\& HOME=/temp
+\& RANDFILE= ${ENV::HOME}/.rnd
+\& configdir=$ENV::HOME/config
+.Ve
+.Vb 1
+\& [ section_one ]
+.Ve
+.Vb 1
+\& # We are now in section one.
+.Ve
+.Vb 2
+\& # Quotes permit leading and trailing whitespace
+\& any = " any variable name "
+.Ve
+.Vb 3
+\& other = A string that can \e
+\& cover several lines \e
+\& by including \e\e characters
+.Ve
+.Vb 1
+\& message = Hello World\en
+.Ve
+.Vb 1
+\& [ section_two ]
+.Ve
+.Vb 1
+\& greeting = $section_one::message
+.Ve
+This next example shows how to expand environment variables safely.
+.PP
+Suppose you want a variable called \fBtmpfile\fR to refer to a
+temporary filename. The directory it is placed in can determined by
+the the \fB\s-1TEMP\s0\fR or \fB\s-1TMP\s0\fR environment variables but they may not be
+set to any value at all. If you just include the environment variable
+names and the variable doesn't exist then this will cause an error when
+an attempt is made to load the configuration file. By making use of the
+default section both values can be looked up with \fB\s-1TEMP\s0\fR taking
+priority and \fB/tmp\fR used if neither is defined:
+.PP
+.Vb 5
+\& TMP=/tmp
+\& # The above value is used if TMP isn't in the environment
+\& TEMP=$ENV::TMP
+\& # The above value is used if TEMP isn't in the environment
+\& tmpfile=${ENV::TEMP}/tmp.filename
+.Ve
+.SH "BUGS"
+.IX Header "BUGS"
+Currently there is no way to include characters using the octal \fB\ennn\fR
+form. Strings are all null terminated so nulls cannot form part of
+the value.
+.PP
+The escaping isn't quite right: if you want to use sequences like \fB\en\fR
+you can't use any quote escaping on the same line.
+.PP
+Files are loaded in a single pass. This means that an variable expansion
+will only work if the variables referenced are defined earlier in the
+file.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+x509(1), req(1), ca(1)
diff --git a/secure/usr.bin/openssl/man/crl.1 b/secure/usr.bin/openssl/man/crl.1
new file mode 100644
index 0000000..5ed5e4b
--- /dev/null
+++ b/secure/usr.bin/openssl/man/crl.1
@@ -0,0 +1,227 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "CRL 1"
+.TH CRL 1 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+crl \- CRL utility
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+\&\fBopenssl\fR \fBcrl\fR
+[\fB\-inform PEM|DER\fR]
+[\fB\-outform PEM|DER\fR]
+[\fB\-text\fR]
+[\fB\-in filename\fR]
+[\fB\-out filename\fR]
+[\fB\-noout\fR]
+[\fB\-hash\fR]
+[\fB\-issuer\fR]
+[\fB\-lastupdate\fR]
+[\fB\-nextupdate\fR]
+[\fB\-CAfile file\fR]
+[\fB\-CApath dir\fR]
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+The \fBcrl\fR command processes \s-1CRL\s0 files in \s-1DER\s0 or \s-1PEM\s0 format.
+.SH "COMMAND OPTIONS"
+.IX Header "COMMAND OPTIONS"
+.IP "\fB\-inform DER|PEM\fR" 4
+.IX Item "-inform DER|PEM"
+This specifies the input format. \fB\s-1DER\s0\fR format is \s-1DER\s0 encoded \s-1CRL\s0
+structure. \fB\s-1PEM\s0\fR (the default) is a base64 encoded version of
+the \s-1DER\s0 form with header and footer lines.
+.IP "\fB\-outform DER|PEM\fR" 4
+.IX Item "-outform DER|PEM"
+This specifies the output format, the options have the same meaning as the
+\&\fB\-inform\fR option.
+.IP "\fB\-in filename\fR" 4
+.IX Item "-in filename"
+This specifies the input filename to read from or standard input if this
+option is not specified.
+.IP "\fB\-out filename\fR" 4
+.IX Item "-out filename"
+specifies the output filename to write to or standard output by
+default.
+.IP "\fB\-text\fR" 4
+.IX Item "-text"
+print out the \s-1CRL\s0 in text form.
+.IP "\fB\-noout\fR" 4
+.IX Item "-noout"
+don't output the encoded version of the \s-1CRL\s0.
+.IP "\fB\-hash\fR" 4
+.IX Item "-hash"
+output a hash of the issuer name. This can be use to lookup CRLs in
+a directory by issuer name.
+.IP "\fB\-issuer\fR" 4
+.IX Item "-issuer"
+output the issuer name.
+.IP "\fB\-lastupdate\fR" 4
+.IX Item "-lastupdate"
+output the lastUpdate field.
+.IP "\fB\-nextupdate\fR" 4
+.IX Item "-nextupdate"
+output the nextUpdate field.
+.IP "\fB\-CAfile file\fR" 4
+.IX Item "-CAfile file"
+verify the signature on a \s-1CRL\s0 by looking up the issuing certificate in
+\&\fBfile\fR
+.IP "\fB\-CApath dir\fR" 4
+.IX Item "-CApath dir"
+verify the signature on a \s-1CRL\s0 by looking up the issuing certificate in
+\&\fBdir\fR. This directory must be a standard certificate directory: that
+is a hash of each subject name (using \fBx509 \-hash\fR) should be linked
+to each certificate.
+.SH "NOTES"
+.IX Header "NOTES"
+The \s-1PEM\s0 \s-1CRL\s0 format uses the header and footer lines:
+.PP
+.Vb 2
+\& \-\-\-\-\-BEGIN X509 CRL\-\-\-\-\-
+\& \-\-\-\-\-END X509 CRL\-\-\-\-\-
+.Ve
+.SH "EXAMPLES"
+.IX Header "EXAMPLES"
+Convert a \s-1CRL\s0 file from \s-1PEM\s0 to \s-1DER:\s0
+.PP
+.Vb 1
+\& openssl crl \-in crl.pem \-outform DER \-out crl.der
+.Ve
+.PP
+Output the text form of a \s-1DER\s0 encoded certificate:
+.PP
+.Vb 1
+\& openssl crl \-in crl.der \-text \-noout
+.Ve
+.SH "BUGS"
+.IX Header "BUGS"
+Ideally it should be possible to create a \s-1CRL\s0 using appropriate options
+and files too.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIcrl2pkcs7\fR\|(1), \fIca\fR\|(1), \fIx509\fR\|(1)
diff --git a/secure/usr.bin/openssl/man/crl2pkcs7.1 b/secure/usr.bin/openssl/man/crl2pkcs7.1
new file mode 100644
index 0000000..55083e1
--- /dev/null
+++ b/secure/usr.bin/openssl/man/crl2pkcs7.1
@@ -0,0 +1,206 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "CRL2PKCS7 1"
+.TH CRL2PKCS7 1 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+crl2pkcs7 \- Create a PKCS#7 structure from a CRL and certificates.
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+\&\fBopenssl\fR \fBcrl2pkcs7\fR
+[\fB\-inform PEM|DER\fR]
+[\fB\-outform PEM|DER\fR]
+[\fB\-in filename\fR]
+[\fB\-out filename\fR]
+[\fB\-certfile filename\fR]
+[\fB\-nocrl\fR]
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+The \fBcrl2pkcs7\fR command takes an optional \s-1CRL\s0 and one or more
+certificates and converts them into a PKCS#7 degenerate \*(L"certificates
+only\*(R" structure.
+.SH "COMMAND OPTIONS"
+.IX Header "COMMAND OPTIONS"
+.IP "\fB\-inform DER|PEM\fR" 4
+.IX Item "-inform DER|PEM"
+This specifies the \s-1CRL\s0 input format. \fB\s-1DER\s0\fR format is \s-1DER\s0 encoded \s-1CRL\s0
+structure.\fB\s-1PEM\s0\fR (the default) is a base64 encoded version of
+the \s-1DER\s0 form with header and footer lines.
+.IP "\fB\-outform DER|PEM\fR" 4
+.IX Item "-outform DER|PEM"
+This specifies the PKCS#7 structure output format. \fB\s-1DER\s0\fR format is \s-1DER\s0
+encoded PKCS#7 structure.\fB\s-1PEM\s0\fR (the default) is a base64 encoded version of
+the \s-1DER\s0 form with header and footer lines.
+.IP "\fB\-in filename\fR" 4
+.IX Item "-in filename"
+This specifies the input filename to read a \s-1CRL\s0 from or standard input if this
+option is not specified.
+.IP "\fB\-out filename\fR" 4
+.IX Item "-out filename"
+specifies the output filename to write the PKCS#7 structure to or standard
+output by default.
+.IP "\fB\-certfile filename\fR" 4
+.IX Item "-certfile filename"
+specifies a filename containing one or more certificates in \fB\s-1PEM\s0\fR format.
+All certificates in the file will be added to the PKCS#7 structure. This
+option can be used more than once to read certificates form multiple
+files.
+.IP "\fB\-nocrl\fR" 4
+.IX Item "-nocrl"
+normally a \s-1CRL\s0 is included in the output file. With this option no \s-1CRL\s0 is
+included in the output file and a \s-1CRL\s0 is not read from the input file.
+.SH "EXAMPLES"
+.IX Header "EXAMPLES"
+Create a PKCS#7 structure from a certificate and \s-1CRL:\s0
+.PP
+.Vb 1
+\& openssl crl2pkcs7 \-in crl.pem \-certfile cert.pem \-out p7.pem
+.Ve
+.PP
+Creates a PKCS#7 structure in \s-1DER\s0 format with no \s-1CRL\s0 from several
+different certificates:
+.PP
+.Vb 2
+\& openssl crl2pkcs7 \-nocrl \-certfile newcert.pem
+\& \-certfile demoCA/cacert.pem \-outform DER \-out p7.der
+.Ve
+.SH "NOTES"
+.IX Header "NOTES"
+The output file is a PKCS#7 signed data structure containing no signers and
+just certificates and an optional \s-1CRL\s0.
+.PP
+This utility can be used to send certificates and CAs to Netscape as part of
+the certificate enrollment process. This involves sending the \s-1DER\s0 encoded output
+as \s-1MIME\s0 type application/x\-x509\-user\-cert.
+.PP
+The \fB\s-1PEM\s0\fR encoded form with the header and footer lines removed can be used to
+install user certificates and CAs in \s-1MSIE\s0 using the Xenroll control.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIpkcs7\fR\|(1)
diff --git a/secure/usr.bin/openssl/man/dgst.1 b/secure/usr.bin/openssl/man/dgst.1
new file mode 100644
index 0000000..9d33fdf
--- /dev/null
+++ b/secure/usr.bin/openssl/man/dgst.1
@@ -0,0 +1,221 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "DGST 1"
+.TH DGST 1 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+dgst, md5, md4, md2, sha1, sha, mdc2, ripemd160 \- message digests
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+\&\fBopenssl\fR \fBdgst\fR
+[\fB\-md5|\-md4|\-md2|\-sha1|\-sha|\-mdc2|\-ripemd160|\-dss1\fR]
+[\fB\-c\fR]
+[\fB\-d\fR]
+[\fB\-hex\fR]
+[\fB\-binary\fR]
+[\fB\-out filename\fR]
+[\fB\-sign filename\fR]
+[\fB\-passin arg\fR]
+[\fB\-verify filename\fR]
+[\fB\-prverify filename\fR]
+[\fB\-signature filename\fR]
+[\fB\-hmac key\fR]
+[\fBfile...\fR]
+.PP
+[\fBmd5|md4|md2|sha1|sha|mdc2|ripemd160\fR]
+[\fB\-c\fR]
+[\fB\-d\fR]
+[\fBfile...\fR]
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+The digest functions output the message digest of a supplied file or files
+in hexadecimal form. They can also be used for digital signing and verification.
+.SH "OPTIONS"
+.IX Header "OPTIONS"
+.IP "\fB\-c\fR" 4
+.IX Item "-c"
+print out the digest in two digit groups separated by colons, only relevant if
+\&\fBhex\fR format output is used.
+.IP "\fB\-d\fR" 4
+.IX Item "-d"
+print out \s-1BIO\s0 debugging information.
+.IP "\fB\-hex\fR" 4
+.IX Item "-hex"
+digest is to be output as a hex dump. This is the default case for a \*(L"normal\*(R"
+digest as opposed to a digital signature.
+.IP "\fB\-binary\fR" 4
+.IX Item "-binary"
+output the digest or signature in binary form.
+.IP "\fB\-out filename\fR" 4
+.IX Item "-out filename"
+filename to output to, or standard output by default.
+.IP "\fB\-sign filename\fR" 4
+.IX Item "-sign filename"
+digitally sign the digest using the private key in \*(L"filename\*(R".
+.IP "\fB\-passin arg\fR" 4
+.IX Item "-passin arg"
+the private key password source. For more information about the format of \fBarg\fR
+see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
+.IP "\fB\-verify filename\fR" 4
+.IX Item "-verify filename"
+verify the signature using the the public key in \*(L"filename\*(R".
+The output is either \*(L"Verification \s-1OK\s0\*(R" or \*(L"Verification Failure\*(R".
+.IP "\fB\-prverify filename\fR" 4
+.IX Item "-prverify filename"
+verify the signature using the the private key in \*(L"filename\*(R".
+.IP "\fB\-signature filename\fR" 4
+.IX Item "-signature filename"
+the actual signature to verify.
+.IP "\fB\-hmac key\fR" 4
+.IX Item "-hmac key"
+create a hashed \s-1MAC\s0 using \*(L"key\*(R".
+.IP "\fB\-rand file(s)\fR" 4
+.IX Item "-rand file(s)"
+a file or files containing random data used to seed the random number
+generator, or an \s-1EGD\s0 socket (see \fIRAND_egd\fR\|(3)).
+Multiple files can be specified separated by a OS-dependent character.
+The separator is \fB;\fR for MS-Windows, \fB,\fR for OpenVMS, and \fB:\fR for
+all others.
+.IP "\fBfile...\fR" 4
+.IX Item "file..."
+file or files to digest. If no files are specified then standard input is
+used.
+.SH "NOTES"
+.IX Header "NOTES"
+The digest of choice for all new applications is \s-1SHA1\s0. Other digests are
+however still widely used.
+.PP
+If you wish to sign or verify data using the \s-1DSA\s0 algorithm then the dss1
+digest must be used.
+.PP
+A source of random numbers is required for certain signing algorithms, in
+particular \s-1DSA\s0.
+.PP
+The signing and verify options should only be used if a single file is
+being signed or verified.
diff --git a/secure/usr.bin/openssl/man/dhparam.1 b/secure/usr.bin/openssl/man/dhparam.1
new file mode 100644
index 0000000..0a61289
--- /dev/null
+++ b/secure/usr.bin/openssl/man/dhparam.1
@@ -0,0 +1,246 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "DHPARAM 1"
+.TH DHPARAM 1 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+dhparam \- DH parameter manipulation and generation
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+\&\fBopenssl dhparam\fR
+[\fB\-inform DER|PEM\fR]
+[\fB\-outform DER|PEM\fR]
+[\fB\-in\fR \fIfilename\fR]
+[\fB\-out\fR \fIfilename\fR]
+[\fB\-dsaparam\fR]
+[\fB\-noout\fR]
+[\fB\-text\fR]
+[\fB\-C\fR]
+[\fB\-2\fR]
+[\fB\-5\fR]
+[\fB\-rand\fR \fIfile(s)\fR]
+[\fB\-engine id\fR]
+[\fInumbits\fR]
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+This command is used to manipulate \s-1DH\s0 parameter files.
+.SH "OPTIONS"
+.IX Header "OPTIONS"
+.IP "\fB\-inform DER|PEM\fR" 4
+.IX Item "-inform DER|PEM"
+This specifies the input format. The \fB\s-1DER\s0\fR option uses an \s-1ASN1\s0 \s-1DER\s0 encoded
+form compatible with the PKCS#3 DHparameter structure. The \s-1PEM\s0 form is the
+default format: it consists of the \fB\s-1DER\s0\fR format base64 encoded with
+additional header and footer lines.
+.IP "\fB\-outform DER|PEM\fR" 4
+.IX Item "-outform DER|PEM"
+This specifies the output format, the options have the same meaning as the
+\&\fB\-inform\fR option.
+.IP "\fB\-in\fR \fIfilename\fR" 4
+.IX Item "-in filename"
+This specifies the input filename to read parameters from or standard input if
+this option is not specified.
+.IP "\fB\-out\fR \fIfilename\fR" 4
+.IX Item "-out filename"
+This specifies the output filename parameters to. Standard output is used
+if this option is not present. The output filename should \fBnot\fR be the same
+as the input filename.
+.IP "\fB\-dsaparam\fR" 4
+.IX Item "-dsaparam"
+If this option is used, \s-1DSA\s0 rather than \s-1DH\s0 parameters are read or created;
+they are converted to \s-1DH\s0 format. Otherwise, \*(L"strong\*(R" primes (such
+that (p\-1)/2 is also prime) will be used for \s-1DH\s0 parameter generation.
+.Sp
+\&\s-1DH\s0 parameter generation with the \fB\-dsaparam\fR option is much faster,
+and the recommended exponent length is shorter, which makes \s-1DH\s0 key
+exchange more efficient. Beware that with such DSA-style \s-1DH\s0
+parameters, a fresh \s-1DH\s0 key should be created for each use to
+avoid small-subgroup attacks that may be possible otherwise.
+.IP "\fB\-2\fR, \fB\-5\fR" 4
+.IX Item "-2, -5"
+The generator to use, either 2 or 5. 2 is the default. If present then the
+input file is ignored and parameters are generated instead.
+.IP "\fB\-rand\fR \fIfile(s)\fR" 4
+.IX Item "-rand file(s)"
+a file or files containing random data used to seed the random number
+generator, or an \s-1EGD\s0 socket (see \fIRAND_egd\fR\|(3)).
+Multiple files can be specified separated by a OS-dependent character.
+The separator is \fB;\fR for MS-Windows, \fB,\fR for OpenVMS, and \fB:\fR for
+all others.
+.IP "\fInumbits\fR" 4
+.IX Item "numbits"
+this option specifies that a parameter set should be generated of size
+\&\fInumbits\fR. It must be the last option. If not present then a value of 512
+is used. If this option is present then the input file is ignored and
+parameters are generated instead.
+.IP "\fB\-noout\fR" 4
+.IX Item "-noout"
+this option inhibits the output of the encoded version of the parameters.
+.IP "\fB\-text\fR" 4
+.IX Item "-text"
+this option prints out the \s-1DH\s0 parameters in human readable form.
+.IP "\fB\-C\fR" 4
+.IX Item "-C"
+this option converts the parameters into C code. The parameters can then
+be loaded by calling the \fBget_dh\fR\fInumbits\fR\fB()\fR function.
+.IP "\fB\-engine id\fR" 4
+.IX Item "-engine id"
+specifying an engine (by it's unique \fBid\fR string) will cause \fBreq\fR
+to attempt to obtain a functional reference to the specified engine,
+thus initialising it if needed. The engine will then be set as the default
+for all available algorithms.
+.SH "WARNINGS"
+.IX Header "WARNINGS"
+The program \fBdhparam\fR combines the functionality of the programs \fBdh\fR and
+\&\fBgendh\fR in previous versions of OpenSSL and SSLeay. The \fBdh\fR and \fBgendh\fR
+programs are retained for now but may have different purposes in future
+versions of OpenSSL.
+.SH "NOTES"
+.IX Header "NOTES"
+\&\s-1PEM\s0 format \s-1DH\s0 parameters use the header and footer lines:
+.PP
+.Vb 2
+\& \-\-\-\-\-BEGIN DH PARAMETERS\-\-\-\-\-
+\& \-\-\-\-\-END DH PARAMETERS\-\-\-\-\-
+.Ve
+.PP
+OpenSSL currently only supports the older PKCS#3 \s-1DH\s0, not the newer X9.42
+\&\s-1DH\s0.
+.PP
+This program manipulates \s-1DH\s0 parameters not keys.
+.SH "BUGS"
+.IX Header "BUGS"
+There should be a way to generate and manipulate \s-1DH\s0 keys.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIdsaparam\fR\|(1)
+.SH "HISTORY"
+.IX Header "HISTORY"
+The \fBdhparam\fR command was added in OpenSSL 0.9.5.
+The \fB\-dsaparam\fR option was added in OpenSSL 0.9.6.
diff --git a/secure/usr.bin/openssl/man/dsa.1 b/secure/usr.bin/openssl/man/dsa.1
new file mode 100644
index 0000000..e93e28a
--- /dev/null
+++ b/secure/usr.bin/openssl/man/dsa.1
@@ -0,0 +1,276 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "DSA 1"
+.TH DSA 1 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+dsa \- DSA key processing
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+\&\fBopenssl\fR \fBdsa\fR
+[\fB\-inform PEM|DER\fR]
+[\fB\-outform PEM|DER\fR]
+[\fB\-in filename\fR]
+[\fB\-passin arg\fR]
+[\fB\-out filename\fR]
+[\fB\-passout arg\fR]
+[\fB\-des\fR]
+[\fB\-des3\fR]
+[\fB\-idea\fR]
+[\fB\-text\fR]
+[\fB\-noout\fR]
+[\fB\-modulus\fR]
+[\fB\-pubin\fR]
+[\fB\-pubout\fR]
+[\fB\-engine id\fR]
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+The \fBdsa\fR command processes \s-1DSA\s0 keys. They can be converted between various
+forms and their components printed out. \fBNote\fR This command uses the
+traditional SSLeay compatible format for private key encryption: newer
+applications should use the more secure PKCS#8 format using the \fBpkcs8\fR
+.SH "COMMAND OPTIONS"
+.IX Header "COMMAND OPTIONS"
+.IP "\fB\-inform DER|PEM\fR" 4
+.IX Item "-inform DER|PEM"
+This specifies the input format. The \fB\s-1DER\s0\fR option with a private key uses
+an \s-1ASN1\s0 \s-1DER\s0 encoded form of an \s-1ASN\s0.1 \s-1SEQUENCE\s0 consisting of the values of
+version (currently zero), p, q, g, the public and private key components
+respectively as \s-1ASN\s0.1 INTEGERs. When used with a public key it uses a
+SubjectPublicKeyInfo structure: it is an error if the key is not \s-1DSA\s0.
+.Sp
+The \fB\s-1PEM\s0\fR form is the default format: it consists of the \fB\s-1DER\s0\fR format base64
+encoded with additional header and footer lines. In the case of a private key
+PKCS#8 format is also accepted.
+.IP "\fB\-outform DER|PEM\fR" 4
+.IX Item "-outform DER|PEM"
+This specifies the output format, the options have the same meaning as the
+\&\fB\-inform\fR option.
+.IP "\fB\-in filename\fR" 4
+.IX Item "-in filename"
+This specifies the input filename to read a key from or standard input if this
+option is not specified. If the key is encrypted a pass phrase will be
+prompted for.
+.IP "\fB\-passin arg\fR" 4
+.IX Item "-passin arg"
+the input file password source. For more information about the format of \fBarg\fR
+see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
+.IP "\fB\-out filename\fR" 4
+.IX Item "-out filename"
+This specifies the output filename to write a key to or standard output by
+is not specified. If any encryption options are set then a pass phrase will be
+prompted for. The output filename should \fBnot\fR be the same as the input
+filename.
+.IP "\fB\-passout arg\fR" 4
+.IX Item "-passout arg"
+the output file password source. For more information about the format of \fBarg\fR
+see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
+.IP "\fB\-des|\-des3|\-idea\fR" 4
+.IX Item "-des|-des3|-idea"
+These options encrypt the private key with the \s-1DES\s0, triple \s-1DES\s0, or the
+\&\s-1IDEA\s0 ciphers respectively before outputting it. A pass phrase is prompted for.
+If none of these options is specified the key is written in plain text. This
+means that using the \fBdsa\fR utility to read in an encrypted key with no
+encryption option can be used to remove the pass phrase from a key, or by
+setting the encryption options it can be use to add or change the pass phrase.
+These options can only be used with \s-1PEM\s0 format output files.
+.IP "\fB\-text\fR" 4
+.IX Item "-text"
+prints out the public, private key components and parameters.
+.IP "\fB\-noout\fR" 4
+.IX Item "-noout"
+this option prevents output of the encoded version of the key.
+.IP "\fB\-modulus\fR" 4
+.IX Item "-modulus"
+this option prints out the value of the public key component of the key.
+.IP "\fB\-pubin\fR" 4
+.IX Item "-pubin"
+by default a private key is read from the input file: with this option a
+public key is read instead.
+.IP "\fB\-pubout\fR" 4
+.IX Item "-pubout"
+by default a private key is output. With this option a public
+key will be output instead. This option is automatically set if the input is
+a public key.
+.IP "\fB\-engine id\fR" 4
+.IX Item "-engine id"
+specifying an engine (by it's unique \fBid\fR string) will cause \fBreq\fR
+to attempt to obtain a functional reference to the specified engine,
+thus initialising it if needed. The engine will then be set as the default
+for all available algorithms.
+.SH "NOTES"
+.IX Header "NOTES"
+The \s-1PEM\s0 private key format uses the header and footer lines:
+.PP
+.Vb 2
+\& \-\-\-\-\-BEGIN DSA PRIVATE KEY\-\-\-\-\-
+\& \-\-\-\-\-END DSA PRIVATE KEY\-\-\-\-\-
+.Ve
+.PP
+The \s-1PEM\s0 public key format uses the header and footer lines:
+.PP
+.Vb 2
+\& \-\-\-\-\-BEGIN PUBLIC KEY\-\-\-\-\-
+\& \-\-\-\-\-END PUBLIC KEY\-\-\-\-\-
+.Ve
+.SH "EXAMPLES"
+.IX Header "EXAMPLES"
+To remove the pass phrase on a \s-1DSA\s0 private key:
+.PP
+.Vb 1
+\& openssl dsa \-in key.pem \-out keyout.pem
+.Ve
+.PP
+To encrypt a private key using triple \s-1DES:\s0
+.PP
+.Vb 1
+\& openssl dsa \-in key.pem \-des3 \-out keyout.pem
+.Ve
+.PP
+To convert a private key from \s-1PEM\s0 to \s-1DER\s0 format:
+.PP
+.Vb 1
+\& openssl dsa \-in key.pem \-outform DER \-out keyout.der
+.Ve
+.PP
+To print out the components of a private key to standard output:
+.PP
+.Vb 1
+\& openssl dsa \-in key.pem \-text \-noout
+.Ve
+.PP
+To just output the public part of a private key:
+.PP
+.Vb 1
+\& openssl dsa \-in key.pem \-pubout \-out pubkey.pem
+.Ve
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIdsaparam\fR\|(1), \fIgendsa\fR\|(1), \fIrsa\fR\|(1),
+\&\fIgenrsa\fR\|(1)
diff --git a/secure/usr.bin/openssl/man/dsaparam.1 b/secure/usr.bin/openssl/man/dsaparam.1
new file mode 100644
index 0000000..b37bf6d
--- /dev/null
+++ b/secure/usr.bin/openssl/man/dsaparam.1
@@ -0,0 +1,219 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "DSAPARAM 1"
+.TH DSAPARAM 1 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+dsaparam \- DSA parameter manipulation and generation
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+\&\fBopenssl dsaparam\fR
+[\fB\-inform DER|PEM\fR]
+[\fB\-outform DER|PEM\fR]
+[\fB\-in filename\fR]
+[\fB\-out filename\fR]
+[\fB\-noout\fR]
+[\fB\-text\fR]
+[\fB\-C\fR]
+[\fB\-rand file(s)\fR]
+[\fB\-genkey\fR]
+[\fB\-engine id\fR]
+[\fBnumbits\fR]
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+This command is used to manipulate or generate \s-1DSA\s0 parameter files.
+.SH "OPTIONS"
+.IX Header "OPTIONS"
+.IP "\fB\-inform DER|PEM\fR" 4
+.IX Item "-inform DER|PEM"
+This specifies the input format. The \fB\s-1DER\s0\fR option uses an \s-1ASN1\s0 \s-1DER\s0 encoded
+form compatible with \s-1RFC2459\s0 (\s-1PKIX\s0) DSS-Parms that is a \s-1SEQUENCE\s0 consisting
+of p, q and g respectively. The \s-1PEM\s0 form is the default format: it consists
+of the \fB\s-1DER\s0\fR format base64 encoded with additional header and footer lines.
+.IP "\fB\-outform DER|PEM\fR" 4
+.IX Item "-outform DER|PEM"
+This specifies the output format, the options have the same meaning as the
+\&\fB\-inform\fR option.
+.IP "\fB\-in filename\fR" 4
+.IX Item "-in filename"
+This specifies the input filename to read parameters from or standard input if
+this option is not specified. If the \fBnumbits\fR parameter is included then
+this option will be ignored.
+.IP "\fB\-out filename\fR" 4
+.IX Item "-out filename"
+This specifies the output filename parameters to. Standard output is used
+if this option is not present. The output filename should \fBnot\fR be the same
+as the input filename.
+.IP "\fB\-noout\fR" 4
+.IX Item "-noout"
+this option inhibits the output of the encoded version of the parameters.
+.IP "\fB\-text\fR" 4
+.IX Item "-text"
+this option prints out the \s-1DSA\s0 parameters in human readable form.
+.IP "\fB\-C\fR" 4
+.IX Item "-C"
+this option converts the parameters into C code. The parameters can then
+be loaded by calling the \fB\f(BIget_dsaXXX()\fB\fR function.
+.IP "\fB\-genkey\fR" 4
+.IX Item "-genkey"
+this option will generate a \s-1DSA\s0 either using the specified or generated
+parameters.
+.IP "\fB\-rand file(s)\fR" 4
+.IX Item "-rand file(s)"
+a file or files containing random data used to seed the random number
+generator, or an \s-1EGD\s0 socket (see \fIRAND_egd\fR\|(3)).
+Multiple files can be specified separated by a OS-dependent character.
+The separator is \fB;\fR for MS-Windows, \fB,\fR for OpenVMS, and \fB:\fR for
+all others.
+.IP "\fBnumbits\fR" 4
+.IX Item "numbits"
+this option specifies that a parameter set should be generated of size
+\&\fBnumbits\fR. It must be the last option. If this option is included then
+the input file (if any) is ignored.
+.IP "\fB\-engine id\fR" 4
+.IX Item "-engine id"
+specifying an engine (by it's unique \fBid\fR string) will cause \fBreq\fR
+to attempt to obtain a functional reference to the specified engine,
+thus initialising it if needed. The engine will then be set as the default
+for all available algorithms.
+.SH "NOTES"
+.IX Header "NOTES"
+\&\s-1PEM\s0 format \s-1DSA\s0 parameters use the header and footer lines:
+.PP
+.Vb 2
+\& \-\-\-\-\-BEGIN DSA PARAMETERS\-\-\-\-\-
+\& \-\-\-\-\-END DSA PARAMETERS\-\-\-\-\-
+.Ve
+.PP
+\&\s-1DSA\s0 parameter generation is a slow process and as a result the same set of
+\&\s-1DSA\s0 parameters is often used to generate several distinct keys.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIgendsa\fR\|(1), \fIdsa\fR\|(1), \fIgenrsa\fR\|(1),
+\&\fIrsa\fR\|(1)
diff --git a/secure/usr.bin/openssl/man/ec.1 b/secure/usr.bin/openssl/man/ec.1
new file mode 100644
index 0000000..56c0b7a
--- /dev/null
+++ b/secure/usr.bin/openssl/man/ec.1
@@ -0,0 +1,306 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "EC 1"
+.TH EC 1 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+ec \- EC key processing
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+\&\fBopenssl\fR \fBec\fR
+[\fB\-inform PEM|DER\fR]
+[\fB\-outform PEM|DER\fR]
+[\fB\-in filename\fR]
+[\fB\-passin arg\fR]
+[\fB\-out filename\fR]
+[\fB\-passout arg\fR]
+[\fB\-des\fR]
+[\fB\-des3\fR]
+[\fB\-idea\fR]
+[\fB\-text\fR]
+[\fB\-noout\fR]
+[\fB\-param_out\fR]
+[\fB\-pubin\fR]
+[\fB\-pubout\fR]
+[\fB\-conv_form arg\fR]
+[\fB\-param_enc arg\fR]
+[\fB\-engine id\fR]
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+The \fBec\fR command processes \s-1EC\s0 keys. They can be converted between various
+forms and their components printed out. \fBNote\fR OpenSSL uses the
+private key format specified in '\s-1SEC\s0 1: Elliptic Curve Cryptography'
+(http://www.secg.org/). To convert a OpenSSL \s-1EC\s0 private key into the
+PKCS#8 private key format use the \fBpkcs8\fR command.
+.SH "COMMAND OPTIONS"
+.IX Header "COMMAND OPTIONS"
+.IP "\fB\-inform DER|PEM\fR" 4
+.IX Item "-inform DER|PEM"
+This specifies the input format. The \fB\s-1DER\s0\fR option with a private key uses
+an \s-1ASN\s0.1 \s-1DER\s0 encoded \s-1SEC1\s0 private key. When used with a public key it
+uses the SubjectPublicKeyInfo structur as specified in \s-1RFC\s0 3280.
+The \fB\s-1PEM\s0\fR form is the default format: it consists of the \fB\s-1DER\s0\fR format base64
+encoded with additional header and footer lines. In the case of a private key
+PKCS#8 format is also accepted.
+.IP "\fB\-outform DER|PEM\fR" 4
+.IX Item "-outform DER|PEM"
+This specifies the output format, the options have the same meaning as the
+\&\fB\-inform\fR option.
+.IP "\fB\-in filename\fR" 4
+.IX Item "-in filename"
+This specifies the input filename to read a key from or standard input if this
+option is not specified. If the key is encrypted a pass phrase will be
+prompted for.
+.IP "\fB\-passin arg\fR" 4
+.IX Item "-passin arg"
+the input file password source. For more information about the format of \fBarg\fR
+see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
+.IP "\fB\-out filename\fR" 4
+.IX Item "-out filename"
+This specifies the output filename to write a key to or standard output by
+is not specified. If any encryption options are set then a pass phrase will be
+prompted for. The output filename should \fBnot\fR be the same as the input
+filename.
+.IP "\fB\-passout arg\fR" 4
+.IX Item "-passout arg"
+the output file password source. For more information about the format of \fBarg\fR
+see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
+.IP "\fB\-des|\-des3|\-idea\fR" 4
+.IX Item "-des|-des3|-idea"
+These options encrypt the private key with the \s-1DES\s0, triple \s-1DES\s0, \s-1IDEA\s0 or
+any other cipher supported by OpenSSL before outputting it. A pass phrase is
+prompted for.
+If none of these options is specified the key is written in plain text. This
+means that using the \fBec\fR utility to read in an encrypted key with no
+encryption option can be used to remove the pass phrase from a key, or by
+setting the encryption options it can be use to add or change the pass phrase.
+These options can only be used with \s-1PEM\s0 format output files.
+.IP "\fB\-text\fR" 4
+.IX Item "-text"
+prints out the public, private key components and parameters.
+.IP "\fB\-noout\fR" 4
+.IX Item "-noout"
+this option prevents output of the encoded version of the key.
+.IP "\fB\-modulus\fR" 4
+.IX Item "-modulus"
+this option prints out the value of the public key component of the key.
+.IP "\fB\-pubin\fR" 4
+.IX Item "-pubin"
+by default a private key is read from the input file: with this option a
+public key is read instead.
+.IP "\fB\-pubout\fR" 4
+.IX Item "-pubout"
+by default a private key is output. With this option a public
+key will be output instead. This option is automatically set if the input is
+a public key.
+.IP "\fB\-conv_form\fR" 4
+.IX Item "-conv_form"
+This specifies how the points on the elliptic curve are converted
+into octet strings. Possible values are: \fBcompressed\fR (the default
+value), \fBuncompressed\fR and \fBhybrid\fR. For more information regarding
+the point conversion forms please read the X9.62 standard.
+\&\fBNote\fR Due to patent issues the \fBcompressed\fR option is disabled
+by default for binary curves and can be enabled by defining
+the preprocessor macro \fB\s-1OPENSSL_EC_BIN_PT_COMP\s0\fR at compile time.
+.IP "\fB\-param_enc arg\fR" 4
+.IX Item "-param_enc arg"
+This specifies how the elliptic curve parameters are encoded.
+Possible value are: \fBnamed_curve\fR, i.e. the ec parameters are
+specified by a \s-1OID\s0, or \fBexplicit\fR where the ec parameters are
+explicitly given (see \s-1RFC\s0 3279 for the definition of the
+\&\s-1EC\s0 parameters structures). The default value is \fBnamed_curve\fR.
+\&\fBNote\fR the \fBimplicitlyCA\fR alternative ,as specified in \s-1RFC\s0 3279,
+is currently not implemented in OpenSSL.
+.IP "\fB\-engine id\fR" 4
+.IX Item "-engine id"
+specifying an engine (by it's unique \fBid\fR string) will cause \fBreq\fR
+to attempt to obtain a functional reference to the specified engine,
+thus initialising it if needed. The engine will then be set as the default
+for all available algorithms.
+.SH "NOTES"
+.IX Header "NOTES"
+The \s-1PEM\s0 private key format uses the header and footer lines:
+.PP
+.Vb 2
+\& \-\-\-\-\-BEGIN EC PRIVATE KEY\-\-\-\-\-
+\& \-\-\-\-\-END EC PRIVATE KEY\-\-\-\-\-
+.Ve
+.PP
+The \s-1PEM\s0 public key format uses the header and footer lines:
+.PP
+.Vb 2
+\& \-\-\-\-\-BEGIN PUBLIC KEY\-\-\-\-\-
+\& \-\-\-\-\-END PUBLIC KEY\-\-\-\-\-
+.Ve
+.SH "EXAMPLES"
+.IX Header "EXAMPLES"
+To encrypt a private key using triple \s-1DES:\s0
+.PP
+.Vb 1
+\& openssl ec \-in key.pem \-des3 \-out keyout.pem
+.Ve
+.PP
+To convert a private key from \s-1PEM\s0 to \s-1DER\s0 format:
+.PP
+.Vb 1
+\& openssl ec \-in key.pem \-outform DER \-out keyout.der
+.Ve
+.PP
+To print out the components of a private key to standard output:
+.PP
+.Vb 1
+\& openssl ec \-in key.pem \-text \-noout
+.Ve
+.PP
+To just output the public part of a private key:
+.PP
+.Vb 1
+\& openssl ec \-in key.pem \-pubout \-out pubkey.pem
+.Ve
+.PP
+To change the parameters encoding to \fBexplicit\fR:
+.PP
+.Vb 1
+\& openssl ec \-in key.pem \-param_enc explicit \-out keyout.pem
+.Ve
+.PP
+To change the point conversion form to \fBcompressed\fR:
+.PP
+.Vb 1
+\& openssl ec \-in key.pem \-conv_form compressed \-out keyout.pem
+.Ve
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIecparam\fR\|(1), \fIdsa\fR\|(1), \fIrsa\fR\|(1)
+.SH "HISTORY"
+.IX Header "HISTORY"
+The ec command was first introduced in OpenSSL 0.9.8.
+.SH "AUTHOR"
+.IX Header "AUTHOR"
+Nils Larsch for the OpenSSL project (http://www.openssl.org).
diff --git a/secure/usr.bin/openssl/man/ecparam.1 b/secure/usr.bin/openssl/man/ecparam.1
new file mode 100644
index 0000000..eb5332d
--- /dev/null
+++ b/secure/usr.bin/openssl/man/ecparam.1
@@ -0,0 +1,292 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "ECPARAM 1"
+.TH ECPARAM 1 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+ecparam \- EC parameter manipulation and generation
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+\&\fBopenssl ecparam\fR
+[\fB\-inform DER|PEM\fR]
+[\fB\-outform DER|PEM\fR]
+[\fB\-in filename\fR]
+[\fB\-out filename\fR]
+[\fB\-noout\fR]
+[\fB\-text\fR]
+[\fB\-C\fR]
+[\fB\-check\fR]
+[\fB\-name arg\fR]
+[\fB\-list_curve\fR]
+[\fB\-conv_form arg\fR]
+[\fB\-param_enc arg\fR]
+[\fB\-no_seed\fR]
+[\fB\-rand file(s)\fR]
+[\fB\-genkey\fR]
+[\fB\-engine id\fR]
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+This command is used to manipulate or generate \s-1EC\s0 parameter files.
+.SH "OPTIONS"
+.IX Header "OPTIONS"
+.IP "\fB\-inform DER|PEM\fR" 4
+.IX Item "-inform DER|PEM"
+This specifies the input format. The \fB\s-1DER\s0\fR option uses an \s-1ASN\s0.1 \s-1DER\s0 encoded
+form compatible with \s-1RFC\s0 3279 EcpkParameters. The \s-1PEM\s0 form is the default
+format: it consists of the \fB\s-1DER\s0\fR format base64 encoded with additional
+header and footer lines.
+.IP "\fB\-outform DER|PEM\fR" 4
+.IX Item "-outform DER|PEM"
+This specifies the output format, the options have the same meaning as the
+\&\fB\-inform\fR option.
+.IP "\fB\-in filename\fR" 4
+.IX Item "-in filename"
+This specifies the input filename to read parameters from or standard input if
+this option is not specified.
+.IP "\fB\-out filename\fR" 4
+.IX Item "-out filename"
+This specifies the output filename parameters to. Standard output is used
+if this option is not present. The output filename should \fBnot\fR be the same
+as the input filename.
+.IP "\fB\-noout\fR" 4
+.IX Item "-noout"
+This option inhibits the output of the encoded version of the parameters.
+.IP "\fB\-text\fR" 4
+.IX Item "-text"
+This option prints out the \s-1EC\s0 parameters in human readable form.
+.IP "\fB\-C\fR" 4
+.IX Item "-C"
+This option converts the \s-1EC\s0 parameters into C code. The parameters can then
+be loaded by calling the \fB\f(BIget_ec_group_XXX()\fB\fR function.
+.IP "\fB\-check\fR" 4
+.IX Item "-check"
+Validate the elliptic curve parameters.
+.IP "\fB\-name arg\fR" 4
+.IX Item "-name arg"
+Use the \s-1EC\s0 parameters with the specified 'short' name. Use \fB\-list_curves\fR
+to get a list of all currently implemented \s-1EC\s0 parameters.
+.IP "\fB\-list_curves\fR" 4
+.IX Item "-list_curves"
+If this options is specified \fBecparam\fR will print out a list of all
+currently implemented \s-1EC\s0 parameters names and exit.
+.IP "\fB\-conv_form\fR" 4
+.IX Item "-conv_form"
+This specifies how the points on the elliptic curve are converted
+into octet strings. Possible values are: \fBcompressed\fR (the default
+value), \fBuncompressed\fR and \fBhybrid\fR. For more information regarding
+the point conversion forms please read the X9.62 standard.
+\&\fBNote\fR Due to patent issues the \fBcompressed\fR option is disabled
+by default for binary curves and can be enabled by defining
+the preprocessor macro \fB\s-1OPENSSL_EC_BIN_PT_COMP\s0\fR at compile time.
+.IP "\fB\-param_enc arg\fR" 4
+.IX Item "-param_enc arg"
+This specifies how the elliptic curve parameters are encoded.
+Possible value are: \fBnamed_curve\fR, i.e. the ec parameters are
+specified by a \s-1OID\s0, or \fBexplicit\fR where the ec parameters are
+explicitly given (see \s-1RFC\s0 3279 for the definition of the
+\&\s-1EC\s0 parameters structures). The default value is \fBnamed_curve\fR.
+\&\fBNote\fR the \fBimplicitlyCA\fR alternative ,as specified in \s-1RFC\s0 3279,
+is currently not implemented in OpenSSL.
+.IP "\fB\-no_seed\fR" 4
+.IX Item "-no_seed"
+This option inhibits that the 'seed' for the parameter generation
+is included in the ECParameters structure (see \s-1RFC\s0 3279).
+.IP "\fB\-genkey\fR" 4
+.IX Item "-genkey"
+This option will generate a \s-1EC\s0 private key using the specified parameters.
+.IP "\fB\-rand file(s)\fR" 4
+.IX Item "-rand file(s)"
+a file or files containing random data used to seed the random number
+generator, or an \s-1EGD\s0 socket (see \fIRAND_egd\fR\|(3)).
+Multiple files can be specified separated by a OS-dependent character.
+The separator is \fB;\fR for MS-Windows, \fB,\fR for OpenVMS, and \fB:\fR for
+all others.
+.IP "\fB\-engine id\fR" 4
+.IX Item "-engine id"
+specifying an engine (by it's unique \fBid\fR string) will cause \fBreq\fR
+to attempt to obtain a functional reference to the specified engine,
+thus initialising it if needed. The engine will then be set as the default
+for all available algorithms.
+.SH "NOTES"
+.IX Header "NOTES"
+\&\s-1PEM\s0 format \s-1EC\s0 parameters use the header and footer lines:
+.PP
+.Vb 2
+\& \-\-\-\-\-BEGIN EC PARAMETERS\-\-\-\-\-
+\& \-\-\-\-\-END EC PARAMETERS\-\-\-\-\-
+.Ve
+.PP
+OpenSSL is currently not able to generate new groups and therefore
+\&\fBecparam\fR can only create \s-1EC\s0 parameters from known (named) curves.
+.SH "EXAMPLES"
+.IX Header "EXAMPLES"
+To create \s-1EC\s0 parameters with the group 'prime192v1':
+.PP
+.Vb 1
+\& openssl ecparam \-out ec_param.pem \-name prime192v1
+.Ve
+.PP
+To create \s-1EC\s0 parameters with explicit parameters:
+.PP
+.Vb 1
+\& openssl ecparam \-out ec_param.pem \-name prime192v1 \-param_enc explicit
+.Ve
+.PP
+To validate given \s-1EC\s0 parameters:
+.PP
+.Vb 1
+\& openssl ecparam \-in ec_param.pem \-check
+.Ve
+.PP
+To create \s-1EC\s0 parameters and a private key:
+.PP
+.Vb 1
+\& openssl ecparam \-out ec_key.pem \-name prime192v1 \-genkey
+.Ve
+.PP
+To change the point encoding to 'compressed':
+.PP
+.Vb 1
+\& openssl ecparam \-in ec_in.pem \-out ec_out.pem \-conv_form compressed
+.Ve
+.PP
+To print out the \s-1EC\s0 parameters to standard output:
+.PP
+.Vb 1
+\& openssl ecparam \-in ec_param.pem \-noout \-text
+.Ve
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIec\fR\|(1), \fIdsaparam\fR\|(1)
+.SH "HISTORY"
+.IX Header "HISTORY"
+The ecparam command was first introduced in OpenSSL 0.9.8.
+.SH "AUTHOR"
+.IX Header "AUTHOR"
+Nils Larsch for the OpenSSL project (http://www.openssl.org)
diff --git a/secure/usr.bin/openssl/man/enc.1 b/secure/usr.bin/openssl/man/enc.1
new file mode 100644
index 0000000..8330813
--- /dev/null
+++ b/secure/usr.bin/openssl/man/enc.1
@@ -0,0 +1,390 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "ENC 1"
+.TH ENC 1 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+enc \- symmetric cipher routines
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+\&\fBopenssl enc \-ciphername\fR
+[\fB\-in filename\fR]
+[\fB\-out filename\fR]
+[\fB\-pass arg\fR]
+[\fB\-e\fR]
+[\fB\-d\fR]
+[\fB\-a\fR]
+[\fB\-A\fR]
+[\fB\-k password\fR]
+[\fB\-kfile filename\fR]
+[\fB\-K key\fR]
+[\fB\-iv \s-1IV\s0\fR]
+[\fB\-p\fR]
+[\fB\-P\fR]
+[\fB\-bufsize number\fR]
+[\fB\-nopad\fR]
+[\fB\-debug\fR]
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+The symmetric cipher commands allow data to be encrypted or decrypted
+using various block and stream ciphers using keys based on passwords
+or explicitly provided. Base64 encoding or decoding can also be performed
+either by itself or in addition to the encryption or decryption.
+.SH "OPTIONS"
+.IX Header "OPTIONS"
+.IP "\fB\-in filename\fR" 4
+.IX Item "-in filename"
+the input filename, standard input by default.
+.IP "\fB\-out filename\fR" 4
+.IX Item "-out filename"
+the output filename, standard output by default.
+.IP "\fB\-pass arg\fR" 4
+.IX Item "-pass arg"
+the password source. For more information about the format of \fBarg\fR
+see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
+.IP "\fB\-salt\fR" 4
+.IX Item "-salt"
+use a salt in the key derivation routines. This is the default.
+.IP "\fB\-nosalt\fR" 4
+.IX Item "-nosalt"
+don't use a salt in the key derivation routines. This option \fB\s-1SHOULD\s0 \s-1NOT\s0\fR be
+used except for test purposes or compatibility with ancient versions of OpenSSL
+and SSLeay.
+.IP "\fB\-e\fR" 4
+.IX Item "-e"
+encrypt the input data: this is the default.
+.IP "\fB\-d\fR" 4
+.IX Item "-d"
+decrypt the input data.
+.IP "\fB\-a\fR" 4
+.IX Item "-a"
+base64 process the data. This means that if encryption is taking place
+the data is base64 encoded after encryption. If decryption is set then
+the input data is base64 decoded before being decrypted.
+.IP "\fB\-A\fR" 4
+.IX Item "-A"
+if the \fB\-a\fR option is set then base64 process the data on one line.
+.IP "\fB\-k password\fR" 4
+.IX Item "-k password"
+the password to derive the key from. This is for compatibility with previous
+versions of OpenSSL. Superseded by the \fB\-pass\fR argument.
+.IP "\fB\-kfile filename\fR" 4
+.IX Item "-kfile filename"
+read the password to derive the key from the first line of \fBfilename\fR.
+This is for compatibility with previous versions of OpenSSL. Superseded by
+the \fB\-pass\fR argument.
+.IP "\fB\-S salt\fR" 4
+.IX Item "-S salt"
+the actual salt to use: this must be represented as a string comprised only
+of hex digits.
+.IP "\fB\-K key\fR" 4
+.IX Item "-K key"
+the actual key to use: this must be represented as a string comprised only
+of hex digits. If only the key is specified, the \s-1IV\s0 must additionally specified
+using the \fB\-iv\fR option. When both a key and a password are specified, the
+key given with the \fB\-K\fR option will be used and the \s-1IV\s0 generated from the
+password will be taken. It probably does not make much sense to specify
+both key and password.
+.IP "\fB\-iv \s-1IV\s0\fR" 4
+.IX Item "-iv IV"
+the actual \s-1IV\s0 to use: this must be represented as a string comprised only
+of hex digits. When only the key is specified using the \fB\-K\fR option, the
+\&\s-1IV\s0 must explicitly be defined. When a password is being specified using
+one of the other options, the \s-1IV\s0 is generated from this password.
+.IP "\fB\-p\fR" 4
+.IX Item "-p"
+print out the key and \s-1IV\s0 used.
+.IP "\fB\-P\fR" 4
+.IX Item "-P"
+print out the key and \s-1IV\s0 used then immediately exit: don't do any encryption
+or decryption.
+.IP "\fB\-bufsize number\fR" 4
+.IX Item "-bufsize number"
+set the buffer size for I/O
+.IP "\fB\-nopad\fR" 4
+.IX Item "-nopad"
+disable standard block padding
+.IP "\fB\-debug\fR" 4
+.IX Item "-debug"
+debug the BIOs used for I/O.
+.SH "NOTES"
+.IX Header "NOTES"
+The program can be called either as \fBopenssl ciphername\fR or
+\&\fBopenssl enc \-ciphername\fR.
+.PP
+A password will be prompted for to derive the key and \s-1IV\s0 if necessary.
+.PP
+The \fB\-salt\fR option should \fB\s-1ALWAYS\s0\fR be used if the key is being derived
+from a password unless you want compatibility with previous versions of
+OpenSSL and SSLeay.
+.PP
+Without the \fB\-salt\fR option it is possible to perform efficient dictionary
+attacks on the password and to attack stream cipher encrypted data. The reason
+for this is that without the salt the same password always generates the same
+encryption key. When the salt is being used the first eight bytes of the
+encrypted data are reserved for the salt: it is generated at random when
+encrypting a file and read from the encrypted file when it is decrypted.
+.PP
+Some of the ciphers do not have large keys and others have security
+implications if not used correctly. A beginner is advised to just use
+a strong block cipher in \s-1CBC\s0 mode such as bf or des3.
+.PP
+All the block ciphers normally use PKCS#5 padding also known as standard block
+padding: this allows a rudimentary integrity or password check to be
+performed. However since the chance of random data passing the test is
+better than 1 in 256 it isn't a very good test.
+.PP
+If padding is disabled then the input data must be a multiple of the cipher
+block length.
+.PP
+All \s-1RC2\s0 ciphers have the same key and effective key length.
+.PP
+Blowfish and \s-1RC5\s0 algorithms use a 128 bit key.
+.SH "SUPPORTED CIPHERS"
+.IX Header "SUPPORTED CIPHERS"
+.Vb 1
+\& base64 Base 64
+\&
+\& bf\-cbc Blowfish in CBC mode
+\& bf Alias for bf\-cbc
+\& bf\-cfb Blowfish in CFB mode
+\& bf\-ecb Blowfish in ECB mode
+\& bf\-ofb Blowfish in OFB mode
+\&
+\& cast\-cbc CAST in CBC mode
+\& cast Alias for cast\-cbc
+\& cast5\-cbc CAST5 in CBC mode
+\& cast5\-cfb CAST5 in CFB mode
+\& cast5\-ecb CAST5 in ECB mode
+\& cast5\-ofb CAST5 in OFB mode
+\&
+\& des\-cbc DES in CBC mode
+\& des Alias for des\-cbc
+\& des\-cfb DES in CBC mode
+\& des\-ofb DES in OFB mode
+\& des\-ecb DES in ECB mode
+\&
+\& des\-ede\-cbc Two key triple DES EDE in CBC mode
+\& des\-ede Two key triple DES EDE in ECB mode
+\& des\-ede\-cfb Two key triple DES EDE in CFB mode
+\& des\-ede\-ofb Two key triple DES EDE in OFB mode
+\&
+\& des\-ede3\-cbc Three key triple DES EDE in CBC mode
+\& des\-ede3 Three key triple DES EDE in ECB mode
+\& des3 Alias for des\-ede3\-cbc
+\& des\-ede3\-cfb Three key triple DES EDE CFB mode
+\& des\-ede3\-ofb Three key triple DES EDE in OFB mode
+\&
+\& desx DESX algorithm.
+\&
+\& idea\-cbc IDEA algorithm in CBC mode
+\& idea same as idea\-cbc
+\& idea\-cfb IDEA in CFB mode
+\& idea\-ecb IDEA in ECB mode
+\& idea\-ofb IDEA in OFB mode
+\&
+\& rc2\-cbc 128 bit RC2 in CBC mode
+\& rc2 Alias for rc2\-cbc
+\& rc2\-cfb 128 bit RC2 in CFB mode
+\& rc2\-ecb 128 bit RC2 in ECB mode
+\& rc2\-ofb 128 bit RC2 in OFB mode
+\& rc2\-64\-cbc 64 bit RC2 in CBC mode
+\& rc2\-40\-cbc 40 bit RC2 in CBC mode
+\&
+\& rc4 128 bit RC4
+\& rc4\-64 64 bit RC4
+\& rc4\-40 40 bit RC4
+\&
+\& rc5\-cbc RC5 cipher in CBC mode
+\& rc5 Alias for rc5\-cbc
+\& rc5\-cfb RC5 cipher in CFB mode
+\& rc5\-ecb RC5 cipher in ECB mode
+\& rc5\-ofb RC5 cipher in OFB mode
+\&
+\& aes\-[128|192|256]\-cbc 128/192/256 bit AES in CBC mode
+\& aes\-[128|192|256] Alias for aes\-[128|192|256]\-cbc
+\& aes\-[128|192|256]\-cfb 128/192/256 bit AES in 128 bit CFB mode
+\& aes\-[128|192|256]\-cfb1 128/192/256 bit AES in 1 bit CFB mode
+\& aes\-[128|192|256]\-cfb8 128/192/256 bit AES in 8 bit CFB mode
+\& aes\-[128|192|256]\-ecb 128/192/256 bit AES in ECB mode
+\& aes\-[128|192|256]\-ofb 128/192/256 bit AES in OFB mode
+.Ve
+.SH "EXAMPLES"
+.IX Header "EXAMPLES"
+Just base64 encode a binary file:
+.PP
+.Vb 1
+\& openssl base64 \-in file.bin \-out file.b64
+.Ve
+.PP
+Decode the same file
+.PP
+.Vb 1
+\& openssl base64 \-d \-in file.b64 \-out file.bin
+.Ve
+.PP
+Encrypt a file using triple \s-1DES\s0 in \s-1CBC\s0 mode using a prompted password:
+.PP
+.Vb 1
+\& openssl des3 \-salt \-in file.txt \-out file.des3
+.Ve
+.PP
+Decrypt a file using a supplied password:
+.PP
+.Vb 1
+\& openssl des3 \-d \-salt \-in file.des3 \-out file.txt \-k mypassword
+.Ve
+.PP
+Encrypt a file then base64 encode it (so it can be sent via mail for example)
+using Blowfish in \s-1CBC\s0 mode:
+.PP
+.Vb 1
+\& openssl bf \-a \-salt \-in file.txt \-out file.bf
+.Ve
+.PP
+Base64 decode a file then decrypt it:
+.PP
+.Vb 1
+\& openssl bf \-d \-salt \-a \-in file.bf \-out file.txt
+.Ve
+.PP
+Decrypt some data using a supplied 40 bit \s-1RC4\s0 key:
+.PP
+.Vb 1
+\& openssl rc4\-40 \-in file.rc4 \-out file.txt \-K 0102030405
+.Ve
+.SH "BUGS"
+.IX Header "BUGS"
+The \fB\-A\fR option when used with large files doesn't work properly.
+.PP
+There should be an option to allow an iteration count to be included.
+.PP
+The \fBenc\fR program only supports a fixed number of algorithms with
+certain parameters. So if, for example, you want to use \s-1RC2\s0 with a
+76 bit key or \s-1RC4\s0 with an 84 bit key you can't use this program.
diff --git a/secure/usr.bin/openssl/man/errstr.1 b/secure/usr.bin/openssl/man/errstr.1
new file mode 100644
index 0000000..b498d2f
--- /dev/null
+++ b/secure/usr.bin/openssl/man/errstr.1
@@ -0,0 +1,166 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "ERRSTR 1"
+.TH ERRSTR 1 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+errstr \- lookup error codes
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+\&\fBopenssl errstr error_code\fR
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+Sometimes an application will not load error message and only
+numerical forms will be available. The \fBerrstr\fR utility can be used to
+display the meaning of the hex code. The hex code is the hex digits after the
+second colon.
+.SH "EXAMPLE"
+.IX Header "EXAMPLE"
+The error code:
+.PP
+.Vb 1
+\& 27594:error:2006D080:lib(32):func(109):reason(128):bss_file.c:107:
+.Ve
+.PP
+can be displayed with:
+.PP
+.Vb 1
+\& openssl errstr 2006D080
+.Ve
+.PP
+to produce the error message:
+.PP
+.Vb 1
+\& error:2006D080:BIO routines:BIO_new_file:no such file
+.Ve
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIerr\fR\|(3),
+\&\fIERR_load_crypto_strings\fR\|(3),
+\&\fISSL_load_error_strings\fR\|(3)
diff --git a/secure/usr.bin/openssl/man/gendsa.1 b/secure/usr.bin/openssl/man/gendsa.1
new file mode 100644
index 0000000..e271817
--- /dev/null
+++ b/secure/usr.bin/openssl/man/gendsa.1
@@ -0,0 +1,180 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "GENDSA 1"
+.TH GENDSA 1 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+gendsa \- generate a DSA private key from a set of parameters
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+\&\fBopenssl\fR \fBgendsa\fR
+[\fB\-out filename\fR]
+[\fB\-des\fR]
+[\fB\-des3\fR]
+[\fB\-idea\fR]
+[\fB\-rand file(s)\fR]
+[\fB\-engine id\fR]
+[\fBparamfile\fR]
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+The \fBgendsa\fR command generates a \s-1DSA\s0 private key from a \s-1DSA\s0 parameter file
+(which will be typically generated by the \fBopenssl dsaparam\fR command).
+.SH "OPTIONS"
+.IX Header "OPTIONS"
+.IP "\fB\-des|\-des3|\-idea\fR" 4
+.IX Item "-des|-des3|-idea"
+These options encrypt the private key with the \s-1DES\s0, triple \s-1DES\s0, or the
+\&\s-1IDEA\s0 ciphers respectively before outputting it. A pass phrase is prompted for.
+If none of these options is specified no encryption is used.
+.IP "\fB\-rand file(s)\fR" 4
+.IX Item "-rand file(s)"
+a file or files containing random data used to seed the random number
+generator, or an \s-1EGD\s0 socket (see \fIRAND_egd\fR\|(3)).
+Multiple files can be specified separated by a OS-dependent character.
+The separator is \fB;\fR for MS-Windows, \fB,\fR for OpenVMS, and \fB:\fR for
+all others.
+.IP "\fB\-engine id\fR" 4
+.IX Item "-engine id"
+specifying an engine (by it's unique \fBid\fR string) will cause \fBreq\fR
+to attempt to obtain a functional reference to the specified engine,
+thus initialising it if needed. The engine will then be set as the default
+for all available algorithms.
+.IP "\fBparamfile\fR" 4
+.IX Item "paramfile"
+This option specifies the \s-1DSA\s0 parameter file to use. The parameters in this
+file determine the size of the private key. \s-1DSA\s0 parameters can be generated
+and examined using the \fBopenssl dsaparam\fR command.
+.SH "NOTES"
+.IX Header "NOTES"
+\&\s-1DSA\s0 key generation is little more than random number generation so it is
+much quicker that \s-1RSA\s0 key generation for example.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIdsaparam\fR\|(1), \fIdsa\fR\|(1), \fIgenrsa\fR\|(1),
+\&\fIrsa\fR\|(1)
diff --git a/secure/usr.bin/openssl/man/genrsa.1 b/secure/usr.bin/openssl/man/genrsa.1
new file mode 100644
index 0000000..56d5dec
--- /dev/null
+++ b/secure/usr.bin/openssl/man/genrsa.1
@@ -0,0 +1,205 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "GENRSA 1"
+.TH GENRSA 1 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+genrsa \- generate an RSA private key
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+\&\fBopenssl\fR \fBgenrsa\fR
+[\fB\-out filename\fR]
+[\fB\-passout arg\fR]
+[\fB\-des\fR]
+[\fB\-des3\fR]
+[\fB\-idea\fR]
+[\fB\-f4\fR]
+[\fB\-3\fR]
+[\fB\-rand file(s)\fR]
+[\fB\-engine id\fR]
+[\fBnumbits\fR]
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+The \fBgenrsa\fR command generates an \s-1RSA\s0 private key.
+.SH "OPTIONS"
+.IX Header "OPTIONS"
+.IP "\fB\-out filename\fR" 4
+.IX Item "-out filename"
+the output filename. If this argument is not specified then standard output is
+used.
+.IP "\fB\-passout arg\fR" 4
+.IX Item "-passout arg"
+the output file password source. For more information about the format of \fBarg\fR
+see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
+.IP "\fB\-des|\-des3|\-idea\fR" 4
+.IX Item "-des|-des3|-idea"
+These options encrypt the private key with the \s-1DES\s0, triple \s-1DES\s0, or the
+\&\s-1IDEA\s0 ciphers respectively before outputting it. If none of these options is
+specified no encryption is used. If encryption is used a pass phrase is prompted
+for if it is not supplied via the \fB\-passout\fR argument.
+.IP "\fB\-F4|\-3\fR" 4
+.IX Item "-F4|-3"
+the public exponent to use, either 65537 or 3. The default is 65537.
+.IP "\fB\-rand file(s)\fR" 4
+.IX Item "-rand file(s)"
+a file or files containing random data used to seed the random number
+generator, or an \s-1EGD\s0 socket (see \fIRAND_egd\fR\|(3)).
+Multiple files can be specified separated by a OS-dependent character.
+The separator is \fB;\fR for MS-Windows, \fB,\fR for OpenVMS, and \fB:\fR for
+all others.
+.IP "\fB\-engine id\fR" 4
+.IX Item "-engine id"
+specifying an engine (by it's unique \fBid\fR string) will cause \fBreq\fR
+to attempt to obtain a functional reference to the specified engine,
+thus initialising it if needed. The engine will then be set as the default
+for all available algorithms.
+.IP "\fBnumbits\fR" 4
+.IX Item "numbits"
+the size of the private key to generate in bits. This must be the last option
+specified. The default is 512.
+.SH "NOTES"
+.IX Header "NOTES"
+\&\s-1RSA\s0 private key generation essentially involves the generation of two prime
+numbers. When generating a private key various symbols will be output to
+indicate the progress of the generation. A \fB.\fR represents each number which
+has passed an initial sieve test, \fB+\fR means a number has passed a single
+round of the Miller-Rabin primality test. A newline means that the number has
+passed all the prime tests (the actual number depends on the key size).
+.PP
+Because key generation is a random process the time taken to generate a key
+may vary somewhat.
+.SH "BUGS"
+.IX Header "BUGS"
+A quirk of the prime generation algorithm is that it cannot generate small
+primes. Therefore the number of bits should not be less that 64. For typical
+private keys this will not matter because for security reasons they will
+be much larger (typically 1024 bits).
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIgendsa\fR\|(1)
diff --git a/secure/usr.bin/openssl/man/nseq.1 b/secure/usr.bin/openssl/man/nseq.1
new file mode 100644
index 0000000..e212c0c
--- /dev/null
+++ b/secure/usr.bin/openssl/man/nseq.1
@@ -0,0 +1,190 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "NSEQ 1"
+.TH NSEQ 1 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+nseq \- create or examine a netscape certificate sequence
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+\&\fBopenssl\fR \fBnseq\fR
+[\fB\-in filename\fR]
+[\fB\-out filename\fR]
+[\fB\-toseq\fR]
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+The \fBnseq\fR command takes a file containing a Netscape certificate
+sequence and prints out the certificates contained in it or takes a
+file of certificates and converts it into a Netscape certificate
+sequence.
+.SH "COMMAND OPTIONS"
+.IX Header "COMMAND OPTIONS"
+.IP "\fB\-in filename\fR" 4
+.IX Item "-in filename"
+This specifies the input filename to read or standard input if this
+option is not specified.
+.IP "\fB\-out filename\fR" 4
+.IX Item "-out filename"
+specifies the output filename or standard output by default.
+.IP "\fB\-toseq\fR" 4
+.IX Item "-toseq"
+normally a Netscape certificate sequence will be input and the output
+is the certificates contained in it. With the \fB\-toseq\fR option the
+situation is reversed: a Netscape certificate sequence is created from
+a file of certificates.
+.SH "EXAMPLES"
+.IX Header "EXAMPLES"
+Output the certificates in a Netscape certificate sequence
+.PP
+.Vb 1
+\& openssl nseq \-in nseq.pem \-out certs.pem
+.Ve
+.PP
+Create a Netscape certificate sequence
+.PP
+.Vb 1
+\& openssl nseq \-in certs.pem \-toseq \-out nseq.pem
+.Ve
+.SH "NOTES"
+.IX Header "NOTES"
+The \fB\s-1PEM\s0\fR encoded form uses the same headers and footers as a certificate:
+.PP
+.Vb 2
+\& \-\-\-\-\-BEGIN CERTIFICATE\-\-\-\-\-
+\& \-\-\-\-\-END CERTIFICATE\-\-\-\-\-
+.Ve
+.PP
+A Netscape certificate sequence is a Netscape specific form that can be sent
+to browsers as an alternative to the standard PKCS#7 format when several
+certificates are sent to the browser: for example during certificate enrollment.
+It is used by Netscape certificate server for example.
+.SH "BUGS"
+.IX Header "BUGS"
+This program needs a few more options: like allowing \s-1DER\s0 or \s-1PEM\s0 input and
+output files and allowing multiple certificate files to be used.
diff --git a/secure/usr.bin/openssl/man/ocsp.1 b/secure/usr.bin/openssl/man/ocsp.1
new file mode 100644
index 0000000..be1011b
--- /dev/null
+++ b/secure/usr.bin/openssl/man/ocsp.1
@@ -0,0 +1,463 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "OCSP 1"
+.TH OCSP 1 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+ocsp \- Online Certificate Status Protocol utility
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+\&\fBopenssl\fR \fBocsp\fR
+[\fB\-out file\fR]
+[\fB\-issuer file\fR]
+[\fB\-cert file\fR]
+[\fB\-serial n\fR]
+[\fB\-signer file\fR]
+[\fB\-signkey file\fR]
+[\fB\-sign_other file\fR]
+[\fB\-no_certs\fR]
+[\fB\-req_text\fR]
+[\fB\-resp_text\fR]
+[\fB\-text\fR]
+[\fB\-reqout file\fR]
+[\fB\-respout file\fR]
+[\fB\-reqin file\fR]
+[\fB\-respin file\fR]
+[\fB\-nonce\fR]
+[\fB\-no_nonce\fR]
+[\fB\-url \s-1URL\s0\fR]
+[\fB\-host host:n\fR]
+[\fB\-path\fR]
+[\fB\-CApath dir\fR]
+[\fB\-CAfile file\fR]
+[\fB\-VAfile file\fR]
+[\fB\-validity_period n\fR]
+[\fB\-status_age n\fR]
+[\fB\-noverify\fR]
+[\fB\-verify_other file\fR]
+[\fB\-trust_other\fR]
+[\fB\-no_intern\fR]
+[\fB\-no_signature_verify\fR]
+[\fB\-no_cert_verify\fR]
+[\fB\-no_chain\fR]
+[\fB\-no_cert_checks\fR]
+[\fB\-port num\fR]
+[\fB\-index file\fR]
+[\fB\-CA file\fR]
+[\fB\-rsigner file\fR]
+[\fB\-rkey file\fR]
+[\fB\-rother file\fR]
+[\fB\-resp_no_certs\fR]
+[\fB\-nmin n\fR]
+[\fB\-ndays n\fR]
+[\fB\-resp_key_id\fR]
+[\fB\-nrequest n\fR]
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+The Online Certificate Status Protocol (\s-1OCSP\s0) enables applications to
+determine the (revocation) state of an identified certificate (\s-1RFC\s0 2560).
+.PP
+The \fBocsp\fR command performs many common \s-1OCSP\s0 tasks. It can be used
+to print out requests and responses, create requests and send queries
+to an \s-1OCSP\s0 responder and behave like a mini \s-1OCSP\s0 server itself.
+.SH "OCSP CLIENT OPTIONS"
+.IX Header "OCSP CLIENT OPTIONS"
+.IP "\fB\-out filename\fR" 4
+.IX Item "-out filename"
+specify output filename, default is standard output.
+.IP "\fB\-issuer filename\fR" 4
+.IX Item "-issuer filename"
+This specifies the current issuer certificate. This option can be used
+multiple times. The certificate specified in \fBfilename\fR must be in
+\&\s-1PEM\s0 format. This option \fB\s-1MUST\s0\fR come before any \fB\-cert\fR options.
+.IP "\fB\-cert filename\fR" 4
+.IX Item "-cert filename"
+Add the certificate \fBfilename\fR to the request. The issuer certificate
+is taken from the previous \fBissuer\fR option, or an error occurs if no
+issuer certificate is specified.
+.IP "\fB\-serial num\fR" 4
+.IX Item "-serial num"
+Same as the \fBcert\fR option except the certificate with serial number
+\&\fBnum\fR is added to the request. The serial number is interpreted as a
+decimal integer unless preceded by \fB0x\fR. Negative integers can also
+be specified by preceding the value by a \fB\-\fR sign.
+.IP "\fB\-signer filename\fR, \fB\-signkey filename\fR" 4
+.IX Item "-signer filename, -signkey filename"
+Sign the \s-1OCSP\s0 request using the certificate specified in the \fBsigner\fR
+option and the private key specified by the \fBsignkey\fR option. If
+the \fBsignkey\fR option is not present then the private key is read
+from the same file as the certificate. If neither option is specified then
+the \s-1OCSP\s0 request is not signed.
+.IP "\fB\-sign_other filename\fR" 4
+.IX Item "-sign_other filename"
+Additional certificates to include in the signed request.
+.IP "\fB\-nonce\fR, \fB\-no_nonce\fR" 4
+.IX Item "-nonce, -no_nonce"
+Add an \s-1OCSP\s0 nonce extension to a request or disable \s-1OCSP\s0 nonce addition.
+Normally if an \s-1OCSP\s0 request is input using the \fBrespin\fR option no
+nonce is added: using the \fBnonce\fR option will force addition of a nonce.
+If an \s-1OCSP\s0 request is being created (using \fBcert\fR and \fBserial\fR options)
+a nonce is automatically added specifying \fBno_nonce\fR overrides this.
+.IP "\fB\-req_text\fR, \fB\-resp_text\fR, \fB\-text\fR" 4
+.IX Item "-req_text, -resp_text, -text"
+print out the text form of the \s-1OCSP\s0 request, response or both respectively.
+.IP "\fB\-reqout file\fR, \fB\-respout file\fR" 4
+.IX Item "-reqout file, -respout file"
+write out the \s-1DER\s0 encoded certificate request or response to \fBfile\fR.
+.IP "\fB\-reqin file\fR, \fB\-respin file\fR" 4
+.IX Item "-reqin file, -respin file"
+read \s-1OCSP\s0 request or response file from \fBfile\fR. These option are ignored
+if \s-1OCSP\s0 request or response creation is implied by other options (for example
+with \fBserial\fR, \fBcert\fR and \fBhost\fR options).
+.IP "\fB\-url responder_url\fR" 4
+.IX Item "-url responder_url"
+specify the responder \s-1URL\s0. Both \s-1HTTP\s0 and \s-1HTTPS\s0 (\s-1SSL/TLS\s0) URLs can be specified.
+.IP "\fB\-host hostname:port\fR, \fB\-path pathname\fR" 4
+.IX Item "-host hostname:port, -path pathname"
+if the \fBhost\fR option is present then the \s-1OCSP\s0 request is sent to the host
+\&\fBhostname\fR on port \fBport\fR. \fBpath\fR specifies the \s-1HTTP\s0 path name to use
+or \*(L"/\*(R" by default.
+.IP "\fB\-CAfile file\fR, \fB\-CApath pathname\fR" 4
+.IX Item "-CAfile file, -CApath pathname"
+file or pathname containing trusted \s-1CA\s0 certificates. These are used to verify
+the signature on the \s-1OCSP\s0 response.
+.IP "\fB\-verify_other file\fR" 4
+.IX Item "-verify_other file"
+file containing additional certificates to search when attempting to locate
+the \s-1OCSP\s0 response signing certificate. Some responders omit the actual signer's
+certificate from the response: this option can be used to supply the necessary
+certificate in such cases.
+.IP "\fB\-trust_other\fR" 4
+.IX Item "-trust_other"
+the certificates specified by the \fB\-verify_other\fR option should be explicitly
+trusted and no additional checks will be performed on them. This is useful
+when the complete responder certificate chain is not available or trusting a
+root \s-1CA\s0 is not appropriate.
+.IP "\fB\-VAfile file\fR" 4
+.IX Item "-VAfile file"
+file containing explicitly trusted responder certificates. Equivalent to the
+\&\fB\-verify_other\fR and \fB\-trust_other\fR options.
+.IP "\fB\-noverify\fR" 4
+.IX Item "-noverify"
+don't attempt to verify the \s-1OCSP\s0 response signature or the nonce values. This
+option will normally only be used for debugging since it disables all verification
+of the responders certificate.
+.IP "\fB\-no_intern\fR" 4
+.IX Item "-no_intern"
+ignore certificates contained in the \s-1OCSP\s0 response when searching for the
+signers certificate. With this option the signers certificate must be specified
+with either the \fB\-verify_other\fR or \fB\-VAfile\fR options.
+.IP "\fB\-no_signature_verify\fR" 4
+.IX Item "-no_signature_verify"
+don't check the signature on the \s-1OCSP\s0 response. Since this option tolerates invalid
+signatures on \s-1OCSP\s0 responses it will normally only be used for testing purposes.
+.IP "\fB\-no_cert_verify\fR" 4
+.IX Item "-no_cert_verify"
+don't verify the \s-1OCSP\s0 response signers certificate at all. Since this option allows
+the \s-1OCSP\s0 response to be signed by any certificate it should only be used for
+testing purposes.
+.IP "\fB\-no_chain\fR" 4
+.IX Item "-no_chain"
+do not use certificates in the response as additional untrusted \s-1CA\s0
+certificates.
+.IP "\fB\-no_cert_checks\fR" 4
+.IX Item "-no_cert_checks"
+don't perform any additional checks on the \s-1OCSP\s0 response signers certificate.
+That is do not make any checks to see if the signers certificate is authorised
+to provide the necessary status information: as a result this option should
+only be used for testing purposes.
+.IP "\fB\-validity_period nsec\fR, \fB\-status_age age\fR" 4
+.IX Item "-validity_period nsec, -status_age age"
+these options specify the range of times, in seconds, which will be tolerated
+in an \s-1OCSP\s0 response. Each certificate status response includes a \fBnotBefore\fR time and
+an optional \fBnotAfter\fR time. The current time should fall between these two values, but
+the interval between the two times may be only a few seconds. In practice the \s-1OCSP\s0
+responder and clients clocks may not be precisely synchronised and so such a check
+may fail. To avoid this the \fB\-validity_period\fR option can be used to specify an
+acceptable error range in seconds, the default value is 5 minutes.
+.Sp
+If the \fBnotAfter\fR time is omitted from a response then this means that new status
+information is immediately available. In this case the age of the \fBnotBefore\fR field
+is checked to see it is not older than \fBage\fR seconds old. By default this additional
+check is not performed.
+.SH "OCSP SERVER OPTIONS"
+.IX Header "OCSP SERVER OPTIONS"
+.IP "\fB\-index indexfile\fR" 4
+.IX Item "-index indexfile"
+\&\fBindexfile\fR is a text index file in \fBca\fR format containing certificate revocation
+information.
+.Sp
+If the \fBindex\fR option is specified the \fBocsp\fR utility is in responder mode, otherwise
+it is in client mode. The request(s) the responder processes can be either specified on
+the command line (using \fBissuer\fR and \fBserial\fR options), supplied in a file (using the
+\&\fBrespin\fR option) or via external \s-1OCSP\s0 clients (if \fBport\fR or \fBurl\fR is specified).
+.Sp
+If the \fBindex\fR option is present then the \fB\s-1CA\s0\fR and \fBrsigner\fR options must also be
+present.
+.IP "\fB\-CA file\fR" 4
+.IX Item "-CA file"
+\&\s-1CA\s0 certificate corresponding to the revocation information in \fBindexfile\fR.
+.IP "\fB\-rsigner file\fR" 4
+.IX Item "-rsigner file"
+The certificate to sign \s-1OCSP\s0 responses with.
+.IP "\fB\-rother file\fR" 4
+.IX Item "-rother file"
+Additional certificates to include in the \s-1OCSP\s0 response.
+.IP "\fB\-resp_no_certs\fR" 4
+.IX Item "-resp_no_certs"
+Don't include any certificates in the \s-1OCSP\s0 response.
+.IP "\fB\-resp_key_id\fR" 4
+.IX Item "-resp_key_id"
+Identify the signer certificate using the key \s-1ID\s0, default is to use the subject name.
+.IP "\fB\-rkey file\fR" 4
+.IX Item "-rkey file"
+The private key to sign \s-1OCSP\s0 responses with: if not present the file specified in the
+\&\fBrsigner\fR option is used.
+.IP "\fB\-port portnum\fR" 4
+.IX Item "-port portnum"
+Port to listen for \s-1OCSP\s0 requests on. The port may also be specified using the \fBurl\fR
+option.
+.IP "\fB\-nrequest number\fR" 4
+.IX Item "-nrequest number"
+The \s-1OCSP\s0 server will exit after receiving \fBnumber\fR requests, default unlimited.
+.IP "\fB\-nmin minutes\fR, \fB\-ndays days\fR" 4
+.IX Item "-nmin minutes, -ndays days"
+Number of minutes or days when fresh revocation information is available: used in the
+\&\fBnextUpdate\fR field. If neither option is present then the \fBnextUpdate\fR field is
+omitted meaning fresh revocation information is immediately available.
+.SH "OCSP Response verification."
+.IX Header "OCSP Response verification."
+\&\s-1OCSP\s0 Response follows the rules specified in \s-1RFC2560\s0.
+.PP
+Initially the \s-1OCSP\s0 responder certificate is located and the signature on
+the \s-1OCSP\s0 request checked using the responder certificate's public key.
+.PP
+Then a normal certificate verify is performed on the \s-1OCSP\s0 responder certificate
+building up a certificate chain in the process. The locations of the trusted
+certificates used to build the chain can be specified by the \fBCAfile\fR
+and \fBCApath\fR options or they will be looked for in the standard OpenSSL
+certificates directory.
+.PP
+If the initial verify fails then the \s-1OCSP\s0 verify process halts with an
+error.
+.PP
+Otherwise the issuing \s-1CA\s0 certificate in the request is compared to the \s-1OCSP\s0
+responder certificate: if there is a match then the \s-1OCSP\s0 verify succeeds.
+.PP
+Otherwise the \s-1OCSP\s0 responder certificate's \s-1CA\s0 is checked against the issuing
+\&\s-1CA\s0 certificate in the request. If there is a match and the OCSPSigning
+extended key usage is present in the \s-1OCSP\s0 responder certificate then the
+\&\s-1OCSP\s0 verify succeeds.
+.PP
+Otherwise the root \s-1CA\s0 of the \s-1OCSP\s0 responders \s-1CA\s0 is checked to see if it
+is trusted for \s-1OCSP\s0 signing. If it is the \s-1OCSP\s0 verify succeeds.
+.PP
+If none of these checks is successful then the \s-1OCSP\s0 verify fails.
+.PP
+What this effectively means if that if the \s-1OCSP\s0 responder certificate is
+authorised directly by the \s-1CA\s0 it is issuing revocation information about
+(and it is correctly configured) then verification will succeed.
+.PP
+If the \s-1OCSP\s0 responder is a \*(L"global responder\*(R" which can give details about
+multiple CAs and has its own separate certificate chain then its root
+\&\s-1CA\s0 can be trusted for \s-1OCSP\s0 signing. For example:
+.PP
+.Vb 1
+\& openssl x509 \-in ocspCA.pem \-addtrust OCSPSigning \-out trustedCA.pem
+.Ve
+.PP
+Alternatively the responder certificate itself can be explicitly trusted
+with the \fB\-VAfile\fR option.
+.SH "NOTES"
+.IX Header "NOTES"
+As noted, most of the verify options are for testing or debugging purposes.
+Normally only the \fB\-CApath\fR, \fB\-CAfile\fR and (if the responder is a 'global
+\&\s-1VA\s0') \fB\-VAfile\fR options need to be used.
+.PP
+The \s-1OCSP\s0 server is only useful for test and demonstration purposes: it is
+not really usable as a full \s-1OCSP\s0 responder. It contains only a very
+simple \s-1HTTP\s0 request handling and can only handle the \s-1POST\s0 form of \s-1OCSP\s0
+queries. It also handles requests serially meaning it cannot respond to
+new requests until it has processed the current one. The text index file
+format of revocation is also inefficient for large quantities of revocation
+data.
+.PP
+It is possible to run the \fBocsp\fR application in responder mode via a \s-1CGI\s0
+script using the \fBrespin\fR and \fBrespout\fR options.
+.SH "EXAMPLES"
+.IX Header "EXAMPLES"
+Create an \s-1OCSP\s0 request and write it to a file:
+.PP
+.Vb 1
+\& openssl ocsp \-issuer issuer.pem \-cert c1.pem \-cert c2.pem \-reqout req.der
+.Ve
+.PP
+Send a query to an \s-1OCSP\s0 responder with \s-1URL\s0 http://ocsp.myhost.com/ save the
+response to a file and print it out in text form
+.PP
+.Vb 2
+\& openssl ocsp \-issuer issuer.pem \-cert c1.pem \-cert c2.pem \e
+\& \-url http://ocsp.myhost.com/ \-resp_text \-respout resp.der
+.Ve
+.PP
+Read in an \s-1OCSP\s0 response and print out text form:
+.PP
+.Vb 1
+\& openssl ocsp \-respin resp.der \-text
+.Ve
+.PP
+\&\s-1OCSP\s0 server on port 8888 using a standard \fBca\fR configuration, and a separate
+responder certificate. All requests and responses are printed to a file.
+.PP
+.Vb 2
+\& openssl ocsp \-index demoCA/index.txt \-port 8888 \-rsigner rcert.pem \-CA demoCA/cacert.pem
+\& \-text \-out log.txt
+.Ve
+.PP
+As above but exit after processing one request:
+.PP
+.Vb 2
+\& openssl ocsp \-index demoCA/index.txt \-port 8888 \-rsigner rcert.pem \-CA demoCA/cacert.pem
+\& \-nrequest 1
+.Ve
+.PP
+Query status information using internally generated request:
+.PP
+.Vb 2
+\& openssl ocsp \-index demoCA/index.txt \-rsigner rcert.pem \-CA demoCA/cacert.pem
+\& \-issuer demoCA/cacert.pem \-serial 1
+.Ve
+.PP
+Query status information using request read from a file, write response to a
+second file.
+.PP
+.Vb 2
+\& openssl ocsp \-index demoCA/index.txt \-rsigner rcert.pem \-CA demoCA/cacert.pem
+\& \-reqin req.der \-respout resp.der
+.Ve
diff --git a/secure/usr.bin/openssl/man/openssl.1 b/secure/usr.bin/openssl/man/openssl.1
new file mode 100644
index 0000000..8f6a7c3
--- /dev/null
+++ b/secure/usr.bin/openssl/man/openssl.1
@@ -0,0 +1,409 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "OPENSSL 1"
+.TH OPENSSL 1 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+openssl \- OpenSSL command line tool
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+\&\fBopenssl\fR
+\&\fIcommand\fR
+[ \fIcommand_opts\fR ]
+[ \fIcommand_args\fR ]
+.PP
+\&\fBopenssl\fR [ \fBlist-standard-commands\fR | \fBlist-message-digest-commands\fR | \fBlist-cipher-commands\fR ]
+.PP
+\&\fBopenssl\fR \fBno\-\fR\fI\s-1XXX\s0\fR [ \fIarbitrary options\fR ]
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+OpenSSL is a cryptography toolkit implementing the Secure Sockets Layer (\s-1SSL\s0
+v2/v3) and Transport Layer Security (\s-1TLS\s0 v1) network protocols and related
+cryptography standards required by them.
+.PP
+The \fBopenssl\fR program is a command line tool for using the various
+cryptography functions of OpenSSL's \fBcrypto\fR library from the shell.
+It can be used for
+.PP
+.Vb 6
+\& o Creation of RSA, DH and DSA key parameters
+\& o Creation of X.509 certificates, CSRs and CRLs
+\& o Calculation of Message Digests
+\& o Encryption and Decryption with Ciphers
+\& o SSL/TLS Client and Server Tests
+\& o Handling of S/MIME signed or encrypted mail
+.Ve
+.SH "COMMAND SUMMARY"
+.IX Header "COMMAND SUMMARY"
+The \fBopenssl\fR program provides a rich variety of commands (\fIcommand\fR in the
+\&\s-1SYNOPSIS\s0 above), each of which often has a wealth of options and arguments
+(\fIcommand_opts\fR and \fIcommand_args\fR in the \s-1SYNOPSIS\s0).
+.PP
+The pseudo-commands \fBlist-standard-commands\fR, \fBlist-message-digest-commands\fR,
+and \fBlist-cipher-commands\fR output a list (one entry per line) of the names
+of all standard commands, message digest commands, or cipher commands,
+respectively, that are available in the present \fBopenssl\fR utility.
+.PP
+The pseudo-command \fBno\-\fR\fI\s-1XXX\s0\fR tests whether a command of the
+specified name is available. If no command named \fI\s-1XXX\s0\fR exists, it
+returns 0 (success) and prints \fBno\-\fR\fI\s-1XXX\s0\fR; otherwise it returns 1
+and prints \fI\s-1XXX\s0\fR. In both cases, the output goes to \fBstdout\fR and
+nothing is printed to \fBstderr\fR. Additional command line arguments
+are always ignored. Since for each cipher there is a command of the
+same name, this provides an easy way for shell scripts to test for the
+availability of ciphers in the \fBopenssl\fR program. (\fBno\-\fR\fI\s-1XXX\s0\fR is
+not able to detect pseudo-commands such as \fBquit\fR,
+\&\fBlist\-\fR\fI...\fR\fB\-commands\fR, or \fBno\-\fR\fI\s-1XXX\s0\fR itself.)
+.SS "\s-1STANDARD\s0 \s-1COMMANDS\s0"
+.IX Subsection "STANDARD COMMANDS"
+.IP "\fBasn1parse\fR" 10
+.IX Item "asn1parse"
+Parse an \s-1ASN\s0.1 sequence.
+.IP "\fBca\fR" 10
+.IX Item "ca"
+Certificate Authority (\s-1CA\s0) Management.
+.IP "\fBciphers\fR" 10
+.IX Item "ciphers"
+Cipher Suite Description Determination.
+.IP "\fBcrl\fR" 10
+.IX Item "crl"
+Certificate Revocation List (\s-1CRL\s0) Management.
+.IP "\fBcrl2pkcs7\fR" 10
+.IX Item "crl2pkcs7"
+\&\s-1CRL\s0 to PKCS#7 Conversion.
+.IP "\fBdgst\fR" 10
+.IX Item "dgst"
+Message Digest Calculation.
+.IP "\fBdh\fR" 10
+.IX Item "dh"
+Diffie-Hellman Parameter Management.
+Obsoleted by \fBdhparam\fR.
+.IP "\fBdsa\fR" 10
+.IX Item "dsa"
+\&\s-1DSA\s0 Data Management.
+.IP "\fBdsaparam\fR" 10
+.IX Item "dsaparam"
+\&\s-1DSA\s0 Parameter Generation.
+.IP "\fBenc\fR" 10
+.IX Item "enc"
+Encoding with Ciphers.
+.IP "\fBerrstr\fR" 10
+.IX Item "errstr"
+Error Number to Error String Conversion.
+.IP "\fBdhparam\fR" 10
+.IX Item "dhparam"
+Generation and Management of Diffie-Hellman Parameters.
+.IP "\fBgendh\fR" 10
+.IX Item "gendh"
+Generation of Diffie-Hellman Parameters.
+Obsoleted by \fBdhparam\fR.
+.IP "\fBgendsa\fR" 10
+.IX Item "gendsa"
+Generation of \s-1DSA\s0 Parameters.
+.IP "\fBgenrsa\fR" 10
+.IX Item "genrsa"
+Generation of \s-1RSA\s0 Parameters.
+.IP "\fBocsp\fR" 10
+.IX Item "ocsp"
+Online Certificate Status Protocol utility.
+.IP "\fBpasswd\fR" 10
+.IX Item "passwd"
+Generation of hashed passwords.
+.IP "\fBpkcs12\fR" 10
+.IX Item "pkcs12"
+PKCS#12 Data Management.
+.IP "\fBpkcs7\fR" 10
+.IX Item "pkcs7"
+PKCS#7 Data Management.
+.IP "\fBrand\fR" 10
+.IX Item "rand"
+Generate pseudo-random bytes.
+.IP "\fBreq\fR" 10
+.IX Item "req"
+X.509 Certificate Signing Request (\s-1CSR\s0) Management.
+.IP "\fBrsa\fR" 10
+.IX Item "rsa"
+\&\s-1RSA\s0 Data Management.
+.IP "\fBrsautl\fR" 10
+.IX Item "rsautl"
+\&\s-1RSA\s0 utility for signing, verification, encryption, and decryption.
+.IP "\fBs_client\fR" 10
+.IX Item "s_client"
+This implements a generic \s-1SSL/TLS\s0 client which can establish a transparent
+connection to a remote server speaking \s-1SSL/TLS\s0. It's intended for testing
+purposes only and provides only rudimentary interface functionality but
+internally uses mostly all functionality of the OpenSSL \fBssl\fR library.
+.IP "\fBs_server\fR" 10
+.IX Item "s_server"
+This implements a generic \s-1SSL/TLS\s0 server which accepts connections from remote
+clients speaking \s-1SSL/TLS\s0. It's intended for testing purposes only and provides
+only rudimentary interface functionality but internally uses mostly all
+functionality of the OpenSSL \fBssl\fR library. It provides both an own command
+line oriented protocol for testing \s-1SSL\s0 functions and a simple \s-1HTTP\s0 response
+facility to emulate an SSL/TLS\-aware webserver.
+.IP "\fBs_time\fR" 10
+.IX Item "s_time"
+\&\s-1SSL\s0 Connection Timer.
+.IP "\fBsess_id\fR" 10
+.IX Item "sess_id"
+\&\s-1SSL\s0 Session Data Management.
+.IP "\fBsmime\fR" 10
+.IX Item "smime"
+S/MIME mail processing.
+.IP "\fBspeed\fR" 10
+.IX Item "speed"
+Algorithm Speed Measurement.
+.IP "\fBverify\fR" 10
+.IX Item "verify"
+X.509 Certificate Verification.
+.IP "\fBversion\fR" 10
+.IX Item "version"
+OpenSSL Version Information.
+.IP "\fBx509\fR" 10
+.IX Item "x509"
+X.509 Certificate Data Management.
+.SS "\s-1MESSAGE\s0 \s-1DIGEST\s0 \s-1COMMANDS\s0"
+.IX Subsection "MESSAGE DIGEST COMMANDS"
+.IP "\fBmd2\fR" 10
+.IX Item "md2"
+\&\s-1MD2\s0 Digest
+.IP "\fBmd5\fR" 10
+.IX Item "md5"
+\&\s-1MD5\s0 Digest
+.IP "\fBmdc2\fR" 10
+.IX Item "mdc2"
+\&\s-1MDC2\s0 Digest
+.IP "\fBrmd160\fR" 10
+.IX Item "rmd160"
+\&\s-1RMD\-160\s0 Digest
+.IP "\fBsha\fR" 10
+.IX Item "sha"
+\&\s-1SHA\s0 Digest
+.IP "\fBsha1\fR" 10
+.IX Item "sha1"
+\&\s-1SHA\-1\s0 Digest
+.IP "\fBsha224\fR" 10
+.IX Item "sha224"
+\&\s-1SHA\-224\s0 Digest
+.IP "\fBsha256\fR" 10
+.IX Item "sha256"
+\&\s-1SHA\-256\s0 Digest
+.IP "\fBsha384\fR" 10
+.IX Item "sha384"
+\&\s-1SHA\-384\s0 Digest
+.IP "\fBsha512\fR" 10
+.IX Item "sha512"
+\&\s-1SHA\-512\s0 Digest
+.SS "\s-1ENCODING\s0 \s-1AND\s0 \s-1CIPHER\s0 \s-1COMMANDS\s0"
+.IX Subsection "ENCODING AND CIPHER COMMANDS"
+.IP "\fBbase64\fR" 10
+.IX Item "base64"
+Base64 Encoding
+.IP "\fBbf bf-cbc bf-cfb bf-ecb bf-ofb\fR" 10
+.IX Item "bf bf-cbc bf-cfb bf-ecb bf-ofb"
+Blowfish Cipher
+.IP "\fBcast cast-cbc\fR" 10
+.IX Item "cast cast-cbc"
+\&\s-1CAST\s0 Cipher
+.IP "\fBcast5\-cbc cast5\-cfb cast5\-ecb cast5\-ofb\fR" 10
+.IX Item "cast5-cbc cast5-cfb cast5-ecb cast5-ofb"
+\&\s-1CAST5\s0 Cipher
+.IP "\fBdes des-cbc des-cfb des-ecb des-ede des-ede-cbc des-ede-cfb des-ede-ofb des-ofb\fR" 10
+.IX Item "des des-cbc des-cfb des-ecb des-ede des-ede-cbc des-ede-cfb des-ede-ofb des-ofb"
+\&\s-1DES\s0 Cipher
+.IP "\fBdes3 desx des\-ede3 des\-ede3\-cbc des\-ede3\-cfb des\-ede3\-ofb\fR" 10
+.IX Item "des3 desx des-ede3 des-ede3-cbc des-ede3-cfb des-ede3-ofb"
+Triple-DES Cipher
+.IP "\fBidea idea-cbc idea-cfb idea-ecb idea-ofb\fR" 10
+.IX Item "idea idea-cbc idea-cfb idea-ecb idea-ofb"
+\&\s-1IDEA\s0 Cipher
+.IP "\fBrc2 rc2\-cbc rc2\-cfb rc2\-ecb rc2\-ofb\fR" 10
+.IX Item "rc2 rc2-cbc rc2-cfb rc2-ecb rc2-ofb"
+\&\s-1RC2\s0 Cipher
+.IP "\fBrc4\fR" 10
+.IX Item "rc4"
+\&\s-1RC4\s0 Cipher
+.IP "\fBrc5 rc5\-cbc rc5\-cfb rc5\-ecb rc5\-ofb\fR" 10
+.IX Item "rc5 rc5-cbc rc5-cfb rc5-ecb rc5-ofb"
+\&\s-1RC5\s0 Cipher
+.SH "PASS PHRASE ARGUMENTS"
+.IX Header "PASS PHRASE ARGUMENTS"
+Several commands accept password arguments, typically using \fB\-passin\fR
+and \fB\-passout\fR for input and output passwords respectively. These allow
+the password to be obtained from a variety of sources. Both of these
+options take a single argument whose format is described below. If no
+password argument is given and a password is required then the user is
+prompted to enter one: this will typically be read from the current
+terminal with echoing turned off.
+.IP "\fBpass:password\fR" 10
+.IX Item "pass:password"
+the actual password is \fBpassword\fR. Since the password is visible
+to utilities (like 'ps' under Unix) this form should only be used
+where security is not important.
+.IP "\fBenv:var\fR" 10
+.IX Item "env:var"
+obtain the password from the environment variable \fBvar\fR. Since
+the environment of other processes is visible on certain platforms
+(e.g. ps under certain Unix OSes) this option should be used with caution.
+.IP "\fBfile:pathname\fR" 10
+.IX Item "file:pathname"
+the first line of \fBpathname\fR is the password. If the same \fBpathname\fR
+argument is supplied to \fB\-passin\fR and \fB\-passout\fR arguments then the first
+line will be used for the input password and the next line for the output
+password. \fBpathname\fR need not refer to a regular file: it could for example
+refer to a device or named pipe.
+.IP "\fBfd:number\fR" 10
+.IX Item "fd:number"
+read the password from the file descriptor \fBnumber\fR. This can be used to
+send the data via a pipe for example.
+.IP "\fBstdin\fR" 10
+.IX Item "stdin"
+read the password from standard input.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIasn1parse\fR\|(1), \fIca\fR\|(1), \fIconfig\fR\|(5),
+\&\fIcrl\fR\|(1), \fIcrl2pkcs7\fR\|(1), \fIdgst\fR\|(1),
+\&\fIdhparam\fR\|(1), \fIdsa\fR\|(1), \fIdsaparam\fR\|(1),
+\&\fIenc\fR\|(1), \fIgendsa\fR\|(1),
+\&\fIgenrsa\fR\|(1), \fInseq\fR\|(1), \fIopenssl\fR\|(1),
+\&\fIpasswd\fR\|(1),
+\&\fIpkcs12\fR\|(1), \fIpkcs7\fR\|(1), \fIpkcs8\fR\|(1),
+\&\fIrand\fR\|(1), \fIreq\fR\|(1), \fIrsa\fR\|(1),
+\&\fIrsautl\fR\|(1), \fIs_client\fR\|(1),
+\&\fIs_server\fR\|(1), \fIs_time\fR\|(1),
+\&\fIsmime\fR\|(1), \fIspkac\fR\|(1),
+\&\fIverify\fR\|(1), \fIversion\fR\|(1), \fIx509\fR\|(1),
+\&\fIcrypto\fR\|(3), \fIssl\fR\|(3)
+.SH "HISTORY"
+.IX Header "HISTORY"
+The \fIopenssl\fR\|(1) document appeared in OpenSSL 0.9.2.
+The \fBlist\-\fR\fI\s-1XXX\s0\fR\fB\-commands\fR pseudo-commands were added in OpenSSL 0.9.3;
+the \fBno\-\fR\fI\s-1XXX\s0\fR pseudo-commands were added in OpenSSL 0.9.5a.
+For notes on the availability of other commands, see their individual
+manual pages.
diff --git a/secure/usr.bin/openssl/man/passwd.1 b/secure/usr.bin/openssl/man/passwd.1
new file mode 100644
index 0000000..e88cebe
--- /dev/null
+++ b/secure/usr.bin/openssl/man/passwd.1
@@ -0,0 +1,192 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "PASSWD 1"
+.TH PASSWD 1 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+passwd \- compute password hashes
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+\&\fBopenssl passwd\fR
+[\fB\-crypt\fR]
+[\fB\-1\fR]
+[\fB\-apr1\fR]
+[\fB\-salt\fR \fIstring\fR]
+[\fB\-in\fR \fIfile\fR]
+[\fB\-stdin\fR]
+[\fB\-noverify\fR]
+[\fB\-quiet\fR]
+[\fB\-table\fR]
+{\fIpassword\fR}
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+The \fBpasswd\fR command computes the hash of a password typed at
+run-time or the hash of each password in a list. The password list is
+taken from the named file for option \fB\-in file\fR, from stdin for
+option \fB\-stdin\fR, or from the command line, or from the terminal otherwise.
+The Unix standard algorithm \fBcrypt\fR and the MD5\-based \s-1BSD\s0 password
+algorithm \fB1\fR and its Apache variant \fBapr1\fR are available.
+.SH "OPTIONS"
+.IX Header "OPTIONS"
+.IP "\fB\-crypt\fR" 4
+.IX Item "-crypt"
+Use the \fBcrypt\fR algorithm (default).
+.IP "\fB\-1\fR" 4
+.IX Item "-1"
+Use the \s-1MD5\s0 based \s-1BSD\s0 password algorithm \fB1\fR.
+.IP "\fB\-apr1\fR" 4
+.IX Item "-apr1"
+Use the \fBapr1\fR algorithm (Apache variant of the \s-1BSD\s0 algorithm).
+.IP "\fB\-salt\fR \fIstring\fR" 4
+.IX Item "-salt string"
+Use the specified salt.
+When reading a password from the terminal, this implies \fB\-noverify\fR.
+.IP "\fB\-in\fR \fIfile\fR" 4
+.IX Item "-in file"
+Read passwords from \fIfile\fR.
+.IP "\fB\-stdin\fR" 4
+.IX Item "-stdin"
+Read passwords from \fBstdin\fR.
+.IP "\fB\-noverify\fR" 4
+.IX Item "-noverify"
+Don't verify when reading a password from the terminal.
+.IP "\fB\-quiet\fR" 4
+.IX Item "-quiet"
+Don't output warnings when passwords given at the command line are truncated.
+.IP "\fB\-table\fR" 4
+.IX Item "-table"
+In the output list, prepend the cleartext password and a \s-1TAB\s0 character
+to each password hash.
+.SH "EXAMPLES"
+.IX Header "EXAMPLES"
+\&\fBopenssl passwd \-crypt \-salt xx password\fR prints \fBxxj31ZMTZzkVA\fR.
+.PP
+\&\fBopenssl passwd \-1 \-salt xxxxxxxx password\fR prints \fB\f(CB$1\fB$xxxxxxxx$UYCIxa628.9qXjpQCjM4a.\fR.
+.PP
+\&\fBopenssl passwd \-apr1 \-salt xxxxxxxx password\fR prints \fB\f(CB$apr1\fB$xxxxxxxx$dxHfLAsjHkDRmG83UXe8K0\fR.
diff --git a/secure/usr.bin/openssl/man/pkcs12.1 b/secure/usr.bin/openssl/man/pkcs12.1
new file mode 100644
index 0000000..805d58c
--- /dev/null
+++ b/secure/usr.bin/openssl/man/pkcs12.1
@@ -0,0 +1,423 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "PKCS12 1"
+.TH PKCS12 1 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+pkcs12 \- PKCS#12 file utility
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+\&\fBopenssl\fR \fBpkcs12\fR
+[\fB\-export\fR]
+[\fB\-chain\fR]
+[\fB\-inkey filename\fR]
+[\fB\-certfile filename\fR]
+[\fB\-name name\fR]
+[\fB\-caname name\fR]
+[\fB\-in filename\fR]
+[\fB\-out filename\fR]
+[\fB\-noout\fR]
+[\fB\-nomacver\fR]
+[\fB\-nocerts\fR]
+[\fB\-clcerts\fR]
+[\fB\-cacerts\fR]
+[\fB\-nokeys\fR]
+[\fB\-info\fR]
+[\fB\-des\fR]
+[\fB\-des3\fR]
+[\fB\-idea\fR]
+[\fB\-nodes\fR]
+[\fB\-noiter\fR]
+[\fB\-maciter\fR]
+[\fB\-twopass\fR]
+[\fB\-descert\fR]
+[\fB\-certpbe\fR]
+[\fB\-keypbe\fR]
+[\fB\-keyex\fR]
+[\fB\-keysig\fR]
+[\fB\-password arg\fR]
+[\fB\-passin arg\fR]
+[\fB\-passout arg\fR]
+[\fB\-rand file(s)\fR]
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+The \fBpkcs12\fR command allows PKCS#12 files (sometimes referred to as
+\&\s-1PFX\s0 files) to be created and parsed. PKCS#12 files are used by several
+programs including Netscape, \s-1MSIE\s0 and \s-1MS\s0 Outlook.
+.SH "COMMAND OPTIONS"
+.IX Header "COMMAND OPTIONS"
+There are a lot of options the meaning of some depends of whether a PKCS#12 file
+is being created or parsed. By default a PKCS#12 file is parsed a PKCS#12
+file can be created by using the \fB\-export\fR option (see below).
+.SH "PARSING OPTIONS"
+.IX Header "PARSING OPTIONS"
+.IP "\fB\-in filename\fR" 4
+.IX Item "-in filename"
+This specifies filename of the PKCS#12 file to be parsed. Standard input is used
+by default.
+.IP "\fB\-out filename\fR" 4
+.IX Item "-out filename"
+The filename to write certificates and private keys to, standard output by default.
+They are all written in \s-1PEM\s0 format.
+.IP "\fB\-pass arg\fR, \fB\-passin arg\fR" 4
+.IX Item "-pass arg, -passin arg"
+the PKCS#12 file (i.e. input file) password source. For more information about the
+format of \fBarg\fR see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in
+\&\fIopenssl\fR\|(1).
+.IP "\fB\-passout arg\fR" 4
+.IX Item "-passout arg"
+pass phrase source to encrypt any outputed private keys with. For more information
+about the format of \fBarg\fR see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in
+\&\fIopenssl\fR\|(1).
+.IP "\fB\-noout\fR" 4
+.IX Item "-noout"
+this option inhibits output of the keys and certificates to the output file version
+of the PKCS#12 file.
+.IP "\fB\-clcerts\fR" 4
+.IX Item "-clcerts"
+only output client certificates (not \s-1CA\s0 certificates).
+.IP "\fB\-cacerts\fR" 4
+.IX Item "-cacerts"
+only output \s-1CA\s0 certificates (not client certificates).
+.IP "\fB\-nocerts\fR" 4
+.IX Item "-nocerts"
+no certificates at all will be output.
+.IP "\fB\-nokeys\fR" 4
+.IX Item "-nokeys"
+no private keys will be output.
+.IP "\fB\-info\fR" 4
+.IX Item "-info"
+output additional information about the PKCS#12 file structure, algorithms used and
+iteration counts.
+.IP "\fB\-des\fR" 4
+.IX Item "-des"
+use \s-1DES\s0 to encrypt private keys before outputting.
+.IP "\fB\-des3\fR" 4
+.IX Item "-des3"
+use triple \s-1DES\s0 to encrypt private keys before outputting, this is the default.
+.IP "\fB\-idea\fR" 4
+.IX Item "-idea"
+use \s-1IDEA\s0 to encrypt private keys before outputting.
+.IP "\fB\-nodes\fR" 4
+.IX Item "-nodes"
+don't encrypt the private keys at all.
+.IP "\fB\-nomacver\fR" 4
+.IX Item "-nomacver"
+don't attempt to verify the integrity \s-1MAC\s0 before reading the file.
+.IP "\fB\-twopass\fR" 4
+.IX Item "-twopass"
+prompt for separate integrity and encryption passwords: most software
+always assumes these are the same so this option will render such
+PKCS#12 files unreadable.
+.SH "FILE CREATION OPTIONS"
+.IX Header "FILE CREATION OPTIONS"
+.IP "\fB\-export\fR" 4
+.IX Item "-export"
+This option specifies that a PKCS#12 file will be created rather than
+parsed.
+.IP "\fB\-out filename\fR" 4
+.IX Item "-out filename"
+This specifies filename to write the PKCS#12 file to. Standard output is used
+by default.
+.IP "\fB\-in filename\fR" 4
+.IX Item "-in filename"
+The filename to read certificates and private keys from, standard input by default.
+They must all be in \s-1PEM\s0 format. The order doesn't matter but one private key and
+its corresponding certificate should be present. If additional certificates are
+present they will also be included in the PKCS#12 file.
+.IP "\fB\-inkey filename\fR" 4
+.IX Item "-inkey filename"
+file to read private key from. If not present then a private key must be present
+in the input file.
+.IP "\fB\-name friendlyname\fR" 4
+.IX Item "-name friendlyname"
+This specifies the \*(L"friendly name\*(R" for the certificate and private key. This name
+is typically displayed in list boxes by software importing the file.
+.IP "\fB\-certfile filename\fR" 4
+.IX Item "-certfile filename"
+A filename to read additional certificates from.
+.IP "\fB\-caname friendlyname\fR" 4
+.IX Item "-caname friendlyname"
+This specifies the \*(L"friendly name\*(R" for other certificates. This option may be
+used multiple times to specify names for all certificates in the order they
+appear. Netscape ignores friendly names on other certificates whereas \s-1MSIE\s0
+displays them.
+.IP "\fB\-pass arg\fR, \fB\-passout arg\fR" 4
+.IX Item "-pass arg, -passout arg"
+the PKCS#12 file (i.e. output file) password source. For more information about
+the format of \fBarg\fR see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in
+\&\fIopenssl\fR\|(1).
+.IP "\fB\-passin password\fR" 4
+.IX Item "-passin password"
+pass phrase source to decrypt any input private keys with. For more information
+about the format of \fBarg\fR see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in
+\&\fIopenssl\fR\|(1).
+.IP "\fB\-chain\fR" 4
+.IX Item "-chain"
+if this option is present then an attempt is made to include the entire
+certificate chain of the user certificate. The standard \s-1CA\s0 store is used
+for this search. If the search fails it is considered a fatal error.
+.IP "\fB\-descert\fR" 4
+.IX Item "-descert"
+encrypt the certificate using triple \s-1DES\s0, this may render the PKCS#12
+file unreadable by some \*(L"export grade\*(R" software. By default the private
+key is encrypted using triple \s-1DES\s0 and the certificate using 40 bit \s-1RC2\s0.
+.IP "\fB\-keypbe alg\fR, \fB\-certpbe alg\fR" 4
+.IX Item "-keypbe alg, -certpbe alg"
+these options allow the algorithm used to encrypt the private key and
+certificates to be selected. Although any PKCS#5 v1.5 or PKCS#12 algorithms
+can be selected it is advisable only to use PKCS#12 algorithms. See the list
+in the \fB\s-1NOTES\s0\fR section for more information.
+.IP "\fB\-keyex|\-keysig\fR" 4
+.IX Item "-keyex|-keysig"
+specifies that the private key is to be used for key exchange or just signing.
+This option is only interpreted by \s-1MSIE\s0 and similar \s-1MS\s0 software. Normally
+\&\*(L"export grade\*(R" software will only allow 512 bit \s-1RSA\s0 keys to be used for
+encryption purposes but arbitrary length keys for signing. The \fB\-keysig\fR
+option marks the key for signing only. Signing only keys can be used for
+S/MIME signing, authenticode (ActiveX control signing) and \s-1SSL\s0 client
+authentication, however due to a bug only \s-1MSIE\s0 5.0 and later support
+the use of signing only keys for \s-1SSL\s0 client authentication.
+.IP "\fB\-nomaciter\fR, \fB\-noiter\fR" 4
+.IX Item "-nomaciter, -noiter"
+these options affect the iteration counts on the \s-1MAC\s0 and key algorithms.
+Unless you wish to produce files compatible with \s-1MSIE\s0 4.0 you should leave
+these options alone.
+.Sp
+To discourage attacks by using large dictionaries of common passwords the
+algorithm that derives keys from passwords can have an iteration count applied
+to it: this causes a certain part of the algorithm to be repeated and slows it
+down. The \s-1MAC\s0 is used to check the file integrity but since it will normally
+have the same password as the keys and certificates it could also be attacked.
+By default both \s-1MAC\s0 and encryption iteration counts are set to 2048, using
+these options the \s-1MAC\s0 and encryption iteration counts can be set to 1, since
+this reduces the file security you should not use these options unless you
+really have to. Most software supports both \s-1MAC\s0 and key iteration counts.
+\&\s-1MSIE\s0 4.0 doesn't support \s-1MAC\s0 iteration counts so it needs the \fB\-nomaciter\fR
+option.
+.IP "\fB\-maciter\fR" 4
+.IX Item "-maciter"
+This option is included for compatibility with previous versions, it used
+to be needed to use \s-1MAC\s0 iterations counts but they are now used by default.
+.IP "\fB\-rand file(s)\fR" 4
+.IX Item "-rand file(s)"
+a file or files containing random data used to seed the random number
+generator, or an \s-1EGD\s0 socket (see \fIRAND_egd\fR\|(3)).
+Multiple files can be specified separated by a OS-dependent character.
+The separator is \fB;\fR for MS-Windows, \fB,\fR for OpenVMS, and \fB:\fR for
+all others.
+.SH "NOTES"
+.IX Header "NOTES"
+Although there are a large number of options most of them are very rarely
+used. For PKCS#12 file parsing only \fB\-in\fR and \fB\-out\fR need to be used
+for PKCS#12 file creation \fB\-export\fR and \fB\-name\fR are also used.
+.PP
+If none of the \fB\-clcerts\fR, \fB\-cacerts\fR or \fB\-nocerts\fR options are present
+then all certificates will be output in the order they appear in the input
+PKCS#12 files. There is no guarantee that the first certificate present is
+the one corresponding to the private key. Certain software which requires
+a private key and certificate and assumes the first certificate in the
+file is the one corresponding to the private key: this may not always
+be the case. Using the \fB\-clcerts\fR option will solve this problem by only
+outputting the certificate corresponding to the private key. If the \s-1CA\s0
+certificates are required then they can be output to a separate file using
+the \fB\-nokeys \-cacerts\fR options to just output \s-1CA\s0 certificates.
+.PP
+The \fB\-keypbe\fR and \fB\-certpbe\fR algorithms allow the precise encryption
+algorithms for private keys and certificates to be specified. Normally
+the defaults are fine but occasionally software can't handle triple \s-1DES\s0
+encrypted private keys, then the option \fB\-keypbe \s-1PBE\-SHA1\-RC2\-40\s0\fR can
+be used to reduce the private key encryption to 40 bit \s-1RC2\s0. A complete
+description of all algorithms is contained in the \fBpkcs8\fR manual page.
+.SH "EXAMPLES"
+.IX Header "EXAMPLES"
+Parse a PKCS#12 file and output it to a file:
+.PP
+.Vb 1
+\& openssl pkcs12 \-in file.p12 \-out file.pem
+.Ve
+.PP
+Output only client certificates to a file:
+.PP
+.Vb 1
+\& openssl pkcs12 \-in file.p12 \-clcerts \-out file.pem
+.Ve
+.PP
+Don't encrypt the private key:
+.PP
+.Vb 1
+\& openssl pkcs12 \-in file.p12 \-out file.pem \-nodes
+.Ve
+.PP
+Print some info about a PKCS#12 file:
+.PP
+.Vb 1
+\& openssl pkcs12 \-in file.p12 \-info \-noout
+.Ve
+.PP
+Create a PKCS#12 file:
+.PP
+.Vb 1
+\& openssl pkcs12 \-export \-in file.pem \-out file.p12 \-name "My Certificate"
+.Ve
+.PP
+Include some extra certificates:
+.PP
+.Vb 2
+\& openssl pkcs12 \-export \-in file.pem \-out file.p12 \-name "My Certificate" \e
+\& \-certfile othercerts.pem
+.Ve
+.SH "BUGS"
+.IX Header "BUGS"
+Some would argue that the PKCS#12 standard is one big bug :\-)
+.PP
+Versions of OpenSSL before 0.9.6a had a bug in the PKCS#12 key generation
+routines. Under rare circumstances this could produce a PKCS#12 file encrypted
+with an invalid key. As a result some PKCS#12 files which triggered this bug
+from other implementations (\s-1MSIE\s0 or Netscape) could not be decrypted
+by OpenSSL and similarly OpenSSL could produce PKCS#12 files which could
+not be decrypted by other implementations. The chances of producing such
+a file are relatively small: less than 1 in 256.
+.PP
+A side effect of fixing this bug is that any old invalidly encrypted PKCS#12
+files cannot no longer be parsed by the fixed version. Under such circumstances
+the \fBpkcs12\fR utility will report that the \s-1MAC\s0 is \s-1OK\s0 but fail with a decryption
+error when extracting private keys.
+.PP
+This problem can be resolved by extracting the private keys and certificates
+from the PKCS#12 file using an older version of OpenSSL and recreating the PKCS#12
+file from the keys and certificates using a newer version of OpenSSL. For example:
+.PP
+.Vb 2
+\& old\-openssl \-in bad.p12 \-out keycerts.pem
+\& openssl \-in keycerts.pem \-export \-name "My PKCS#12 file" \-out fixed.p12
+.Ve
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIpkcs8\fR\|(1)
diff --git a/secure/usr.bin/openssl/man/pkcs7.1 b/secure/usr.bin/openssl/man/pkcs7.1
new file mode 100644
index 0000000..1f2619a
--- /dev/null
+++ b/secure/usr.bin/openssl/man/pkcs7.1
@@ -0,0 +1,221 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "PKCS7 1"
+.TH PKCS7 1 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+pkcs7 \- PKCS#7 utility
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+\&\fBopenssl\fR \fBpkcs7\fR
+[\fB\-inform PEM|DER\fR]
+[\fB\-outform PEM|DER\fR]
+[\fB\-in filename\fR]
+[\fB\-out filename\fR]
+[\fB\-print_certs\fR]
+[\fB\-text\fR]
+[\fB\-noout\fR]
+[\fB\-engine id\fR]
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+The \fBpkcs7\fR command processes PKCS#7 files in \s-1DER\s0 or \s-1PEM\s0 format.
+.SH "COMMAND OPTIONS"
+.IX Header "COMMAND OPTIONS"
+.IP "\fB\-inform DER|PEM\fR" 4
+.IX Item "-inform DER|PEM"
+This specifies the input format. \fB\s-1DER\s0\fR format is \s-1DER\s0 encoded PKCS#7
+v1.5 structure.\fB\s-1PEM\s0\fR (the default) is a base64 encoded version of
+the \s-1DER\s0 form with header and footer lines.
+.IP "\fB\-outform DER|PEM\fR" 4
+.IX Item "-outform DER|PEM"
+This specifies the output format, the options have the same meaning as the
+\&\fB\-inform\fR option.
+.IP "\fB\-in filename\fR" 4
+.IX Item "-in filename"
+This specifies the input filename to read from or standard input if this
+option is not specified.
+.IP "\fB\-out filename\fR" 4
+.IX Item "-out filename"
+specifies the output filename to write to or standard output by
+default.
+.IP "\fB\-print_certs\fR" 4
+.IX Item "-print_certs"
+prints out any certificates or CRLs contained in the file. They are
+preceded by their subject and issuer names in one line format.
+.IP "\fB\-text\fR" 4
+.IX Item "-text"
+prints out certificates details in full rather than just subject and
+issuer names.
+.IP "\fB\-noout\fR" 4
+.IX Item "-noout"
+don't output the encoded version of the PKCS#7 structure (or certificates
+is \fB\-print_certs\fR is set).
+.IP "\fB\-engine id\fR" 4
+.IX Item "-engine id"
+specifying an engine (by it's unique \fBid\fR string) will cause \fBreq\fR
+to attempt to obtain a functional reference to the specified engine,
+thus initialising it if needed. The engine will then be set as the default
+for all available algorithms.
+.SH "EXAMPLES"
+.IX Header "EXAMPLES"
+Convert a PKCS#7 file from \s-1PEM\s0 to \s-1DER:\s0
+.PP
+.Vb 1
+\& openssl pkcs7 \-in file.pem \-outform DER \-out file.der
+.Ve
+.PP
+Output all certificates in a file:
+.PP
+.Vb 1
+\& openssl pkcs7 \-in file.pem \-print_certs \-out certs.pem
+.Ve
+.SH "NOTES"
+.IX Header "NOTES"
+The \s-1PEM\s0 PKCS#7 format uses the header and footer lines:
+.PP
+.Vb 2
+\& \-\-\-\-\-BEGIN PKCS7\-\-\-\-\-
+\& \-\-\-\-\-END PKCS7\-\-\-\-\-
+.Ve
+.PP
+For compatibility with some CAs it will also accept:
+.PP
+.Vb 2
+\& \-\-\-\-\-BEGIN CERTIFICATE\-\-\-\-\-
+\& \-\-\-\-\-END CERTIFICATE\-\-\-\-\-
+.Ve
+.SH "RESTRICTIONS"
+.IX Header "RESTRICTIONS"
+There is no option to print out all the fields of a PKCS#7 file.
+.PP
+This PKCS#7 routines only understand PKCS#7 v 1.5 as specified in \s-1RFC2315\s0 they
+cannot currently parse, for example, the new \s-1CMS\s0 as described in \s-1RFC2630\s0.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIcrl2pkcs7\fR\|(1)
diff --git a/secure/usr.bin/openssl/man/pkcs8.1 b/secure/usr.bin/openssl/man/pkcs8.1
new file mode 100644
index 0000000..36535de
--- /dev/null
+++ b/secure/usr.bin/openssl/man/pkcs8.1
@@ -0,0 +1,350 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "PKCS8 1"
+.TH PKCS8 1 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+pkcs8 \- PKCS#8 format private key conversion tool
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+\&\fBopenssl\fR \fBpkcs8\fR
+[\fB\-topk8\fR]
+[\fB\-inform PEM|DER\fR]
+[\fB\-outform PEM|DER\fR]
+[\fB\-in filename\fR]
+[\fB\-passin arg\fR]
+[\fB\-out filename\fR]
+[\fB\-passout arg\fR]
+[\fB\-noiter\fR]
+[\fB\-nocrypt\fR]
+[\fB\-nooct\fR]
+[\fB\-embed\fR]
+[\fB\-nsdb\fR]
+[\fB\-v2 alg\fR]
+[\fB\-v1 alg\fR]
+[\fB\-engine id\fR]
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+The \fBpkcs8\fR command processes private keys in PKCS#8 format. It can handle
+both unencrypted PKCS#8 PrivateKeyInfo format and EncryptedPrivateKeyInfo
+format with a variety of PKCS#5 (v1.5 and v2.0) and PKCS#12 algorithms.
+.SH "COMMAND OPTIONS"
+.IX Header "COMMAND OPTIONS"
+.IP "\fB\-topk8\fR" 4
+.IX Item "-topk8"
+Normally a PKCS#8 private key is expected on input and a traditional format
+private key will be written. With the \fB\-topk8\fR option the situation is
+reversed: it reads a traditional format private key and writes a PKCS#8
+format key.
+.IP "\fB\-inform DER|PEM\fR" 4
+.IX Item "-inform DER|PEM"
+This specifies the input format. If a PKCS#8 format key is expected on input
+then either a \fB\s-1DER\s0\fR or \fB\s-1PEM\s0\fR encoded version of a PKCS#8 key will be
+expected. Otherwise the \fB\s-1DER\s0\fR or \fB\s-1PEM\s0\fR format of the traditional format
+private key is used.
+.IP "\fB\-outform DER|PEM\fR" 4
+.IX Item "-outform DER|PEM"
+This specifies the output format, the options have the same meaning as the
+\&\fB\-inform\fR option.
+.IP "\fB\-in filename\fR" 4
+.IX Item "-in filename"
+This specifies the input filename to read a key from or standard input if this
+option is not specified. If the key is encrypted a pass phrase will be
+prompted for.
+.IP "\fB\-passin arg\fR" 4
+.IX Item "-passin arg"
+the input file password source. For more information about the format of \fBarg\fR
+see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
+.IP "\fB\-out filename\fR" 4
+.IX Item "-out filename"
+This specifies the output filename to write a key to or standard output by
+default. If any encryption options are set then a pass phrase will be
+prompted for. The output filename should \fBnot\fR be the same as the input
+filename.
+.IP "\fB\-passout arg\fR" 4
+.IX Item "-passout arg"
+the output file password source. For more information about the format of \fBarg\fR
+see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
+.IP "\fB\-nocrypt\fR" 4
+.IX Item "-nocrypt"
+PKCS#8 keys generated or input are normally PKCS#8 EncryptedPrivateKeyInfo
+structures using an appropriate password based encryption algorithm. With
+this option an unencrypted PrivateKeyInfo structure is expected or output.
+This option does not encrypt private keys at all and should only be used
+when absolutely necessary. Certain software such as some versions of Java
+code signing software used unencrypted private keys.
+.IP "\fB\-nooct\fR" 4
+.IX Item "-nooct"
+This option generates \s-1RSA\s0 private keys in a broken format that some software
+uses. Specifically the private key should be enclosed in a \s-1OCTET\s0 \s-1STRING\s0
+but some software just includes the structure itself without the
+surrounding \s-1OCTET\s0 \s-1STRING\s0.
+.IP "\fB\-embed\fR" 4
+.IX Item "-embed"
+This option generates \s-1DSA\s0 keys in a broken format. The \s-1DSA\s0 parameters are
+embedded inside the PrivateKey structure. In this form the \s-1OCTET\s0 \s-1STRING\s0
+contains an \s-1ASN1\s0 \s-1SEQUENCE\s0 consisting of two structures: a \s-1SEQUENCE\s0 containing
+the parameters and an \s-1ASN1\s0 \s-1INTEGER\s0 containing the private key.
+.IP "\fB\-nsdb\fR" 4
+.IX Item "-nsdb"
+This option generates \s-1DSA\s0 keys in a broken format compatible with Netscape
+private key databases. The PrivateKey contains a \s-1SEQUENCE\s0 consisting of
+the public and private keys respectively.
+.IP "\fB\-v2 alg\fR" 4
+.IX Item "-v2 alg"
+This option enables the use of PKCS#5 v2.0 algorithms. Normally PKCS#8
+private keys are encrypted with the password based encryption algorithm
+called \fBpbeWithMD5AndDES\-CBC\fR this uses 56 bit \s-1DES\s0 encryption but it
+was the strongest encryption algorithm supported in PKCS#5 v1.5. Using
+the \fB\-v2\fR option PKCS#5 v2.0 algorithms are used which can use any
+encryption algorithm such as 168 bit triple \s-1DES\s0 or 128 bit \s-1RC2\s0 however
+not many implementations support PKCS#5 v2.0 yet. If you are just using
+private keys with OpenSSL then this doesn't matter.
+.Sp
+The \fBalg\fR argument is the encryption algorithm to use, valid values include
+\&\fBdes\fR, \fBdes3\fR and \fBrc2\fR. It is recommended that \fBdes3\fR is used.
+.IP "\fB\-v1 alg\fR" 4
+.IX Item "-v1 alg"
+This option specifies a PKCS#5 v1.5 or PKCS#12 algorithm to use. A complete
+list of possible algorithms is included below.
+.IP "\fB\-engine id\fR" 4
+.IX Item "-engine id"
+specifying an engine (by it's unique \fBid\fR string) will cause \fBreq\fR
+to attempt to obtain a functional reference to the specified engine,
+thus initialising it if needed. The engine will then be set as the default
+for all available algorithms.
+.SH "NOTES"
+.IX Header "NOTES"
+The encrypted form of a \s-1PEM\s0 encode PKCS#8 files uses the following
+headers and footers:
+.PP
+.Vb 2
+\& \-\-\-\-\-BEGIN ENCRYPTED PRIVATE KEY\-\-\-\-\-
+\& \-\-\-\-\-END ENCRYPTED PRIVATE KEY\-\-\-\-\-
+.Ve
+.PP
+The unencrypted form uses:
+.PP
+.Vb 2
+\& \-\-\-\-\-BEGIN PRIVATE KEY\-\-\-\-\-
+\& \-\-\-\-\-END PRIVATE KEY\-\-\-\-\-
+.Ve
+.PP
+Private keys encrypted using PKCS#5 v2.0 algorithms and high iteration
+counts are more secure that those encrypted using the traditional
+SSLeay compatible formats. So if additional security is considered
+important the keys should be converted.
+.PP
+The default encryption is only 56 bits because this is the encryption
+that most current implementations of PKCS#8 will support.
+.PP
+Some software may use PKCS#12 password based encryption algorithms
+with PKCS#8 format private keys: these are handled automatically
+but there is no option to produce them.
+.PP
+It is possible to write out \s-1DER\s0 encoded encrypted private keys in
+PKCS#8 format because the encryption details are included at an \s-1ASN1\s0
+level whereas the traditional format includes them at a \s-1PEM\s0 level.
+.SH "PKCS#5 v1.5 and PKCS#12 algorithms."
+.IX Header "PKCS#5 v1.5 and PKCS#12 algorithms."
+Various algorithms can be used with the \fB\-v1\fR command line option,
+including PKCS#5 v1.5 and PKCS#12. These are described in more detail
+below.
+.IP "\fB\s-1PBE\-MD2\-DES\s0 \s-1PBE\-MD5\-DES\s0\fR" 4
+.IX Item "PBE-MD2-DES PBE-MD5-DES"
+These algorithms were included in the original PKCS#5 v1.5 specification.
+They only offer 56 bits of protection since they both use \s-1DES\s0.
+.IP "\fB\s-1PBE\-SHA1\-RC2\-64\s0 \s-1PBE\-MD2\-RC2\-64\s0 \s-1PBE\-MD5\-RC2\-64\s0 \s-1PBE\-SHA1\-DES\s0\fR" 4
+.IX Item "PBE-SHA1-RC2-64 PBE-MD2-RC2-64 PBE-MD5-RC2-64 PBE-SHA1-DES"
+These algorithms are not mentioned in the original PKCS#5 v1.5 specification
+but they use the same key derivation algorithm and are supported by some
+software. They are mentioned in PKCS#5 v2.0. They use either 64 bit \s-1RC2\s0 or
+56 bit \s-1DES\s0.
+.IP "\fB\s-1PBE\-SHA1\-RC4\-128\s0 \s-1PBE\-SHA1\-RC4\-40\s0 \s-1PBE\-SHA1\-3DES\s0 \s-1PBE\-SHA1\-2DES\s0 \s-1PBE\-SHA1\-RC2\-128\s0 \s-1PBE\-SHA1\-RC2\-40\s0\fR" 4
+.IX Item "PBE-SHA1-RC4-128 PBE-SHA1-RC4-40 PBE-SHA1-3DES PBE-SHA1-2DES PBE-SHA1-RC2-128 PBE-SHA1-RC2-40"
+These algorithms use the PKCS#12 password based encryption algorithm and
+allow strong encryption algorithms like triple \s-1DES\s0 or 128 bit \s-1RC2\s0 to be used.
+.SH "EXAMPLES"
+.IX Header "EXAMPLES"
+Convert a private from traditional to PKCS#5 v2.0 format using triple
+\&\s-1DES:\s0
+.PP
+.Vb 1
+\& openssl pkcs8 \-in key.pem \-topk8 \-v2 des3 \-out enckey.pem
+.Ve
+.PP
+Convert a private key to PKCS#8 using a PKCS#5 1.5 compatible algorithm
+(\s-1DES\s0):
+.PP
+.Vb 1
+\& openssl pkcs8 \-in key.pem \-topk8 \-out enckey.pem
+.Ve
+.PP
+Convert a private key to PKCS#8 using a PKCS#12 compatible algorithm
+(3DES):
+.PP
+.Vb 1
+\& openssl pkcs8 \-in key.pem \-topk8 \-out enckey.pem \-v1 PBE\-SHA1\-3DES
+.Ve
+.PP
+Read a \s-1DER\s0 unencrypted PKCS#8 format private key:
+.PP
+.Vb 1
+\& openssl pkcs8 \-inform DER \-nocrypt \-in key.der \-out key.pem
+.Ve
+.PP
+Convert a private key from any PKCS#8 format to traditional format:
+.PP
+.Vb 1
+\& openssl pkcs8 \-in pk8.pem \-out key.pem
+.Ve
+.SH "STANDARDS"
+.IX Header "STANDARDS"
+Test vectors from this PKCS#5 v2.0 implementation were posted to the
+pkcs-tng mailing list using triple \s-1DES\s0, \s-1DES\s0 and \s-1RC2\s0 with high iteration
+counts, several people confirmed that they could decrypt the private
+keys produced and Therefore it can be assumed that the PKCS#5 v2.0
+implementation is reasonably accurate at least as far as these
+algorithms are concerned.
+.PP
+The format of PKCS#8 \s-1DSA\s0 (and other) private keys is not well documented:
+it is hidden away in PKCS#11 v2.01, section 11.9. OpenSSL's default \s-1DSA\s0
+PKCS#8 private key format complies with this standard.
+.SH "BUGS"
+.IX Header "BUGS"
+There should be an option that prints out the encryption algorithm
+in use and other details such as the iteration count.
+.PP
+PKCS#8 using triple \s-1DES\s0 and PKCS#5 v2.0 should be the default private
+key format for OpenSSL: for compatibility several of the utilities use
+the old format at present.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIdsa\fR\|(1), \fIrsa\fR\|(1), \fIgenrsa\fR\|(1),
+\&\fIgendsa\fR\|(1)
diff --git a/secure/usr.bin/openssl/man/rand.1 b/secure/usr.bin/openssl/man/rand.1
new file mode 100644
index 0000000..9e501d0
--- /dev/null
+++ b/secure/usr.bin/openssl/man/rand.1
@@ -0,0 +1,170 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "RAND 1"
+.TH RAND 1 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+rand \- generate pseudo\-random bytes
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+\&\fBopenssl rand\fR
+[\fB\-out\fR \fIfile\fR]
+[\fB\-rand\fR \fIfile(s)\fR]
+[\fB\-base64\fR]
+[\fB\-hex\fR]
+\&\fInum\fR
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+The \fBrand\fR command outputs \fInum\fR pseudo-random bytes after seeding
+the random number generator once. As in other \fBopenssl\fR command
+line tools, \s-1PRNG\s0 seeding uses the file \fI\f(CI$HOME\fI/\fR\fB.rnd\fR or \fB.rnd\fR
+in addition to the files given in the \fB\-rand\fR option. A new
+\&\fI\f(CI$HOME\fI\fR/\fB.rnd\fR or \fB.rnd\fR file will be written back if enough
+seeding was obtained from these sources.
+.SH "OPTIONS"
+.IX Header "OPTIONS"
+.IP "\fB\-out\fR \fIfile\fR" 4
+.IX Item "-out file"
+Write to \fIfile\fR instead of standard output.
+.IP "\fB\-rand\fR \fIfile(s)\fR" 4
+.IX Item "-rand file(s)"
+Use specified file or files or \s-1EGD\s0 socket (see \fIRAND_egd\fR\|(3))
+for seeding the random number generator.
+Multiple files can be specified separated by a OS-dependent character.
+The separator is \fB;\fR for MS-Windows, \fB,\fR for OpenVMS, and \fB:\fR for
+all others.
+.IP "\fB\-base64\fR" 4
+.IX Item "-base64"
+Perform base64 encoding on the output.
+.IP "\fB\-hex\fR" 4
+.IX Item "-hex"
+Show the output as a hex string.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIRAND_bytes\fR\|(3)
diff --git a/secure/usr.bin/openssl/man/req.1 b/secure/usr.bin/openssl/man/req.1
new file mode 100644
index 0000000..8267f35
--- /dev/null
+++ b/secure/usr.bin/openssl/man/req.1
@@ -0,0 +1,701 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "REQ 1"
+.TH REQ 1 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+req \- PKCS#10 certificate request and certificate generating utility.
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+\&\fBopenssl\fR \fBreq\fR
+[\fB\-inform PEM|DER\fR]
+[\fB\-outform PEM|DER\fR]
+[\fB\-in filename\fR]
+[\fB\-passin arg\fR]
+[\fB\-out filename\fR]
+[\fB\-passout arg\fR]
+[\fB\-text\fR]
+[\fB\-pubkey\fR]
+[\fB\-noout\fR]
+[\fB\-verify\fR]
+[\fB\-modulus\fR]
+[\fB\-new\fR]
+[\fB\-rand file(s)\fR]
+[\fB\-newkey rsa:bits\fR]
+[\fB\-newkey dsa:file\fR]
+[\fB\-nodes\fR]
+[\fB\-key filename\fR]
+[\fB\-keyform PEM|DER\fR]
+[\fB\-keyout filename\fR]
+[\fB\-[md5|sha1|md2|mdc2]\fR]
+[\fB\-config filename\fR]
+[\fB\-subj arg\fR]
+[\fB\-multivalue\-rdn\fR]
+[\fB\-x509\fR]
+[\fB\-days n\fR]
+[\fB\-set_serial n\fR]
+[\fB\-asn1\-kludge\fR]
+[\fB\-newhdr\fR]
+[\fB\-extensions section\fR]
+[\fB\-reqexts section\fR]
+[\fB\-utf8\fR]
+[\fB\-nameopt\fR]
+[\fB\-batch\fR]
+[\fB\-verbose\fR]
+[\fB\-engine id\fR]
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+The \fBreq\fR command primarily creates and processes certificate requests
+in PKCS#10 format. It can additionally create self signed certificates
+for use as root CAs for example.
+.SH "COMMAND OPTIONS"
+.IX Header "COMMAND OPTIONS"
+.IP "\fB\-inform DER|PEM\fR" 4
+.IX Item "-inform DER|PEM"
+This specifies the input format. The \fB\s-1DER\s0\fR option uses an \s-1ASN1\s0 \s-1DER\s0 encoded
+form compatible with the PKCS#10. The \fB\s-1PEM\s0\fR form is the default format: it
+consists of the \fB\s-1DER\s0\fR format base64 encoded with additional header and
+footer lines.
+.IP "\fB\-outform DER|PEM\fR" 4
+.IX Item "-outform DER|PEM"
+This specifies the output format, the options have the same meaning as the
+\&\fB\-inform\fR option.
+.IP "\fB\-in filename\fR" 4
+.IX Item "-in filename"
+This specifies the input filename to read a request from or standard input
+if this option is not specified. A request is only read if the creation
+options (\fB\-new\fR and \fB\-newkey\fR) are not specified.
+.IP "\fB\-passin arg\fR" 4
+.IX Item "-passin arg"
+the input file password source. For more information about the format of \fBarg\fR
+see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
+.IP "\fB\-out filename\fR" 4
+.IX Item "-out filename"
+This specifies the output filename to write to or standard output by
+default.
+.IP "\fB\-passout arg\fR" 4
+.IX Item "-passout arg"
+the output file password source. For more information about the format of \fBarg\fR
+see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
+.IP "\fB\-text\fR" 4
+.IX Item "-text"
+prints out the certificate request in text form.
+.IP "\fB\-pubkey\fR" 4
+.IX Item "-pubkey"
+outputs the public key.
+.IP "\fB\-noout\fR" 4
+.IX Item "-noout"
+this option prevents output of the encoded version of the request.
+.IP "\fB\-modulus\fR" 4
+.IX Item "-modulus"
+this option prints out the value of the modulus of the public key
+contained in the request.
+.IP "\fB\-verify\fR" 4
+.IX Item "-verify"
+verifies the signature on the request.
+.IP "\fB\-new\fR" 4
+.IX Item "-new"
+this option generates a new certificate request. It will prompt
+the user for the relevant field values. The actual fields
+prompted for and their maximum and minimum sizes are specified
+in the configuration file and any requested extensions.
+.Sp
+If the \fB\-key\fR option is not used it will generate a new \s-1RSA\s0 private
+key using information specified in the configuration file.
+.IP "\fB\-rand file(s)\fR" 4
+.IX Item "-rand file(s)"
+a file or files containing random data used to seed the random number
+generator, or an \s-1EGD\s0 socket (see \fIRAND_egd\fR\|(3)).
+Multiple files can be specified separated by a OS-dependent character.
+The separator is \fB;\fR for MS-Windows, \fB,\fR for OpenVMS, and \fB:\fR for
+all others.
+.IP "\fB\-newkey arg\fR" 4
+.IX Item "-newkey arg"
+this option creates a new certificate request and a new private
+key. The argument takes one of two forms. \fBrsa:nbits\fR, where
+\&\fBnbits\fR is the number of bits, generates an \s-1RSA\s0 key \fBnbits\fR
+in size. \fBdsa:filename\fR generates a \s-1DSA\s0 key using the parameters
+in the file \fBfilename\fR.
+.IP "\fB\-key filename\fR" 4
+.IX Item "-key filename"
+This specifies the file to read the private key from. It also
+accepts PKCS#8 format private keys for \s-1PEM\s0 format files.
+.IP "\fB\-keyform PEM|DER\fR" 4
+.IX Item "-keyform PEM|DER"
+the format of the private key file specified in the \fB\-key\fR
+argument. \s-1PEM\s0 is the default.
+.IP "\fB\-keyout filename\fR" 4
+.IX Item "-keyout filename"
+this gives the filename to write the newly created private key to.
+If this option is not specified then the filename present in the
+configuration file is used.
+.IP "\fB\-nodes\fR" 4
+.IX Item "-nodes"
+if this option is specified then if a private key is created it
+will not be encrypted.
+.IP "\fB\-[md5|sha1|md2|mdc2]\fR" 4
+.IX Item "-[md5|sha1|md2|mdc2]"
+this specifies the message digest to sign the request with. This
+overrides the digest algorithm specified in the configuration file.
+This option is ignored for \s-1DSA\s0 requests: they always use \s-1SHA1\s0.
+.IP "\fB\-config filename\fR" 4
+.IX Item "-config filename"
+this allows an alternative configuration file to be specified,
+this overrides the compile time filename or any specified in
+the \fB\s-1OPENSSL_CONF\s0\fR environment variable.
+.IP "\fB\-subj arg\fR" 4
+.IX Item "-subj arg"
+sets subject name for new request or supersedes the subject name
+when processing a request.
+The arg must be formatted as \fI/type0=value0/type1=value1/type2=...\fR,
+characters may be escaped by \e (backslash), no spaces are skipped.
+.IP "\fB\-multivalue\-rdn\fR" 4
+.IX Item "-multivalue-rdn"
+this option causes the \-subj argument to be interpreted with full
+support for multivalued RDNs. Example:
+.Sp
+\&\fI/DC=org/DC=OpenSSL/DC=users/UID=123456+CN=John Doe\fR
+.Sp
+If \-multi\-rdn is not used then the \s-1UID\s0 value is \fI123456+CN=John Doe\fR.
+.IP "\fB\-x509\fR" 4
+.IX Item "-x509"
+this option outputs a self signed certificate instead of a certificate
+request. This is typically used to generate a test certificate or
+a self signed root \s-1CA\s0. The extensions added to the certificate
+(if any) are specified in the configuration file. Unless specified
+using the \fBset_serial\fR option \fB0\fR will be used for the serial
+number.
+.IP "\fB\-days n\fR" 4
+.IX Item "-days n"
+when the \fB\-x509\fR option is being used this specifies the number of
+days to certify the certificate for. The default is 30 days.
+.IP "\fB\-set_serial n\fR" 4
+.IX Item "-set_serial n"
+serial number to use when outputting a self signed certificate. This
+may be specified as a decimal value or a hex value if preceded by \fB0x\fR.
+It is possible to use negative serial numbers but this is not recommended.
+.IP "\fB\-extensions section\fR" 4
+.IX Item "-extensions section"
+.PD 0
+.IP "\fB\-reqexts section\fR" 4
+.IX Item "-reqexts section"
+.PD
+these options specify alternative sections to include certificate
+extensions (if the \fB\-x509\fR option is present) or certificate
+request extensions. This allows several different sections to
+be used in the same configuration file to specify requests for
+a variety of purposes.
+.IP "\fB\-utf8\fR" 4
+.IX Item "-utf8"
+this option causes field values to be interpreted as \s-1UTF8\s0 strings, by
+default they are interpreted as \s-1ASCII\s0. This means that the field
+values, whether prompted from a terminal or obtained from a
+configuration file, must be valid \s-1UTF8\s0 strings.
+.IP "\fB\-nameopt option\fR" 4
+.IX Item "-nameopt option"
+option which determines how the subject or issuer names are displayed. The
+\&\fBoption\fR argument can be a single option or multiple options separated by
+commas. Alternatively the \fB\-nameopt\fR switch may be used more than once to
+set multiple options. See the \fIx509\fR\|(1) manual page for details.
+.IP "\fB\-asn1\-kludge\fR" 4
+.IX Item "-asn1-kludge"
+by default the \fBreq\fR command outputs certificate requests containing
+no attributes in the correct PKCS#10 format. However certain CAs will only
+accept requests containing no attributes in an invalid form: this
+option produces this invalid format.
+.Sp
+More precisely the \fBAttributes\fR in a PKCS#10 certificate request
+are defined as a \fB\s-1SET\s0 \s-1OF\s0 Attribute\fR. They are \fBnot \s-1OPTIONAL\s0\fR so
+if no attributes are present then they should be encoded as an
+empty \fB\s-1SET\s0 \s-1OF\s0\fR. The invalid form does not include the empty
+\&\fB\s-1SET\s0 \s-1OF\s0\fR whereas the correct form does.
+.Sp
+It should be noted that very few CAs still require the use of this option.
+.IP "\fB\-newhdr\fR" 4
+.IX Item "-newhdr"
+Adds the word \fB\s-1NEW\s0\fR to the \s-1PEM\s0 file header and footer lines on the outputed
+request. Some software (Netscape certificate server) and some CAs need this.
+.IP "\fB\-batch\fR" 4
+.IX Item "-batch"
+non-interactive mode.
+.IP "\fB\-verbose\fR" 4
+.IX Item "-verbose"
+print extra details about the operations being performed.
+.IP "\fB\-engine id\fR" 4
+.IX Item "-engine id"
+specifying an engine (by it's unique \fBid\fR string) will cause \fBreq\fR
+to attempt to obtain a functional reference to the specified engine,
+thus initialising it if needed. The engine will then be set as the default
+for all available algorithms.
+.SH "CONFIGURATION FILE FORMAT"
+.IX Header "CONFIGURATION FILE FORMAT"
+The configuration options are specified in the \fBreq\fR section of
+the configuration file. As with all configuration files if no
+value is specified in the specific section (i.e. \fBreq\fR) then
+the initial unnamed or \fBdefault\fR section is searched too.
+.PP
+The options available are described in detail below.
+.IP "\fBinput_password output_password\fR" 4
+.IX Item "input_password output_password"
+The passwords for the input private key file (if present) and
+the output private key file (if one will be created). The
+command line options \fBpassin\fR and \fBpassout\fR override the
+configuration file values.
+.IP "\fBdefault_bits\fR" 4
+.IX Item "default_bits"
+This specifies the default key size in bits. If not specified then
+512 is used. It is used if the \fB\-new\fR option is used. It can be
+overridden by using the \fB\-newkey\fR option.
+.IP "\fBdefault_keyfile\fR" 4
+.IX Item "default_keyfile"
+This is the default filename to write a private key to. If not
+specified the key is written to standard output. This can be
+overridden by the \fB\-keyout\fR option.
+.IP "\fBoid_file\fR" 4
+.IX Item "oid_file"
+This specifies a file containing additional \fB\s-1OBJECT\s0 \s-1IDENTIFIERS\s0\fR.
+Each line of the file should consist of the numerical form of the
+object identifier followed by white space then the short name followed
+by white space and finally the long name.
+.IP "\fBoid_section\fR" 4
+.IX Item "oid_section"
+This specifies a section in the configuration file containing extra
+object identifiers. Each line should consist of the short name of the
+object identifier followed by \fB=\fR and the numerical form. The short
+and long names are the same when this option is used.
+.IP "\fB\s-1RANDFILE\s0\fR" 4
+.IX Item "RANDFILE"
+This specifies a filename in which random number seed information is
+placed and read from, or an \s-1EGD\s0 socket (see \fIRAND_egd\fR\|(3)).
+It is used for private key generation.
+.IP "\fBencrypt_key\fR" 4
+.IX Item "encrypt_key"
+If this is set to \fBno\fR then if a private key is generated it is
+\&\fBnot\fR encrypted. This is equivalent to the \fB\-nodes\fR command line
+option. For compatibility \fBencrypt_rsa_key\fR is an equivalent option.
+.IP "\fBdefault_md\fR" 4
+.IX Item "default_md"
+This option specifies the digest algorithm to use. Possible values
+include \fBmd5 sha1 mdc2\fR. If not present then \s-1MD5\s0 is used. This
+option can be overridden on the command line.
+.IP "\fBstring_mask\fR" 4
+.IX Item "string_mask"
+This option masks out the use of certain string types in certain
+fields. Most users will not need to change this option.
+.Sp
+It can be set to several values \fBdefault\fR which is also the default
+option uses PrintableStrings, T61Strings and BMPStrings if the
+\&\fBpkix\fR value is used then only PrintableStrings and BMPStrings will
+be used. This follows the \s-1PKIX\s0 recommendation in \s-1RFC2459\s0. If the
+\&\fButf8only\fR option is used then only UTF8Strings will be used: this
+is the \s-1PKIX\s0 recommendation in \s-1RFC2459\s0 after 2003. Finally the \fBnombstr\fR
+option just uses PrintableStrings and T61Strings: certain software has
+problems with BMPStrings and UTF8Strings: in particular Netscape.
+.IP "\fBreq_extensions\fR" 4
+.IX Item "req_extensions"
+this specifies the configuration file section containing a list of
+extensions to add to the certificate request. It can be overridden
+by the \fB\-reqexts\fR command line switch.
+.IP "\fBx509_extensions\fR" 4
+.IX Item "x509_extensions"
+this specifies the configuration file section containing a list of
+extensions to add to certificate generated when the \fB\-x509\fR switch
+is used. It can be overridden by the \fB\-extensions\fR command line switch.
+.IP "\fBprompt\fR" 4
+.IX Item "prompt"
+if set to the value \fBno\fR this disables prompting of certificate fields
+and just takes values from the config file directly. It also changes the
+expected format of the \fBdistinguished_name\fR and \fBattributes\fR sections.
+.IP "\fButf8\fR" 4
+.IX Item "utf8"
+if set to the value \fByes\fR then field values to be interpreted as \s-1UTF8\s0
+strings, by default they are interpreted as \s-1ASCII\s0. This means that
+the field values, whether prompted from a terminal or obtained from a
+configuration file, must be valid \s-1UTF8\s0 strings.
+.IP "\fBattributes\fR" 4
+.IX Item "attributes"
+this specifies the section containing any request attributes: its format
+is the same as \fBdistinguished_name\fR. Typically these may contain the
+challengePassword or unstructuredName types. They are currently ignored
+by OpenSSL's request signing utilities but some CAs might want them.
+.IP "\fBdistinguished_name\fR" 4
+.IX Item "distinguished_name"
+This specifies the section containing the distinguished name fields to
+prompt for when generating a certificate or certificate request. The format
+is described in the next section.
+.SH "DISTINGUISHED NAME AND ATTRIBUTE SECTION FORMAT"
+.IX Header "DISTINGUISHED NAME AND ATTRIBUTE SECTION FORMAT"
+There are two separate formats for the distinguished name and attribute
+sections. If the \fBprompt\fR option is set to \fBno\fR then these sections
+just consist of field names and values: for example,
+.PP
+.Vb 3
+\& CN=My Name
+\& OU=My Organization
+\& emailAddress=someone@somewhere.org
+.Ve
+.PP
+This allows external programs (e.g. \s-1GUI\s0 based) to generate a template file
+with all the field names and values and just pass it to \fBreq\fR. An example
+of this kind of configuration file is contained in the \fB\s-1EXAMPLES\s0\fR section.
+.PP
+Alternatively if the \fBprompt\fR option is absent or not set to \fBno\fR then the
+file contains field prompting information. It consists of lines of the form:
+.PP
+.Vb 4
+\& fieldName="prompt"
+\& fieldName_default="default field value"
+\& fieldName_min= 2
+\& fieldName_max= 4
+.Ve
+.PP
+\&\*(L"fieldName\*(R" is the field name being used, for example commonName (or \s-1CN\s0).
+The \*(L"prompt\*(R" string is used to ask the user to enter the relevant
+details. If the user enters nothing then the default value is used if no
+default value is present then the field is omitted. A field can
+still be omitted if a default value is present if the user just
+enters the '.' character.
+.PP
+The number of characters entered must be between the fieldName_min and
+fieldName_max limits: there may be additional restrictions based
+on the field being used (for example countryName can only ever be
+two characters long and must fit in a PrintableString).
+.PP
+Some fields (such as organizationName) can be used more than once
+in a \s-1DN\s0. This presents a problem because configuration files will
+not recognize the same name occurring twice. To avoid this problem
+if the fieldName contains some characters followed by a full stop
+they will be ignored. So for example a second organizationName can
+be input by calling it \*(L"1.organizationName\*(R".
+.PP
+The actual permitted field names are any object identifier short or
+long names. These are compiled into OpenSSL and include the usual
+values such as commonName, countryName, localityName, organizationName,
+organizationUnitName, stateOrProvinceName. Additionally emailAddress
+is include as well as name, surname, givenName initials and dnQualifier.
+.PP
+Additional object identifiers can be defined with the \fBoid_file\fR or
+\&\fBoid_section\fR options in the configuration file. Any additional fields
+will be treated as though they were a DirectoryString.
+.SH "EXAMPLES"
+.IX Header "EXAMPLES"
+Examine and verify certificate request:
+.PP
+.Vb 1
+\& openssl req \-in req.pem \-text \-verify \-noout
+.Ve
+.PP
+Create a private key and then generate a certificate request from it:
+.PP
+.Vb 2
+\& openssl genrsa \-out key.pem 1024
+\& openssl req \-new \-key key.pem \-out req.pem
+.Ve
+.PP
+The same but just using req:
+.PP
+.Vb 1
+\& openssl req \-newkey rsa:1024 \-keyout key.pem \-out req.pem
+.Ve
+.PP
+Generate a self signed root certificate:
+.PP
+.Vb 1
+\& openssl req \-x509 \-newkey rsa:1024 \-keyout key.pem \-out req.pem
+.Ve
+.PP
+Example of a file pointed to by the \fBoid_file\fR option:
+.PP
+.Vb 2
+\& 1.2.3.4 shortName A longer Name
+\& 1.2.3.6 otherName Other longer Name
+.Ve
+.PP
+Example of a section pointed to by \fBoid_section\fR making use of variable
+expansion:
+.PP
+.Vb 2
+\& testoid1=1.2.3.5
+\& testoid2=${testoid1}.6
+.Ve
+.PP
+Sample configuration file prompting for field values:
+.PP
+.Vb 6
+\& [ req ]
+\& default_bits = 1024
+\& default_keyfile = privkey.pem
+\& distinguished_name = req_distinguished_name
+\& attributes = req_attributes
+\& x509_extensions = v3_ca
+\&
+\& dirstring_type = nobmp
+\&
+\& [ req_distinguished_name ]
+\& countryName = Country Name (2 letter code)
+\& countryName_default = AU
+\& countryName_min = 2
+\& countryName_max = 2
+\&
+\& localityName = Locality Name (eg, city)
+\&
+\& organizationalUnitName = Organizational Unit Name (eg, section)
+\&
+\& commonName = Common Name (eg, YOUR name)
+\& commonName_max = 64
+\&
+\& emailAddress = Email Address
+\& emailAddress_max = 40
+\&
+\& [ req_attributes ]
+\& challengePassword = A challenge password
+\& challengePassword_min = 4
+\& challengePassword_max = 20
+\&
+\& [ v3_ca ]
+\&
+\& subjectKeyIdentifier=hash
+\& authorityKeyIdentifier=keyid:always,issuer:always
+\& basicConstraints = CA:true
+.Ve
+.PP
+Sample configuration containing all field values:
+.PP
+.Vb 1
+\& RANDFILE = $ENV::HOME/.rnd
+\&
+\& [ req ]
+\& default_bits = 1024
+\& default_keyfile = keyfile.pem
+\& distinguished_name = req_distinguished_name
+\& attributes = req_attributes
+\& prompt = no
+\& output_password = mypass
+\&
+\& [ req_distinguished_name ]
+\& C = GB
+\& ST = Test State or Province
+\& L = Test Locality
+\& O = Organization Name
+\& OU = Organizational Unit Name
+\& CN = Common Name
+\& emailAddress = test@email.address
+\&
+\& [ req_attributes ]
+\& challengePassword = A challenge password
+.Ve
+.SH "NOTES"
+.IX Header "NOTES"
+The header and footer lines in the \fB\s-1PEM\s0\fR format are normally:
+.PP
+.Vb 2
+\& \-\-\-\-\-BEGIN CERTIFICATE REQUEST\-\-\-\-\-
+\& \-\-\-\-\-END CERTIFICATE REQUEST\-\-\-\-\-
+.Ve
+.PP
+some software (some versions of Netscape certificate server) instead needs:
+.PP
+.Vb 2
+\& \-\-\-\-\-BEGIN NEW CERTIFICATE REQUEST\-\-\-\-\-
+\& \-\-\-\-\-END NEW CERTIFICATE REQUEST\-\-\-\-\-
+.Ve
+.PP
+which is produced with the \fB\-newhdr\fR option but is otherwise compatible.
+Either form is accepted transparently on input.
+.PP
+The certificate requests generated by \fBXenroll\fR with \s-1MSIE\s0 have extensions
+added. It includes the \fBkeyUsage\fR extension which determines the type of
+key (signature only or general purpose) and any additional OIDs entered
+by the script in an extendedKeyUsage extension.
+.SH "DIAGNOSTICS"
+.IX Header "DIAGNOSTICS"
+The following messages are frequently asked about:
+.PP
+.Vb 2
+\& Using configuration from /some/path/openssl.cnf
+\& Unable to load config info
+.Ve
+.PP
+This is followed some time later by...
+.PP
+.Vb 2
+\& unable to find \*(Aqdistinguished_name\*(Aq in config
+\& problems making Certificate Request
+.Ve
+.PP
+The first error message is the clue: it can't find the configuration
+file! Certain operations (like examining a certificate request) don't
+need a configuration file so its use isn't enforced. Generation of
+certificates or requests however does need a configuration file. This
+could be regarded as a bug.
+.PP
+Another puzzling message is this:
+.PP
+.Vb 2
+\& Attributes:
+\& a0:00
+.Ve
+.PP
+this is displayed when no attributes are present and the request includes
+the correct empty \fB\s-1SET\s0 \s-1OF\s0\fR structure (the \s-1DER\s0 encoding of which is 0xa0
+0x00). If you just see:
+.PP
+.Vb 1
+\& Attributes:
+.Ve
+.PP
+then the \fB\s-1SET\s0 \s-1OF\s0\fR is missing and the encoding is technically invalid (but
+it is tolerated). See the description of the command line option \fB\-asn1\-kludge\fR
+for more information.
+.SH "ENVIRONMENT VARIABLES"
+.IX Header "ENVIRONMENT VARIABLES"
+The variable \fB\s-1OPENSSL_CONF\s0\fR if defined allows an alternative configuration
+file location to be specified, it will be overridden by the \fB\-config\fR command
+line switch if it is present. For compatibility reasons the \fB\s-1SSLEAY_CONF\s0\fR
+environment variable serves the same purpose but its use is discouraged.
+.SH "BUGS"
+.IX Header "BUGS"
+OpenSSL's handling of T61Strings (aka TeletexStrings) is broken: it effectively
+treats them as \s-1ISO\-8859\-1\s0 (Latin 1), Netscape and \s-1MSIE\s0 have similar behaviour.
+This can cause problems if you need characters that aren't available in
+PrintableStrings and you don't want to or can't use BMPStrings.
+.PP
+As a consequence of the T61String handling the only correct way to represent
+accented characters in OpenSSL is to use a BMPString: unfortunately Netscape
+currently chokes on these. If you have to use accented characters with Netscape
+and \s-1MSIE\s0 then you currently need to use the invalid T61String form.
+.PP
+The current prompting is not very friendly. It doesn't allow you to confirm what
+you've just entered. Other things like extensions in certificate requests are
+statically defined in the configuration file. Some of these: like an email
+address in subjectAltName should be input by the user.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIx509\fR\|(1), \fIca\fR\|(1), \fIgenrsa\fR\|(1),
+\&\fIgendsa\fR\|(1), \fIconfig\fR\|(5)
diff --git a/secure/usr.bin/openssl/man/rsa.1 b/secure/usr.bin/openssl/man/rsa.1
new file mode 100644
index 0000000..60b4dc8
--- /dev/null
+++ b/secure/usr.bin/openssl/man/rsa.1
@@ -0,0 +1,303 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "RSA 1"
+.TH RSA 1 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+rsa \- RSA key processing tool
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+\&\fBopenssl\fR \fBrsa\fR
+[\fB\-inform PEM|NET|DER\fR]
+[\fB\-outform PEM|NET|DER\fR]
+[\fB\-in filename\fR]
+[\fB\-passin arg\fR]
+[\fB\-out filename\fR]
+[\fB\-passout arg\fR]
+[\fB\-sgckey\fR]
+[\fB\-des\fR]
+[\fB\-des3\fR]
+[\fB\-idea\fR]
+[\fB\-text\fR]
+[\fB\-noout\fR]
+[\fB\-modulus\fR]
+[\fB\-check\fR]
+[\fB\-pubin\fR]
+[\fB\-pubout\fR]
+[\fB\-engine id\fR]
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+The \fBrsa\fR command processes \s-1RSA\s0 keys. They can be converted between various
+forms and their components printed out. \fBNote\fR this command uses the
+traditional SSLeay compatible format for private key encryption: newer
+applications should use the more secure PKCS#8 format using the \fBpkcs8\fR
+utility.
+.SH "COMMAND OPTIONS"
+.IX Header "COMMAND OPTIONS"
+.IP "\fB\-inform DER|NET|PEM\fR" 4
+.IX Item "-inform DER|NET|PEM"
+This specifies the input format. The \fB\s-1DER\s0\fR option uses an \s-1ASN1\s0 \s-1DER\s0 encoded
+form compatible with the PKCS#1 RSAPrivateKey or SubjectPublicKeyInfo format.
+The \fB\s-1PEM\s0\fR form is the default format: it consists of the \fB\s-1DER\s0\fR format base64
+encoded with additional header and footer lines. On input PKCS#8 format private
+keys are also accepted. The \fB\s-1NET\s0\fR form is a format is described in the \fB\s-1NOTES\s0\fR
+section.
+.IP "\fB\-outform DER|NET|PEM\fR" 4
+.IX Item "-outform DER|NET|PEM"
+This specifies the output format, the options have the same meaning as the
+\&\fB\-inform\fR option.
+.IP "\fB\-in filename\fR" 4
+.IX Item "-in filename"
+This specifies the input filename to read a key from or standard input if this
+option is not specified. If the key is encrypted a pass phrase will be
+prompted for.
+.IP "\fB\-passin arg\fR" 4
+.IX Item "-passin arg"
+the input file password source. For more information about the format of \fBarg\fR
+see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
+.IP "\fB\-out filename\fR" 4
+.IX Item "-out filename"
+This specifies the output filename to write a key to or standard output if this
+option is not specified. If any encryption options are set then a pass phrase
+will be prompted for. The output filename should \fBnot\fR be the same as the input
+filename.
+.IP "\fB\-passout password\fR" 4
+.IX Item "-passout password"
+the output file password source. For more information about the format of \fBarg\fR
+see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
+.IP "\fB\-sgckey\fR" 4
+.IX Item "-sgckey"
+use the modified \s-1NET\s0 algorithm used with some versions of Microsoft \s-1IIS\s0 and \s-1SGC\s0
+keys.
+.IP "\fB\-des|\-des3|\-idea\fR" 4
+.IX Item "-des|-des3|-idea"
+These options encrypt the private key with the \s-1DES\s0, triple \s-1DES\s0, or the
+\&\s-1IDEA\s0 ciphers respectively before outputting it. A pass phrase is prompted for.
+If none of these options is specified the key is written in plain text. This
+means that using the \fBrsa\fR utility to read in an encrypted key with no
+encryption option can be used to remove the pass phrase from a key, or by
+setting the encryption options it can be use to add or change the pass phrase.
+These options can only be used with \s-1PEM\s0 format output files.
+.IP "\fB\-text\fR" 4
+.IX Item "-text"
+prints out the various public or private key components in
+plain text in addition to the encoded version.
+.IP "\fB\-noout\fR" 4
+.IX Item "-noout"
+this option prevents output of the encoded version of the key.
+.IP "\fB\-modulus\fR" 4
+.IX Item "-modulus"
+this option prints out the value of the modulus of the key.
+.IP "\fB\-check\fR" 4
+.IX Item "-check"
+this option checks the consistency of an \s-1RSA\s0 private key.
+.IP "\fB\-pubin\fR" 4
+.IX Item "-pubin"
+by default a private key is read from the input file: with this
+option a public key is read instead.
+.IP "\fB\-pubout\fR" 4
+.IX Item "-pubout"
+by default a private key is output: with this option a public
+key will be output instead. This option is automatically set if
+the input is a public key.
+.IP "\fB\-engine id\fR" 4
+.IX Item "-engine id"
+specifying an engine (by it's unique \fBid\fR string) will cause \fBreq\fR
+to attempt to obtain a functional reference to the specified engine,
+thus initialising it if needed. The engine will then be set as the default
+for all available algorithms.
+.SH "NOTES"
+.IX Header "NOTES"
+The \s-1PEM\s0 private key format uses the header and footer lines:
+.PP
+.Vb 2
+\& \-\-\-\-\-BEGIN RSA PRIVATE KEY\-\-\-\-\-
+\& \-\-\-\-\-END RSA PRIVATE KEY\-\-\-\-\-
+.Ve
+.PP
+The \s-1PEM\s0 public key format uses the header and footer lines:
+.PP
+.Vb 2
+\& \-\-\-\-\-BEGIN PUBLIC KEY\-\-\-\-\-
+\& \-\-\-\-\-END PUBLIC KEY\-\-\-\-\-
+.Ve
+.PP
+The \fB\s-1NET\s0\fR form is a format compatible with older Netscape servers
+and Microsoft \s-1IIS\s0 .key files, this uses unsalted \s-1RC4\s0 for its encryption.
+It is not very secure and so should only be used when necessary.
+.PP
+Some newer version of \s-1IIS\s0 have additional data in the exported .key
+files. To use these with the utility, view the file with a binary editor
+and look for the string \*(L"private-key\*(R", then trace back to the byte
+sequence 0x30, 0x82 (this is an \s-1ASN1\s0 \s-1SEQUENCE\s0). Copy all the data
+from this point onwards to another file and use that as the input
+to the \fBrsa\fR utility with the \fB\-inform \s-1NET\s0\fR option. If you get
+an error after entering the password try the \fB\-sgckey\fR option.
+.SH "EXAMPLES"
+.IX Header "EXAMPLES"
+To remove the pass phrase on an \s-1RSA\s0 private key:
+.PP
+.Vb 1
+\& openssl rsa \-in key.pem \-out keyout.pem
+.Ve
+.PP
+To encrypt a private key using triple \s-1DES:\s0
+.PP
+.Vb 1
+\& openssl rsa \-in key.pem \-des3 \-out keyout.pem
+.Ve
+.PP
+To convert a private key from \s-1PEM\s0 to \s-1DER\s0 format:
+.PP
+.Vb 1
+\& openssl rsa \-in key.pem \-outform DER \-out keyout.der
+.Ve
+.PP
+To print out the components of a private key to standard output:
+.PP
+.Vb 1
+\& openssl rsa \-in key.pem \-text \-noout
+.Ve
+.PP
+To just output the public part of a private key:
+.PP
+.Vb 1
+\& openssl rsa \-in key.pem \-pubout \-out pubkey.pem
+.Ve
+.SH "BUGS"
+.IX Header "BUGS"
+The command line password arguments don't currently work with
+\&\fB\s-1NET\s0\fR format.
+.PP
+There should be an option that automatically handles .key files,
+without having to manually edit them.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIpkcs8\fR\|(1), \fIdsa\fR\|(1), \fIgenrsa\fR\|(1),
+\&\fIgendsa\fR\|(1)
diff --git a/secure/usr.bin/openssl/man/rsautl.1 b/secure/usr.bin/openssl/man/rsautl.1
new file mode 100644
index 0000000..be70710
--- /dev/null
+++ b/secure/usr.bin/openssl/man/rsautl.1
@@ -0,0 +1,307 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "RSAUTL 1"
+.TH RSAUTL 1 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+rsautl \- RSA utility
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+\&\fBopenssl\fR \fBrsautl\fR
+[\fB\-in file\fR]
+[\fB\-out file\fR]
+[\fB\-inkey file\fR]
+[\fB\-pubin\fR]
+[\fB\-certin\fR]
+[\fB\-sign\fR]
+[\fB\-verify\fR]
+[\fB\-encrypt\fR]
+[\fB\-decrypt\fR]
+[\fB\-pkcs\fR]
+[\fB\-ssl\fR]
+[\fB\-raw\fR]
+[\fB\-hexdump\fR]
+[\fB\-asn1parse\fR]
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+The \fBrsautl\fR command can be used to sign, verify, encrypt and decrypt
+data using the \s-1RSA\s0 algorithm.
+.SH "COMMAND OPTIONS"
+.IX Header "COMMAND OPTIONS"
+.IP "\fB\-in filename\fR" 4
+.IX Item "-in filename"
+This specifies the input filename to read data from or standard input
+if this option is not specified.
+.IP "\fB\-out filename\fR" 4
+.IX Item "-out filename"
+specifies the output filename to write to or standard output by
+default.
+.IP "\fB\-inkey file\fR" 4
+.IX Item "-inkey file"
+the input key file, by default it should be an \s-1RSA\s0 private key.
+.IP "\fB\-pubin\fR" 4
+.IX Item "-pubin"
+the input file is an \s-1RSA\s0 public key.
+.IP "\fB\-certin\fR" 4
+.IX Item "-certin"
+the input is a certificate containing an \s-1RSA\s0 public key.
+.IP "\fB\-sign\fR" 4
+.IX Item "-sign"
+sign the input data and output the signed result. This requires
+and \s-1RSA\s0 private key.
+.IP "\fB\-verify\fR" 4
+.IX Item "-verify"
+verify the input data and output the recovered data.
+.IP "\fB\-encrypt\fR" 4
+.IX Item "-encrypt"
+encrypt the input data using an \s-1RSA\s0 public key.
+.IP "\fB\-decrypt\fR" 4
+.IX Item "-decrypt"
+decrypt the input data using an \s-1RSA\s0 private key.
+.IP "\fB\-pkcs, \-oaep, \-ssl, \-raw\fR" 4
+.IX Item "-pkcs, -oaep, -ssl, -raw"
+the padding to use: PKCS#1 v1.5 (the default), PKCS#1 \s-1OAEP\s0,
+special padding used in \s-1SSL\s0 v2 backwards compatible handshakes,
+or no padding, respectively.
+For signatures, only \fB\-pkcs\fR and \fB\-raw\fR can be used.
+.IP "\fB\-hexdump\fR" 4
+.IX Item "-hexdump"
+hex dump the output data.
+.IP "\fB\-asn1parse\fR" 4
+.IX Item "-asn1parse"
+asn1parse the output data, this is useful when combined with the
+\&\fB\-verify\fR option.
+.SH "NOTES"
+.IX Header "NOTES"
+\&\fBrsautl\fR because it uses the \s-1RSA\s0 algorithm directly can only be
+used to sign or verify small pieces of data.
+.SH "EXAMPLES"
+.IX Header "EXAMPLES"
+Sign some data using a private key:
+.PP
+.Vb 1
+\& openssl rsautl \-sign \-in file \-inkey key.pem \-out sig
+.Ve
+.PP
+Recover the signed data
+.PP
+.Vb 1
+\& openssl rsautl \-verify \-in sig \-inkey key.pem
+.Ve
+.PP
+Examine the raw signed data:
+.PP
+.Vb 1
+\& openssl rsautl \-verify \-in file \-inkey key.pem \-raw \-hexdump
+\&
+\& 0000 \- 00 01 ff ff ff ff ff ff\-ff ff ff ff ff ff ff ff ................
+\& 0010 \- ff ff ff ff ff ff ff ff\-ff ff ff ff ff ff ff ff ................
+\& 0020 \- ff ff ff ff ff ff ff ff\-ff ff ff ff ff ff ff ff ................
+\& 0030 \- ff ff ff ff ff ff ff ff\-ff ff ff ff ff ff ff ff ................
+\& 0040 \- ff ff ff ff ff ff ff ff\-ff ff ff ff ff ff ff ff ................
+\& 0050 \- ff ff ff ff ff ff ff ff\-ff ff ff ff ff ff ff ff ................
+\& 0060 \- ff ff ff ff ff ff ff ff\-ff ff ff ff ff ff ff ff ................
+\& 0070 \- ff ff ff ff 00 68 65 6c\-6c 6f 20 77 6f 72 6c 64 .....hello world
+.Ve
+.PP
+The PKCS#1 block formatting is evident from this. If this was done using
+encrypt and decrypt the block would have been of type 2 (the second byte)
+and random padding data visible instead of the 0xff bytes.
+.PP
+It is possible to analyse the signature of certificates using this
+utility in conjunction with \fBasn1parse\fR. Consider the self signed
+example in certs/pca\-cert.pem . Running \fBasn1parse\fR as follows yields:
+.PP
+.Vb 1
+\& openssl asn1parse \-in pca\-cert.pem
+\&
+\& 0:d=0 hl=4 l= 742 cons: SEQUENCE
+\& 4:d=1 hl=4 l= 591 cons: SEQUENCE
+\& 8:d=2 hl=2 l= 3 cons: cont [ 0 ]
+\& 10:d=3 hl=2 l= 1 prim: INTEGER :02
+\& 13:d=2 hl=2 l= 1 prim: INTEGER :00
+\& 16:d=2 hl=2 l= 13 cons: SEQUENCE
+\& 18:d=3 hl=2 l= 9 prim: OBJECT :md5WithRSAEncryption
+\& 29:d=3 hl=2 l= 0 prim: NULL
+\& 31:d=2 hl=2 l= 92 cons: SEQUENCE
+\& 33:d=3 hl=2 l= 11 cons: SET
+\& 35:d=4 hl=2 l= 9 cons: SEQUENCE
+\& 37:d=5 hl=2 l= 3 prim: OBJECT :countryName
+\& 42:d=5 hl=2 l= 2 prim: PRINTABLESTRING :AU
+\& ....
+\& 599:d=1 hl=2 l= 13 cons: SEQUENCE
+\& 601:d=2 hl=2 l= 9 prim: OBJECT :md5WithRSAEncryption
+\& 612:d=2 hl=2 l= 0 prim: NULL
+\& 614:d=1 hl=3 l= 129 prim: BIT STRING
+.Ve
+.PP
+The final \s-1BIT\s0 \s-1STRING\s0 contains the actual signature. It can be extracted with:
+.PP
+.Vb 1
+\& openssl asn1parse \-in pca\-cert.pem \-out sig \-noout \-strparse 614
+.Ve
+.PP
+The certificate public key can be extracted with:
+.PP
+.Vb 1
+\& openssl x509 \-in test/testx509.pem \-pubkey \-noout >pubkey.pem
+.Ve
+.PP
+The signature can be analysed with:
+.PP
+.Vb 1
+\& openssl rsautl \-in sig \-verify \-asn1parse \-inkey pubkey.pem \-pubin
+\&
+\& 0:d=0 hl=2 l= 32 cons: SEQUENCE
+\& 2:d=1 hl=2 l= 12 cons: SEQUENCE
+\& 4:d=2 hl=2 l= 8 prim: OBJECT :md5
+\& 14:d=2 hl=2 l= 0 prim: NULL
+\& 16:d=1 hl=2 l= 16 prim: OCTET STRING
+\& 0000 \- f3 46 9e aa 1a 4a 73 c9\-37 ea 93 00 48 25 08 b5 .F...Js.7...H%..
+.Ve
+.PP
+This is the parsed version of an \s-1ASN1\s0 DigestInfo structure. It can be seen that
+the digest used was md5. The actual part of the certificate that was signed can
+be extracted with:
+.PP
+.Vb 1
+\& openssl asn1parse \-in pca\-cert.pem \-out tbs \-noout \-strparse 4
+.Ve
+.PP
+and its digest computed with:
+.PP
+.Vb 2
+\& openssl md5 \-c tbs
+\& MD5(tbs)= f3:46:9e:aa:1a:4a:73:c9:37:ea:93:00:48:25:08:b5
+.Ve
+.PP
+which it can be seen agrees with the recovered value above.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIdgst\fR\|(1), \fIrsa\fR\|(1), \fIgenrsa\fR\|(1)
diff --git a/secure/usr.bin/openssl/man/s_client.1 b/secure/usr.bin/openssl/man/s_client.1
new file mode 100644
index 0000000..8605365
--- /dev/null
+++ b/secure/usr.bin/openssl/man/s_client.1
@@ -0,0 +1,383 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "S_CLIENT 1"
+.TH S_CLIENT 1 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+s_client \- SSL/TLS client program
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+\&\fBopenssl\fR \fBs_client\fR
+[\fB\-connect host:port\fR]
+[\fB\-verify depth\fR]
+[\fB\-cert filename\fR]
+[\fB\-certform DER|PEM\fR]
+[\fB\-key filename\fR]
+[\fB\-keyform DER|PEM\fR]
+[\fB\-pass arg\fR]
+[\fB\-CApath directory\fR]
+[\fB\-CAfile filename\fR]
+[\fB\-reconnect\fR]
+[\fB\-pause\fR]
+[\fB\-showcerts\fR]
+[\fB\-debug\fR]
+[\fB\-msg\fR]
+[\fB\-nbio_test\fR]
+[\fB\-state\fR]
+[\fB\-nbio\fR]
+[\fB\-crlf\fR]
+[\fB\-ign_eof\fR]
+[\fB\-quiet\fR]
+[\fB\-ssl2\fR]
+[\fB\-ssl3\fR]
+[\fB\-tls1\fR]
+[\fB\-no_ssl2\fR]
+[\fB\-no_ssl3\fR]
+[\fB\-no_tls1\fR]
+[\fB\-bugs\fR]
+[\fB\-cipher cipherlist\fR]
+[\fB\-starttls protocol\fR]
+[\fB\-engine id\fR]
+[\fB\-tlsextdebug\fR]
+[\fB\-no_ticket\fR]
+[\fB\-sess_out filename\fR]
+[\fB\-sess_in filename\fR]
+[\fB\-rand file(s)\fR]
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+The \fBs_client\fR command implements a generic \s-1SSL/TLS\s0 client which connects
+to a remote host using \s-1SSL/TLS\s0. It is a \fIvery\fR useful diagnostic tool for
+\&\s-1SSL\s0 servers.
+.SH "OPTIONS"
+.IX Header "OPTIONS"
+.IP "\fB\-connect host:port\fR" 4
+.IX Item "-connect host:port"
+This specifies the host and optional port to connect to. If not specified
+then an attempt is made to connect to the local host on port 4433.
+.IP "\fB\-cert certname\fR" 4
+.IX Item "-cert certname"
+The certificate to use, if one is requested by the server. The default is
+not to use a certificate.
+.IP "\fB\-certform format\fR" 4
+.IX Item "-certform format"
+The certificate format to use: \s-1DER\s0 or \s-1PEM\s0. \s-1PEM\s0 is the default.
+.IP "\fB\-key keyfile\fR" 4
+.IX Item "-key keyfile"
+The private key to use. If not specified then the certificate file will
+be used.
+.IP "\fB\-keyform format\fR" 4
+.IX Item "-keyform format"
+The private format to use: \s-1DER\s0 or \s-1PEM\s0. \s-1PEM\s0 is the default.
+.IP "\fB\-pass arg\fR" 4
+.IX Item "-pass arg"
+the private key password source. For more information about the format of \fBarg\fR
+see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
+.IP "\fB\-verify depth\fR" 4
+.IX Item "-verify depth"
+The verify depth to use. This specifies the maximum length of the
+server certificate chain and turns on server certificate verification.
+Currently the verify operation continues after errors so all the problems
+with a certificate chain can be seen. As a side effect the connection
+will never fail due to a server certificate verify failure.
+.IP "\fB\-CApath directory\fR" 4
+.IX Item "-CApath directory"
+The directory to use for server certificate verification. This directory
+must be in \*(L"hash format\*(R", see \fBverify\fR for more information. These are
+also used when building the client certificate chain.
+.IP "\fB\-CAfile file\fR" 4
+.IX Item "-CAfile file"
+A file containing trusted certificates to use during server authentication
+and to use when attempting to build the client certificate chain.
+.IP "\fB\-reconnect\fR" 4
+.IX Item "-reconnect"
+reconnects to the same server 5 times using the same session \s-1ID\s0, this can
+be used as a test that session caching is working.
+.IP "\fB\-pause\fR" 4
+.IX Item "-pause"
+pauses 1 second between each read and write call.
+.IP "\fB\-showcerts\fR" 4
+.IX Item "-showcerts"
+display the whole server certificate chain: normally only the server
+certificate itself is displayed.
+.IP "\fB\-prexit\fR" 4
+.IX Item "-prexit"
+print session information when the program exits. This will always attempt
+to print out information even if the connection fails. Normally information
+will only be printed out once if the connection succeeds. This option is useful
+because the cipher in use may be renegotiated or the connection may fail
+because a client certificate is required or is requested only after an
+attempt is made to access a certain \s-1URL\s0. Note: the output produced by this
+option is not always accurate because a connection might never have been
+established.
+.IP "\fB\-state\fR" 4
+.IX Item "-state"
+prints out the \s-1SSL\s0 session states.
+.IP "\fB\-debug\fR" 4
+.IX Item "-debug"
+print extensive debugging information including a hex dump of all traffic.
+.IP "\fB\-msg\fR" 4
+.IX Item "-msg"
+show all protocol messages with hex dump.
+.IP "\fB\-nbio_test\fR" 4
+.IX Item "-nbio_test"
+tests non-blocking I/O
+.IP "\fB\-nbio\fR" 4
+.IX Item "-nbio"
+turns on non-blocking I/O
+.IP "\fB\-crlf\fR" 4
+.IX Item "-crlf"
+this option translated a line feed from the terminal into \s-1CR+LF\s0 as required
+by some servers.
+.IP "\fB\-ign_eof\fR" 4
+.IX Item "-ign_eof"
+inhibit shutting down the connection when end of file is reached in the
+input.
+.IP "\fB\-quiet\fR" 4
+.IX Item "-quiet"
+inhibit printing of session and certificate information. This implicitly
+turns on \fB\-ign_eof\fR as well.
+.IP "\fB\-ssl2\fR, \fB\-ssl3\fR, \fB\-tls1\fR, \fB\-no_ssl2\fR, \fB\-no_ssl3\fR, \fB\-no_tls1\fR" 4
+.IX Item "-ssl2, -ssl3, -tls1, -no_ssl2, -no_ssl3, -no_tls1"
+these options disable the use of certain \s-1SSL\s0 or \s-1TLS\s0 protocols. By default
+the initial handshake uses a method which should be compatible with all
+servers and permit them to use \s-1SSL\s0 v3, \s-1SSL\s0 v2 or \s-1TLS\s0 as appropriate.
+.Sp
+Unfortunately there are a lot of ancient and broken servers in use which
+cannot handle this technique and will fail to connect. Some servers only
+work if \s-1TLS\s0 is turned off with the \fB\-no_tls\fR option others will only
+support \s-1SSL\s0 v2 and may need the \fB\-ssl2\fR option.
+.IP "\fB\-bugs\fR" 4
+.IX Item "-bugs"
+there are several known bug in \s-1SSL\s0 and \s-1TLS\s0 implementations. Adding this
+option enables various workarounds.
+.IP "\fB\-cipher cipherlist\fR" 4
+.IX Item "-cipher cipherlist"
+this allows the cipher list sent by the client to be modified. Although
+the server determines which cipher suite is used it should take the first
+supported cipher in the list sent by the client. See the \fBciphers\fR
+command for more information.
+.IP "\fB\-starttls protocol\fR" 4
+.IX Item "-starttls protocol"
+send the protocol-specific message(s) to switch to \s-1TLS\s0 for communication.
+\&\fBprotocol\fR is a keyword for the intended protocol. Currently, the only
+supported keywords are \*(L"smtp\*(R", \*(L"pop3\*(R", \*(L"imap\*(R", and \*(L"ftp\*(R".
+.IP "\fB\-tlsextdebug\fR" 4
+.IX Item "-tlsextdebug"
+print out a hex dump of any \s-1TLS\s0 extensions received from the server. Note: this
+option is only available if extension support is explicitly enabled at compile
+time
+.IP "\fB\-no_ticket\fR" 4
+.IX Item "-no_ticket"
+disable RFC4507bis session ticket support. Note: this option is only available
+if extension support is explicitly enabled at compile time
+.IP "\fB\-sess_out filename\fR" 4
+.IX Item "-sess_out filename"
+output \s-1SSL\s0 session to \fBfilename\fR
+.IP "\fB\-sess_in sess.pem\fR" 4
+.IX Item "-sess_in sess.pem"
+load \s-1SSL\s0 session from \fBfilename\fR. The client will attempt to resume a
+connection from this session.
+.IP "\fB\-engine id\fR" 4
+.IX Item "-engine id"
+specifying an engine (by it's unique \fBid\fR string) will cause \fBs_client\fR
+to attempt to obtain a functional reference to the specified engine,
+thus initialising it if needed. The engine will then be set as the default
+for all available algorithms.
+.IP "\fB\-rand file(s)\fR" 4
+.IX Item "-rand file(s)"
+a file or files containing random data used to seed the random number
+generator, or an \s-1EGD\s0 socket (see \fIRAND_egd\fR\|(3)).
+Multiple files can be specified separated by a OS-dependent character.
+The separator is \fB;\fR for MS-Windows, \fB,\fR for OpenVMS, and \fB:\fR for
+all others.
+.SH "CONNECTED COMMANDS"
+.IX Header "CONNECTED COMMANDS"
+If a connection is established with an \s-1SSL\s0 server then any data received
+from the server is displayed and any key presses will be sent to the
+server. When used interactively (which means neither \fB\-quiet\fR nor \fB\-ign_eof\fR
+have been given), the session will be renegotiated if the line begins with an
+\&\fBR\fR, and if the line begins with a \fBQ\fR or if end of file is reached, the
+connection will be closed down.
+.SH "NOTES"
+.IX Header "NOTES"
+\&\fBs_client\fR can be used to debug \s-1SSL\s0 servers. To connect to an \s-1SSL\s0 \s-1HTTP\s0
+server the command:
+.PP
+.Vb 1
+\& openssl s_client \-connect servername:443
+.Ve
+.PP
+would typically be used (https uses port 443). If the connection succeeds
+then an \s-1HTTP\s0 command can be given such as \*(L"\s-1GET\s0 /\*(R" to retrieve a web page.
+.PP
+If the handshake fails then there are several possible causes, if it is
+nothing obvious like no client certificate then the \fB\-bugs\fR, \fB\-ssl2\fR,
+\&\fB\-ssl3\fR, \fB\-tls1\fR, \fB\-no_ssl2\fR, \fB\-no_ssl3\fR, \fB\-no_tls1\fR options can be tried
+in case it is a buggy server. In particular you should play with these
+options \fBbefore\fR submitting a bug report to an OpenSSL mailing list.
+.PP
+A frequent problem when attempting to get client certificates working
+is that a web client complains it has no certificates or gives an empty
+list to choose from. This is normally because the server is not sending
+the clients certificate authority in its \*(L"acceptable \s-1CA\s0 list\*(R" when it
+requests a certificate. By using \fBs_client\fR the \s-1CA\s0 list can be viewed
+and checked. However some servers only request client authentication
+after a specific \s-1URL\s0 is requested. To obtain the list in this case it
+is necessary to use the \fB\-prexit\fR option and send an \s-1HTTP\s0 request
+for an appropriate page.
+.PP
+If a certificate is specified on the command line using the \fB\-cert\fR
+option it will not be used unless the server specifically requests
+a client certificate. Therefor merely including a client certificate
+on the command line is no guarantee that the certificate works.
+.PP
+If there are problems verifying a server certificate then the
+\&\fB\-showcerts\fR option can be used to show the whole chain.
+.PP
+Since the SSLv23 client hello cannot include compression methods or extensions
+these will only be supported if its use is disabled, for example by using the
+\&\fB\-no_sslv2\fR option.
+.PP
+\&\s-1TLS\s0 extensions are only supported in OpenSSL 0.9.8 if they are explictly
+enabled at compile time using for example the \fBenable-tlsext\fR switch.
+.SH "BUGS"
+.IX Header "BUGS"
+Because this program has a lot of options and also because some of
+the techniques used are rather old, the C source of s_client is rather
+hard to read and not a model of how things should be done. A typical
+\&\s-1SSL\s0 client program would be much simpler.
+.PP
+The \fB\-verify\fR option should really exit if the server verification
+fails.
+.PP
+The \fB\-prexit\fR option is a bit of a hack. We should really report
+information whenever a session is renegotiated.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIsess_id\fR\|(1), \fIs_server\fR\|(1), \fIciphers\fR\|(1)
diff --git a/secure/usr.bin/openssl/man/s_server.1 b/secure/usr.bin/openssl/man/s_server.1
new file mode 100644
index 0000000..0e9eb14
--- /dev/null
+++ b/secure/usr.bin/openssl/man/s_server.1
@@ -0,0 +1,419 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "S_SERVER 1"
+.TH S_SERVER 1 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+s_server \- SSL/TLS server program
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+\&\fBopenssl\fR \fBs_server\fR
+[\fB\-accept port\fR]
+[\fB\-context id\fR]
+[\fB\-verify depth\fR]
+[\fB\-Verify depth\fR]
+[\fB\-crl_check\fR]
+[\fB\-crl_check_all\fR]
+[\fB\-cert filename\fR]
+[\fB\-certform DER|PEM\fR]
+[\fB\-key keyfile\fR]
+[\fB\-keyform DER|PEM\fR]
+[\fB\-pass arg\fR]
+[\fB\-dcert filename\fR]
+[\fB\-dcertform DER|PEM\fR]
+[\fB\-dkey keyfile\fR]
+[\fB\-dkeyform DER|PEM\fR]
+[\fB\-dpass arg\fR]
+[\fB\-dhparam filename\fR]
+[\fB\-nbio\fR]
+[\fB\-nbio_test\fR]
+[\fB\-crlf\fR]
+[\fB\-debug\fR]
+[\fB\-msg\fR]
+[\fB\-state\fR]
+[\fB\-CApath directory\fR]
+[\fB\-CAfile filename\fR]
+[\fB\-nocert\fR]
+[\fB\-cipher cipherlist\fR]
+[\fB\-quiet\fR]
+[\fB\-no_tmp_rsa\fR]
+[\fB\-ssl2\fR]
+[\fB\-ssl3\fR]
+[\fB\-tls1\fR]
+[\fB\-no_ssl2\fR]
+[\fB\-no_ssl3\fR]
+[\fB\-no_tls1\fR]
+[\fB\-no_dhe\fR]
+[\fB\-bugs\fR]
+[\fB\-hack\fR]
+[\fB\-www\fR]
+[\fB\-WWW\fR]
+[\fB\-HTTP\fR]
+[\fB\-engine id\fR]
+[\fB\-tlsextdebug\fR]
+[\fB\-no_ticket\fR]
+[\fB\-id_prefix arg\fR]
+[\fB\-rand file(s)\fR]
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+The \fBs_server\fR command implements a generic \s-1SSL/TLS\s0 server which listens
+for connections on a given port using \s-1SSL/TLS\s0.
+.SH "OPTIONS"
+.IX Header "OPTIONS"
+.IP "\fB\-accept port\fR" 4
+.IX Item "-accept port"
+the \s-1TCP\s0 port to listen on for connections. If not specified 4433 is used.
+.IP "\fB\-context id\fR" 4
+.IX Item "-context id"
+sets the \s-1SSL\s0 context id. It can be given any string value. If this option
+is not present a default value will be used.
+.IP "\fB\-cert certname\fR" 4
+.IX Item "-cert certname"
+The certificate to use, most servers cipher suites require the use of a
+certificate and some require a certificate with a certain public key type:
+for example the \s-1DSS\s0 cipher suites require a certificate containing a \s-1DSS\s0
+(\s-1DSA\s0) key. If not specified then the filename \*(L"server.pem\*(R" will be used.
+.IP "\fB\-certform format\fR" 4
+.IX Item "-certform format"
+The certificate format to use: \s-1DER\s0 or \s-1PEM\s0. \s-1PEM\s0 is the default.
+.IP "\fB\-key keyfile\fR" 4
+.IX Item "-key keyfile"
+The private key to use. If not specified then the certificate file will
+be used.
+.IP "\fB\-keyform format\fR" 4
+.IX Item "-keyform format"
+The private format to use: \s-1DER\s0 or \s-1PEM\s0. \s-1PEM\s0 is the default.
+.IP "\fB\-pass arg\fR" 4
+.IX Item "-pass arg"
+the private key password source. For more information about the format of \fBarg\fR
+see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
+.IP "\fB\-dcert filename\fR, \fB\-dkey keyname\fR" 4
+.IX Item "-dcert filename, -dkey keyname"
+specify an additional certificate and private key, these behave in the
+same manner as the \fB\-cert\fR and \fB\-key\fR options except there is no default
+if they are not specified (no additional certificate and key is used). As
+noted above some cipher suites require a certificate containing a key of
+a certain type. Some cipher suites need a certificate carrying an \s-1RSA\s0 key
+and some a \s-1DSS\s0 (\s-1DSA\s0) key. By using \s-1RSA\s0 and \s-1DSS\s0 certificates and keys
+a server can support clients which only support \s-1RSA\s0 or \s-1DSS\s0 cipher suites
+by using an appropriate certificate.
+.IP "\fB\-dcertform format\fR, \fB\-dkeyform format\fR, \fB\-dpass arg\fR" 4
+.IX Item "-dcertform format, -dkeyform format, -dpass arg"
+addtional certificate and private key format and passphrase respectively.
+.IP "\fB\-nocert\fR" 4
+.IX Item "-nocert"
+if this option is set then no certificate is used. This restricts the
+cipher suites available to the anonymous ones (currently just anonymous
+\&\s-1DH\s0).
+.IP "\fB\-dhparam filename\fR" 4
+.IX Item "-dhparam filename"
+the \s-1DH\s0 parameter file to use. The ephemeral \s-1DH\s0 cipher suites generate keys
+using a set of \s-1DH\s0 parameters. If not specified then an attempt is made to
+load the parameters from the server certificate file. If this fails then
+a static set of parameters hard coded into the s_server program will be used.
+.IP "\fB\-no_dhe\fR" 4
+.IX Item "-no_dhe"
+if this option is set then no \s-1DH\s0 parameters will be loaded effectively
+disabling the ephemeral \s-1DH\s0 cipher suites.
+.IP "\fB\-no_tmp_rsa\fR" 4
+.IX Item "-no_tmp_rsa"
+certain export cipher suites sometimes use a temporary \s-1RSA\s0 key, this option
+disables temporary \s-1RSA\s0 key generation.
+.IP "\fB\-verify depth\fR, \fB\-Verify depth\fR" 4
+.IX Item "-verify depth, -Verify depth"
+The verify depth to use. This specifies the maximum length of the
+client certificate chain and makes the server request a certificate from
+the client. With the \fB\-verify\fR option a certificate is requested but the
+client does not have to send one, with the \fB\-Verify\fR option the client
+must supply a certificate or an error occurs.
+.IP "\fB\-crl_check\fR, \fB\-crl_check_all\fR" 4
+.IX Item "-crl_check, -crl_check_all"
+Check the peer certificate has not been revoked by its \s-1CA\s0.
+The \s-1CRL\s0(s) are appended to the certificate file. With the \fB\-crl_check_all\fR
+option all CRLs of all CAs in the chain are checked.
+.IP "\fB\-CApath directory\fR" 4
+.IX Item "-CApath directory"
+The directory to use for client certificate verification. This directory
+must be in \*(L"hash format\*(R", see \fBverify\fR for more information. These are
+also used when building the server certificate chain.
+.IP "\fB\-CAfile file\fR" 4
+.IX Item "-CAfile file"
+A file containing trusted certificates to use during client authentication
+and to use when attempting to build the server certificate chain. The list
+is also used in the list of acceptable client CAs passed to the client when
+a certificate is requested.
+.IP "\fB\-state\fR" 4
+.IX Item "-state"
+prints out the \s-1SSL\s0 session states.
+.IP "\fB\-debug\fR" 4
+.IX Item "-debug"
+print extensive debugging information including a hex dump of all traffic.
+.IP "\fB\-msg\fR" 4
+.IX Item "-msg"
+show all protocol messages with hex dump.
+.IP "\fB\-nbio_test\fR" 4
+.IX Item "-nbio_test"
+tests non blocking I/O
+.IP "\fB\-nbio\fR" 4
+.IX Item "-nbio"
+turns on non blocking I/O
+.IP "\fB\-crlf\fR" 4
+.IX Item "-crlf"
+this option translated a line feed from the terminal into \s-1CR+LF\s0.
+.IP "\fB\-quiet\fR" 4
+.IX Item "-quiet"
+inhibit printing of session and certificate information.
+.IP "\fB\-ssl2\fR, \fB\-ssl3\fR, \fB\-tls1\fR, \fB\-no_ssl2\fR, \fB\-no_ssl3\fR, \fB\-no_tls1\fR" 4
+.IX Item "-ssl2, -ssl3, -tls1, -no_ssl2, -no_ssl3, -no_tls1"
+these options disable the use of certain \s-1SSL\s0 or \s-1TLS\s0 protocols. By default
+the initial handshake uses a method which should be compatible with all
+servers and permit them to use \s-1SSL\s0 v3, \s-1SSL\s0 v2 or \s-1TLS\s0 as appropriate.
+.IP "\fB\-bugs\fR" 4
+.IX Item "-bugs"
+there are several known bug in \s-1SSL\s0 and \s-1TLS\s0 implementations. Adding this
+option enables various workarounds.
+.IP "\fB\-hack\fR" 4
+.IX Item "-hack"
+this option enables a further workaround for some some early Netscape
+\&\s-1SSL\s0 code (?).
+.IP "\fB\-cipher cipherlist\fR" 4
+.IX Item "-cipher cipherlist"
+this allows the cipher list used by the server to be modified. When
+the client sends a list of supported ciphers the first client cipher
+also included in the server list is used. Because the client specifies
+the preference order, the order of the server cipherlist irrelevant. See
+the \fBciphers\fR command for more information.
+.IP "\fB\-tlsextdebug\fR" 4
+.IX Item "-tlsextdebug"
+print out a hex dump of any \s-1TLS\s0 extensions received from the server.
+.IP "\fB\-no_ticket\fR" 4
+.IX Item "-no_ticket"
+disable RFC4507bis session ticket support.
+.IP "\fB\-www\fR" 4
+.IX Item "-www"
+sends a status message back to the client when it connects. This includes
+lots of information about the ciphers used and various session parameters.
+The output is in \s-1HTML\s0 format so this option will normally be used with a
+web browser.
+.IP "\fB\-WWW\fR" 4
+.IX Item "-WWW"
+emulates a simple web server. Pages will be resolved relative to the
+current directory, for example if the \s-1URL\s0 https://myhost/page.html is
+requested the file ./page.html will be loaded.
+.IP "\fB\-HTTP\fR" 4
+.IX Item "-HTTP"
+emulates a simple web server. Pages will be resolved relative to the
+current directory, for example if the \s-1URL\s0 https://myhost/page.html is
+requested the file ./page.html will be loaded. The files loaded are
+assumed to contain a complete and correct \s-1HTTP\s0 response (lines that
+are part of the \s-1HTTP\s0 response line and headers must end with \s-1CRLF\s0).
+.IP "\fB\-engine id\fR" 4
+.IX Item "-engine id"
+specifying an engine (by it's unique \fBid\fR string) will cause \fBs_server\fR
+to attempt to obtain a functional reference to the specified engine,
+thus initialising it if needed. The engine will then be set as the default
+for all available algorithms.
+.IP "\fB\-id_prefix arg\fR" 4
+.IX Item "-id_prefix arg"
+generate \s-1SSL/TLS\s0 session IDs prefixed by \fBarg\fR. This is mostly useful
+for testing any \s-1SSL/TLS\s0 code (eg. proxies) that wish to deal with multiple
+servers, when each of which might be generating a unique range of session
+IDs (eg. with a certain prefix).
+.IP "\fB\-rand file(s)\fR" 4
+.IX Item "-rand file(s)"
+a file or files containing random data used to seed the random number
+generator, or an \s-1EGD\s0 socket (see \fIRAND_egd\fR\|(3)).
+Multiple files can be specified separated by a OS-dependent character.
+The separator is \fB;\fR for MS-Windows, \fB,\fR for OpenVMS, and \fB:\fR for
+all others.
+.SH "CONNECTED COMMANDS"
+.IX Header "CONNECTED COMMANDS"
+If a connection request is established with an \s-1SSL\s0 client and neither the
+\&\fB\-www\fR nor the \fB\-WWW\fR option has been used then normally any data received
+from the client is displayed and any key presses will be sent to the client.
+.PP
+Certain single letter commands are also recognized which perform special
+operations: these are listed below.
+.IP "\fBq\fR" 4
+.IX Item "q"
+end the current \s-1SSL\s0 connection but still accept new connections.
+.IP "\fBQ\fR" 4
+.IX Item "Q"
+end the current \s-1SSL\s0 connection and exit.
+.IP "\fBr\fR" 4
+.IX Item "r"
+renegotiate the \s-1SSL\s0 session.
+.IP "\fBR\fR" 4
+.IX Item "R"
+renegotiate the \s-1SSL\s0 session and request a client certificate.
+.IP "\fBP\fR" 4
+.IX Item "P"
+send some plain text down the underlying \s-1TCP\s0 connection: this should
+cause the client to disconnect due to a protocol violation.
+.IP "\fBS\fR" 4
+.IX Item "S"
+print out some session cache status information.
+.SH "NOTES"
+.IX Header "NOTES"
+\&\fBs_server\fR can be used to debug \s-1SSL\s0 clients. To accept connections from
+a web browser the command:
+.PP
+.Vb 1
+\& openssl s_server \-accept 443 \-www
+.Ve
+.PP
+can be used for example.
+.PP
+Most web browsers (in particular Netscape and \s-1MSIE\s0) only support \s-1RSA\s0 cipher
+suites, so they cannot connect to servers which don't use a certificate
+carrying an \s-1RSA\s0 key or a version of OpenSSL with \s-1RSA\s0 disabled.
+.PP
+Although specifying an empty list of CAs when requesting a client certificate
+is strictly speaking a protocol violation, some \s-1SSL\s0 clients interpret this to
+mean any \s-1CA\s0 is acceptable. This is useful for debugging purposes.
+.PP
+The session parameters can printed out using the \fBsess_id\fR program.
+.PP
+\&\s-1TLS\s0 extensions are only supported in OpenSSL 0.9.8 if they are explictly
+enabled at compile time using for example the \fBenable-tlsext\fR switch.
+.SH "BUGS"
+.IX Header "BUGS"
+Because this program has a lot of options and also because some of
+the techniques used are rather old, the C source of s_server is rather
+hard to read and not a model of how things should be done. A typical
+\&\s-1SSL\s0 server program would be much simpler.
+.PP
+The output of common ciphers is wrong: it just gives the list of ciphers that
+OpenSSL recognizes and the client supports.
+.PP
+There should be a way for the \fBs_server\fR program to print out details of any
+unknown cipher suites a client says it supports.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIsess_id\fR\|(1), \fIs_client\fR\|(1), \fIciphers\fR\|(1)
diff --git a/secure/usr.bin/openssl/man/s_time.1 b/secure/usr.bin/openssl/man/s_time.1
new file mode 100644
index 0000000..3838925
--- /dev/null
+++ b/secure/usr.bin/openssl/man/s_time.1
@@ -0,0 +1,277 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "S_TIME 1"
+.TH S_TIME 1 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+s_time \- SSL/TLS performance timing program
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+\&\fBopenssl\fR \fBs_time\fR
+[\fB\-connect host:port\fR]
+[\fB\-www page\fR]
+[\fB\-cert filename\fR]
+[\fB\-key filename\fR]
+[\fB\-CApath directory\fR]
+[\fB\-CAfile filename\fR]
+[\fB\-reuse\fR]
+[\fB\-new\fR]
+[\fB\-verify depth\fR]
+[\fB\-nbio\fR]
+[\fB\-time seconds\fR]
+[\fB\-ssl2\fR]
+[\fB\-ssl3\fR]
+[\fB\-bugs\fR]
+[\fB\-cipher cipherlist\fR]
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+The \fBs_client\fR command implements a generic \s-1SSL/TLS\s0 client which connects to a
+remote host using \s-1SSL/TLS\s0. It can request a page from the server and includes
+the time to transfer the payload data in its timing measurements. It measures
+the number of connections within a given timeframe, the amount of data
+transferred (if any), and calculates the average time spent for one connection.
+.SH "OPTIONS"
+.IX Header "OPTIONS"
+.IP "\fB\-connect host:port\fR" 4
+.IX Item "-connect host:port"
+This specifies the host and optional port to connect to.
+.IP "\fB\-www page\fR" 4
+.IX Item "-www page"
+This specifies the page to \s-1GET\s0 from the server. A value of '/' gets the
+index.htm[l] page. If this parameter is not specified, then \fBs_time\fR will only
+perform the handshake to establish \s-1SSL\s0 connections but not transfer any
+payload data.
+.IP "\fB\-cert certname\fR" 4
+.IX Item "-cert certname"
+The certificate to use, if one is requested by the server. The default is
+not to use a certificate. The file is in \s-1PEM\s0 format.
+.IP "\fB\-key keyfile\fR" 4
+.IX Item "-key keyfile"
+The private key to use. If not specified then the certificate file will
+be used. The file is in \s-1PEM\s0 format.
+.IP "\fB\-verify depth\fR" 4
+.IX Item "-verify depth"
+The verify depth to use. This specifies the maximum length of the
+server certificate chain and turns on server certificate verification.
+Currently the verify operation continues after errors so all the problems
+with a certificate chain can be seen. As a side effect the connection
+will never fail due to a server certificate verify failure.
+.IP "\fB\-CApath directory\fR" 4
+.IX Item "-CApath directory"
+The directory to use for server certificate verification. This directory
+must be in \*(L"hash format\*(R", see \fBverify\fR for more information. These are
+also used when building the client certificate chain.
+.IP "\fB\-CAfile file\fR" 4
+.IX Item "-CAfile file"
+A file containing trusted certificates to use during server authentication
+and to use when attempting to build the client certificate chain.
+.IP "\fB\-new\fR" 4
+.IX Item "-new"
+performs the timing test using a new session \s-1ID\s0 for each connection.
+If neither \fB\-new\fR nor \fB\-reuse\fR are specified, they are both on by default
+and executed in sequence.
+.IP "\fB\-reuse\fR" 4
+.IX Item "-reuse"
+performs the timing test using the same session \s-1ID\s0; this can be used as a test
+that session caching is working. If neither \fB\-new\fR nor \fB\-reuse\fR are
+specified, they are both on by default and executed in sequence.
+.IP "\fB\-nbio\fR" 4
+.IX Item "-nbio"
+turns on non-blocking I/O.
+.IP "\fB\-ssl2\fR, \fB\-ssl3\fR" 4
+.IX Item "-ssl2, -ssl3"
+these options disable the use of certain \s-1SSL\s0 or \s-1TLS\s0 protocols. By default
+the initial handshake uses a method which should be compatible with all
+servers and permit them to use \s-1SSL\s0 v3, \s-1SSL\s0 v2 or \s-1TLS\s0 as appropriate.
+The timing program is not as rich in options to turn protocols on and off as
+the \fIs_client\fR\|(1) program and may not connect to all servers.
+.Sp
+Unfortunately there are a lot of ancient and broken servers in use which
+cannot handle this technique and will fail to connect. Some servers only
+work if \s-1TLS\s0 is turned off with the \fB\-ssl3\fR option; others
+will only support \s-1SSL\s0 v2 and may need the \fB\-ssl2\fR option.
+.IP "\fB\-bugs\fR" 4
+.IX Item "-bugs"
+there are several known bug in \s-1SSL\s0 and \s-1TLS\s0 implementations. Adding this
+option enables various workarounds.
+.IP "\fB\-cipher cipherlist\fR" 4
+.IX Item "-cipher cipherlist"
+this allows the cipher list sent by the client to be modified. Although
+the server determines which cipher suite is used it should take the first
+supported cipher in the list sent by the client.
+See the \fIciphers\fR\|(1) command for more information.
+.IP "\fB\-time length\fR" 4
+.IX Item "-time length"
+specifies how long (in seconds) \fBs_time\fR should establish connections and
+optionally transfer payload data from a server. Server and client performance
+and the link speed determine how many connections \fBs_time\fR can establish.
+.SH "NOTES"
+.IX Header "NOTES"
+\&\fBs_client\fR can be used to measure the performance of an \s-1SSL\s0 connection.
+To connect to an \s-1SSL\s0 \s-1HTTP\s0 server and get the default page the command
+.PP
+.Vb 1
+\& openssl s_time \-connect servername:443 \-www / \-CApath yourdir \-CAfile yourfile.pem \-cipher commoncipher [\-ssl3]
+.Ve
+.PP
+would typically be used (https uses port 443). 'commoncipher' is a cipher to
+which both client and server can agree, see the \fIciphers\fR\|(1) command
+for details.
+.PP
+If the handshake fails then there are several possible causes, if it is
+nothing obvious like no client certificate then the \fB\-bugs\fR, \fB\-ssl2\fR,
+\&\fB\-ssl3\fR options can be tried
+in case it is a buggy server. In particular you should play with these
+options \fBbefore\fR submitting a bug report to an OpenSSL mailing list.
+.PP
+A frequent problem when attempting to get client certificates working
+is that a web client complains it has no certificates or gives an empty
+list to choose from. This is normally because the server is not sending
+the clients certificate authority in its \*(L"acceptable \s-1CA\s0 list\*(R" when it
+requests a certificate. By using \fIs_client\fR\|(1) the \s-1CA\s0 list can be
+viewed and checked. However some servers only request client authentication
+after a specific \s-1URL\s0 is requested. To obtain the list in this case it
+is necessary to use the \fB\-prexit\fR option of \fIs_client\fR\|(1) and
+send an \s-1HTTP\s0 request for an appropriate page.
+.PP
+If a certificate is specified on the command line using the \fB\-cert\fR
+option it will not be used unless the server specifically requests
+a client certificate. Therefor merely including a client certificate
+on the command line is no guarantee that the certificate works.
+.SH "BUGS"
+.IX Header "BUGS"
+Because this program does not have all the options of the
+\&\fIs_client\fR\|(1) program to turn protocols on and off, you may not be
+able to measure the performance of all protocols with all servers.
+.PP
+The \fB\-verify\fR option should really exit if the server verification
+fails.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIs_client\fR\|(1), \fIs_server\fR\|(1), \fIciphers\fR\|(1)
diff --git a/secure/usr.bin/openssl/man/sess_id.1 b/secure/usr.bin/openssl/man/sess_id.1
new file mode 100644
index 0000000..8ab621b
--- /dev/null
+++ b/secure/usr.bin/openssl/man/sess_id.1
@@ -0,0 +1,249 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "SESS_ID 1"
+.TH SESS_ID 1 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+sess_id \- SSL/TLS session handling utility
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+\&\fBopenssl\fR \fBsess_id\fR
+[\fB\-inform PEM|DER\fR]
+[\fB\-outform PEM|DER\fR]
+[\fB\-in filename\fR]
+[\fB\-out filename\fR]
+[\fB\-text\fR]
+[\fB\-noout\fR]
+[\fB\-context \s-1ID\s0\fR]
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+The \fBsess_id\fR process the encoded version of the \s-1SSL\s0 session structure
+and optionally prints out \s-1SSL\s0 session details (for example the \s-1SSL\s0 session
+master key) in human readable format. Since this is a diagnostic tool that
+needs some knowledge of the \s-1SSL\s0 protocol to use properly, most users will
+not need to use it.
+.IP "\fB\-inform DER|PEM\fR" 4
+.IX Item "-inform DER|PEM"
+This specifies the input format. The \fB\s-1DER\s0\fR option uses an \s-1ASN1\s0 \s-1DER\s0 encoded
+format containing session details. The precise format can vary from one version
+to the next. The \fB\s-1PEM\s0\fR form is the default format: it consists of the \fB\s-1DER\s0\fR
+format base64 encoded with additional header and footer lines.
+.IP "\fB\-outform DER|PEM\fR" 4
+.IX Item "-outform DER|PEM"
+This specifies the output format, the options have the same meaning as the
+\&\fB\-inform\fR option.
+.IP "\fB\-in filename\fR" 4
+.IX Item "-in filename"
+This specifies the input filename to read session information from or standard
+input by default.
+.IP "\fB\-out filename\fR" 4
+.IX Item "-out filename"
+This specifies the output filename to write session information to or standard
+output if this option is not specified.
+.IP "\fB\-text\fR" 4
+.IX Item "-text"
+prints out the various public or private key components in
+plain text in addition to the encoded version.
+.IP "\fB\-cert\fR" 4
+.IX Item "-cert"
+if a certificate is present in the session it will be output using this option,
+if the \fB\-text\fR option is also present then it will be printed out in text form.
+.IP "\fB\-noout\fR" 4
+.IX Item "-noout"
+this option prevents output of the encoded version of the session.
+.IP "\fB\-context \s-1ID\s0\fR" 4
+.IX Item "-context ID"
+this option can set the session id so the output session information uses the
+supplied \s-1ID\s0. The \s-1ID\s0 can be any string of characters. This option wont normally
+be used.
+.SH "OUTPUT"
+.IX Header "OUTPUT"
+Typical output:
+.PP
+.Vb 10
+\& SSL\-Session:
+\& Protocol : TLSv1
+\& Cipher : 0016
+\& Session\-ID: 871E62626C554CE95488823752CBD5F3673A3EF3DCE9C67BD916C809914B40ED
+\& Session\-ID\-ctx: 01000000
+\& Master\-Key: A7CEFC571974BE02CAC305269DC59F76EA9F0B180CB6642697A68251F2D2BB57E51DBBB4C7885573192AE9AEE220FACD
+\& Key\-Arg : None
+\& Start Time: 948459261
+\& Timeout : 300 (sec)
+\& Verify return code 0 (ok)
+.Ve
+.PP
+Theses are described below in more detail.
+.IP "\fBProtocol\fR" 4
+.IX Item "Protocol"
+this is the protocol in use TLSv1, SSLv3 or SSLv2.
+.IP "\fBCipher\fR" 4
+.IX Item "Cipher"
+the cipher used this is the actual raw \s-1SSL\s0 or \s-1TLS\s0 cipher code, see the \s-1SSL\s0
+or \s-1TLS\s0 specifications for more information.
+.IP "\fBSession-ID\fR" 4
+.IX Item "Session-ID"
+the \s-1SSL\s0 session \s-1ID\s0 in hex format.
+.IP "\fBSession-ID-ctx\fR" 4
+.IX Item "Session-ID-ctx"
+the session \s-1ID\s0 context in hex format.
+.IP "\fBMaster-Key\fR" 4
+.IX Item "Master-Key"
+this is the \s-1SSL\s0 session master key.
+.IP "\fBKey-Arg\fR" 4
+.IX Item "Key-Arg"
+the key argument, this is only used in \s-1SSL\s0 v2.
+.IP "\fBStart Time\fR" 4
+.IX Item "Start Time"
+this is the session start time represented as an integer in standard Unix format.
+.IP "\fBTimeout\fR" 4
+.IX Item "Timeout"
+the timeout in seconds.
+.IP "\fBVerify return code\fR" 4
+.IX Item "Verify return code"
+this is the return code when an \s-1SSL\s0 client certificate is verified.
+.SH "NOTES"
+.IX Header "NOTES"
+The \s-1PEM\s0 encoded session format uses the header and footer lines:
+.PP
+.Vb 2
+\& \-\-\-\-\-BEGIN SSL SESSION PARAMETERS\-\-\-\-\-
+\& \-\-\-\-\-END SSL SESSION PARAMETERS\-\-\-\-\-
+.Ve
+.PP
+Since the \s-1SSL\s0 session output contains the master key it is possible to read the contents
+of an encrypted session using this information. Therefore appropriate security precautions
+should be taken if the information is being output by a \*(L"real\*(R" application. This is
+however strongly discouraged and should only be used for debugging purposes.
+.SH "BUGS"
+.IX Header "BUGS"
+The cipher and start time should be printed out in human readable form.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIciphers\fR\|(1), \fIs_server\fR\|(1)
diff --git a/secure/usr.bin/openssl/man/smime.1 b/secure/usr.bin/openssl/man/smime.1
new file mode 100644
index 0000000..1abe463
--- /dev/null
+++ b/secure/usr.bin/openssl/man/smime.1
@@ -0,0 +1,484 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "SMIME 1"
+.TH SMIME 1 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+smime \- S/MIME utility
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+\&\fBopenssl\fR \fBsmime\fR
+[\fB\-encrypt\fR]
+[\fB\-decrypt\fR]
+[\fB\-sign\fR]
+[\fB\-verify\fR]
+[\fB\-pk7out\fR]
+[\fB\-des\fR]
+[\fB\-des3\fR]
+[\fB\-rc2\-40\fR]
+[\fB\-rc2\-64\fR]
+[\fB\-rc2\-128\fR]
+[\fB\-aes128\fR]
+[\fB\-aes192\fR]
+[\fB\-aes256\fR]
+[\fB\-camellia128\fR]
+[\fB\-camellia192\fR]
+[\fB\-camellia256\fR]
+[\fB\-in file\fR]
+[\fB\-certfile file\fR]
+[\fB\-signer file\fR]
+[\fB\-recip file\fR]
+[\fB\-inform SMIME|PEM|DER\fR]
+[\fB\-passin arg\fR]
+[\fB\-inkey file\fR]
+[\fB\-out file\fR]
+[\fB\-outform SMIME|PEM|DER\fR]
+[\fB\-content file\fR]
+[\fB\-to addr\fR]
+[\fB\-from ad\fR]
+[\fB\-subject s\fR]
+[\fB\-text\fR]
+[\fB\-rand file(s)\fR]
+[cert.pem]...
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+The \fBsmime\fR command handles S/MIME mail. It can encrypt, decrypt, sign and
+verify S/MIME messages.
+.SH "COMMAND OPTIONS"
+.IX Header "COMMAND OPTIONS"
+There are five operation options that set the type of operation to be performed.
+The meaning of the other options varies according to the operation type.
+.IP "\fB\-encrypt\fR" 4
+.IX Item "-encrypt"
+encrypt mail for the given recipient certificates. Input file is the message
+to be encrypted. The output file is the encrypted mail in \s-1MIME\s0 format.
+.IP "\fB\-decrypt\fR" 4
+.IX Item "-decrypt"
+decrypt mail using the supplied certificate and private key. Expects an
+encrypted mail message in \s-1MIME\s0 format for the input file. The decrypted mail
+is written to the output file.
+.IP "\fB\-sign\fR" 4
+.IX Item "-sign"
+sign mail using the supplied certificate and private key. Input file is
+the message to be signed. The signed message in \s-1MIME\s0 format is written
+to the output file.
+.IP "\fB\-verify\fR" 4
+.IX Item "-verify"
+verify signed mail. Expects a signed mail message on input and outputs
+the signed data. Both clear text and opaque signing is supported.
+.IP "\fB\-pk7out\fR" 4
+.IX Item "-pk7out"
+takes an input message and writes out a \s-1PEM\s0 encoded PKCS#7 structure.
+.IP "\fB\-in filename\fR" 4
+.IX Item "-in filename"
+the input message to be encrypted or signed or the \s-1MIME\s0 message to
+be decrypted or verified.
+.IP "\fB\-inform SMIME|PEM|DER\fR" 4
+.IX Item "-inform SMIME|PEM|DER"
+this specifies the input format for the PKCS#7 structure. The default
+is \fB\s-1SMIME\s0\fR which reads an S/MIME format message. \fB\s-1PEM\s0\fR and \fB\s-1DER\s0\fR
+format change this to expect \s-1PEM\s0 and \s-1DER\s0 format PKCS#7 structures
+instead. This currently only affects the input format of the PKCS#7
+structure, if no PKCS#7 structure is being input (for example with
+\&\fB\-encrypt\fR or \fB\-sign\fR) this option has no effect.
+.IP "\fB\-out filename\fR" 4
+.IX Item "-out filename"
+the message text that has been decrypted or verified or the output \s-1MIME\s0
+format message that has been signed or verified.
+.IP "\fB\-outform SMIME|PEM|DER\fR" 4
+.IX Item "-outform SMIME|PEM|DER"
+this specifies the output format for the PKCS#7 structure. The default
+is \fB\s-1SMIME\s0\fR which write an S/MIME format message. \fB\s-1PEM\s0\fR and \fB\s-1DER\s0\fR
+format change this to write \s-1PEM\s0 and \s-1DER\s0 format PKCS#7 structures
+instead. This currently only affects the output format of the PKCS#7
+structure, if no PKCS#7 structure is being output (for example with
+\&\fB\-verify\fR or \fB\-decrypt\fR) this option has no effect.
+.IP "\fB\-content filename\fR" 4
+.IX Item "-content filename"
+This specifies a file containing the detached content, this is only
+useful with the \fB\-verify\fR command. This is only usable if the PKCS#7
+structure is using the detached signature form where the content is
+not included. This option will override any content if the input format
+is S/MIME and it uses the multipart/signed \s-1MIME\s0 content type.
+.IP "\fB\-text\fR" 4
+.IX Item "-text"
+this option adds plain text (text/plain) \s-1MIME\s0 headers to the supplied
+message if encrypting or signing. If decrypting or verifying it strips
+off text headers: if the decrypted or verified message is not of \s-1MIME\s0
+type text/plain then an error occurs.
+.IP "\fB\-CAfile file\fR" 4
+.IX Item "-CAfile file"
+a file containing trusted \s-1CA\s0 certificates, only used with \fB\-verify\fR.
+.IP "\fB\-CApath dir\fR" 4
+.IX Item "-CApath dir"
+a directory containing trusted \s-1CA\s0 certificates, only used with
+\&\fB\-verify\fR. This directory must be a standard certificate directory: that
+is a hash of each subject name (using \fBx509 \-hash\fR) should be linked
+to each certificate.
+.IP "\fB\-des \-des3 \-rc2\-40 \-rc2\-64 \-rc2\-128 \-aes128 \-aes192 \-aes256 \-camellia128 \-camellia192 \-camellia256\fR" 4
+.IX Item "-des -des3 -rc2-40 -rc2-64 -rc2-128 -aes128 -aes192 -aes256 -camellia128 -camellia192 -camellia256"
+the encryption algorithm to use. \s-1DES\s0 (56 bits), triple \s-1DES\s0 (168 bits),
+40, 64 or 128 bit \s-1RC2\s0, 128, 192 or 256 bit \s-1AES\s0, or 128, 192 or 256 bit Camellia respectively. If not
+specified 40 bit \s-1RC2\s0 is used. Only used with \fB\-encrypt\fR.
+.IP "\fB\-nointern\fR" 4
+.IX Item "-nointern"
+when verifying a message normally certificates (if any) included in
+the message are searched for the signing certificate. With this option
+only the certificates specified in the \fB\-certfile\fR option are used.
+The supplied certificates can still be used as untrusted CAs however.
+.IP "\fB\-noverify\fR" 4
+.IX Item "-noverify"
+do not verify the signers certificate of a signed message.
+.IP "\fB\-nochain\fR" 4
+.IX Item "-nochain"
+do not do chain verification of signers certificates: that is don't
+use the certificates in the signed message as untrusted CAs.
+.IP "\fB\-nosigs\fR" 4
+.IX Item "-nosigs"
+don't try to verify the signatures on the message.
+.IP "\fB\-nocerts\fR" 4
+.IX Item "-nocerts"
+when signing a message the signer's certificate is normally included
+with this option it is excluded. This will reduce the size of the
+signed message but the verifier must have a copy of the signers certificate
+available locally (passed using the \fB\-certfile\fR option for example).
+.IP "\fB\-noattr\fR" 4
+.IX Item "-noattr"
+normally when a message is signed a set of attributes are included which
+include the signing time and supported symmetric algorithms. With this
+option they are not included.
+.IP "\fB\-binary\fR" 4
+.IX Item "-binary"
+normally the input message is converted to \*(L"canonical\*(R" format which is
+effectively using \s-1CR\s0 and \s-1LF\s0 as end of line: as required by the S/MIME
+specification. When this option is present no translation occurs. This
+is useful when handling binary data which may not be in \s-1MIME\s0 format.
+.IP "\fB\-nodetach\fR" 4
+.IX Item "-nodetach"
+when signing a message use opaque signing: this form is more resistant
+to translation by mail relays but it cannot be read by mail agents that
+do not support S/MIME. Without this option cleartext signing with
+the \s-1MIME\s0 type multipart/signed is used.
+.IP "\fB\-certfile file\fR" 4
+.IX Item "-certfile file"
+allows additional certificates to be specified. When signing these will
+be included with the message. When verifying these will be searched for
+the signers certificates. The certificates should be in \s-1PEM\s0 format.
+.IP "\fB\-signer file\fR" 4
+.IX Item "-signer file"
+the signers certificate when signing a message. If a message is
+being verified then the signers certificates will be written to this
+file if the verification was successful.
+.IP "\fB\-recip file\fR" 4
+.IX Item "-recip file"
+the recipients certificate when decrypting a message. This certificate
+must match one of the recipients of the message or an error occurs.
+.IP "\fB\-inkey file\fR" 4
+.IX Item "-inkey file"
+the private key to use when signing or decrypting. This must match the
+corresponding certificate. If this option is not specified then the
+private key must be included in the certificate file specified with
+the \fB\-recip\fR or \fB\-signer\fR file.
+.IP "\fB\-passin arg\fR" 4
+.IX Item "-passin arg"
+the private key password source. For more information about the format of \fBarg\fR
+see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
+.IP "\fB\-rand file(s)\fR" 4
+.IX Item "-rand file(s)"
+a file or files containing random data used to seed the random number
+generator, or an \s-1EGD\s0 socket (see \fIRAND_egd\fR\|(3)).
+Multiple files can be specified separated by a OS-dependent character.
+The separator is \fB;\fR for MS-Windows, \fB,\fR for OpenVMS, and \fB:\fR for
+all others.
+.IP "\fBcert.pem...\fR" 4
+.IX Item "cert.pem..."
+one or more certificates of message recipients: used when encrypting
+a message.
+.IP "\fB\-to, \-from, \-subject\fR" 4
+.IX Item "-to, -from, -subject"
+the relevant mail headers. These are included outside the signed
+portion of a message so they may be included manually. If signing
+then many S/MIME mail clients check the signers certificate's email
+address matches that specified in the From: address.
+.SH "NOTES"
+.IX Header "NOTES"
+The \s-1MIME\s0 message must be sent without any blank lines between the
+headers and the output. Some mail programs will automatically add
+a blank line. Piping the mail directly to sendmail is one way to
+achieve the correct format.
+.PP
+The supplied message to be signed or encrypted must include the
+necessary \s-1MIME\s0 headers or many S/MIME clients wont display it
+properly (if at all). You can use the \fB\-text\fR option to automatically
+add plain text headers.
+.PP
+A \*(L"signed and encrypted\*(R" message is one where a signed message is
+then encrypted. This can be produced by encrypting an already signed
+message: see the examples section.
+.PP
+This version of the program only allows one signer per message but it
+will verify multiple signers on received messages. Some S/MIME clients
+choke if a message contains multiple signers. It is possible to sign
+messages \*(L"in parallel\*(R" by signing an already signed message.
+.PP
+The options \fB\-encrypt\fR and \fB\-decrypt\fR reflect common usage in S/MIME
+clients. Strictly speaking these process PKCS#7 enveloped data: PKCS#7
+encrypted data is used for other purposes.
+.SH "EXIT CODES"
+.IX Header "EXIT CODES"
+.IP "0" 4
+the operation was completely successfully.
+.IP "1" 4
+.IX Item "1"
+an error occurred parsing the command options.
+.IP "2" 4
+.IX Item "2"
+one of the input files could not be read.
+.IP "3" 4
+.IX Item "3"
+an error occurred creating the PKCS#7 file or when reading the \s-1MIME\s0
+message.
+.IP "4" 4
+.IX Item "4"
+an error occurred decrypting or verifying the message.
+.IP "5" 4
+.IX Item "5"
+the message was verified correctly but an error occurred writing out
+the signers certificates.
+.SH "EXAMPLES"
+.IX Header "EXAMPLES"
+Create a cleartext signed message:
+.PP
+.Vb 2
+\& openssl smime \-sign \-in message.txt \-text \-out mail.msg \e
+\& \-signer mycert.pem
+.Ve
+.PP
+Create and opaque signed message:
+.PP
+.Vb 2
+\& openssl smime \-sign \-in message.txt \-text \-out mail.msg \-nodetach \e
+\& \-signer mycert.pem
+.Ve
+.PP
+Create a signed message, include some additional certificates and
+read the private key from another file:
+.PP
+.Vb 2
+\& openssl smime \-sign \-in in.txt \-text \-out mail.msg \e
+\& \-signer mycert.pem \-inkey mykey.pem \-certfile mycerts.pem
+.Ve
+.PP
+Send a signed message under Unix directly to sendmail, including headers:
+.PP
+.Vb 3
+\& openssl smime \-sign \-in in.txt \-text \-signer mycert.pem \e
+\& \-from steve@openssl.org \-to someone@somewhere \e
+\& \-subject "Signed message" | sendmail someone@somewhere
+.Ve
+.PP
+Verify a message and extract the signer's certificate if successful:
+.PP
+.Vb 1
+\& openssl smime \-verify \-in mail.msg \-signer user.pem \-out signedtext.txt
+.Ve
+.PP
+Send encrypted mail using triple \s-1DES:\s0
+.PP
+.Vb 3
+\& openssl smime \-encrypt \-in in.txt \-from steve@openssl.org \e
+\& \-to someone@somewhere \-subject "Encrypted message" \e
+\& \-des3 user.pem \-out mail.msg
+.Ve
+.PP
+Sign and encrypt mail:
+.PP
+.Vb 4
+\& openssl smime \-sign \-in ml.txt \-signer my.pem \-text \e
+\& | openssl smime \-encrypt \-out mail.msg \e
+\& \-from steve@openssl.org \-to someone@somewhere \e
+\& \-subject "Signed and Encrypted message" \-des3 user.pem
+.Ve
+.PP
+Note: the encryption command does not include the \fB\-text\fR option because the message
+being encrypted already has \s-1MIME\s0 headers.
+.PP
+Decrypt mail:
+.PP
+.Vb 1
+\& openssl smime \-decrypt \-in mail.msg \-recip mycert.pem \-inkey key.pem
+.Ve
+.PP
+The output from Netscape form signing is a PKCS#7 structure with the
+detached signature format. You can use this program to verify the
+signature by line wrapping the base64 encoded structure and surrounding
+it with:
+.PP
+.Vb 2
+\& \-\-\-\-\-BEGIN PKCS7\-\-\-\-\-
+\& \-\-\-\-\-END PKCS7\-\-\-\-\-
+.Ve
+.PP
+and using the command:
+.PP
+.Vb 1
+\& openssl smime \-verify \-inform PEM \-in signature.pem \-content content.txt
+.Ve
+.PP
+Alternatively you can base64 decode the signature and use:
+.PP
+.Vb 1
+\& openssl smime \-verify \-inform DER \-in signature.der \-content content.txt
+.Ve
+.PP
+Create an encrypted message using 128 bit Camellia:
+.PP
+.Vb 1
+\& openssl smime \-encrypt \-in plain.txt \-camellia128 \-out mail.msg cert.pem
+.Ve
+.SH "BUGS"
+.IX Header "BUGS"
+The \s-1MIME\s0 parser isn't very clever: it seems to handle most messages that I've thrown
+at it but it may choke on others.
+.PP
+The code currently will only write out the signer's certificate to a file: if the
+signer has a separate encryption certificate this must be manually extracted. There
+should be some heuristic that determines the correct encryption certificate.
+.PP
+Ideally a database should be maintained of a certificates for each email address.
+.PP
+The code doesn't currently take note of the permitted symmetric encryption
+algorithms as supplied in the SMIMECapabilities signed attribute. This means the
+user has to manually include the correct encryption algorithm. It should store
+the list of permitted ciphers in a database and only use those.
+.PP
+No revocation checking is done on the signer's certificate.
+.PP
+The current code can only handle S/MIME v2 messages, the more complex S/MIME v3
+structures may cause parsing errors.
diff --git a/secure/usr.bin/openssl/man/speed.1 b/secure/usr.bin/openssl/man/speed.1
new file mode 100644
index 0000000..99dc0cd
--- /dev/null
+++ b/secure/usr.bin/openssl/man/speed.1
@@ -0,0 +1,177 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "SPEED 1"
+.TH SPEED 1 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+speed \- test library performance
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+\&\fBopenssl speed\fR
+[\fB\-engine id\fR]
+[\fBmd2\fR]
+[\fBmdc2\fR]
+[\fBmd5\fR]
+[\fBhmac\fR]
+[\fBsha1\fR]
+[\fBrmd160\fR]
+[\fBidea-cbc\fR]
+[\fBrc2\-cbc\fR]
+[\fBrc5\-cbc\fR]
+[\fBbf-cbc\fR]
+[\fBdes-cbc\fR]
+[\fBdes\-ede3\fR]
+[\fBrc4\fR]
+[\fBrsa512\fR]
+[\fBrsa1024\fR]
+[\fBrsa2048\fR]
+[\fBrsa4096\fR]
+[\fBdsa512\fR]
+[\fBdsa1024\fR]
+[\fBdsa2048\fR]
+[\fBidea\fR]
+[\fBrc2\fR]
+[\fBdes\fR]
+[\fBrsa\fR]
+[\fBblowfish\fR]
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+This command is used to test the performance of cryptographic algorithms.
+.SH "OPTIONS"
+.IX Header "OPTIONS"
+.IP "\fB\-engine id\fR" 4
+.IX Item "-engine id"
+specifying an engine (by it's unique \fBid\fR string) will cause \fBspeed\fR
+to attempt to obtain a functional reference to the specified engine,
+thus initialising it if needed. The engine will then be set as the default
+for all available algorithms.
+.IP "\fB[zero or more test algorithms]\fR" 4
+.IX Item "[zero or more test algorithms]"
+If any options are given, \fBspeed\fR tests those algorithms, otherwise all of
+the above are tested.
diff --git a/secure/usr.bin/openssl/man/spkac.1 b/secure/usr.bin/openssl/man/spkac.1
new file mode 100644
index 0000000..28ebfa5
--- /dev/null
+++ b/secure/usr.bin/openssl/man/spkac.1
@@ -0,0 +1,247 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "SPKAC 1"
+.TH SPKAC 1 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+spkac \- SPKAC printing and generating utility
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+\&\fBopenssl\fR \fBspkac\fR
+[\fB\-in filename\fR]
+[\fB\-out filename\fR]
+[\fB\-key keyfile\fR]
+[\fB\-passin arg\fR]
+[\fB\-challenge string\fR]
+[\fB\-pubkey\fR]
+[\fB\-spkac spkacname\fR]
+[\fB\-spksect section\fR]
+[\fB\-noout\fR]
+[\fB\-verify\fR]
+[\fB\-engine id\fR]
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+The \fBspkac\fR command processes Netscape signed public key and challenge
+(\s-1SPKAC\s0) files. It can print out their contents, verify the signature and
+produce its own SPKACs from a supplied private key.
+.SH "COMMAND OPTIONS"
+.IX Header "COMMAND OPTIONS"
+.IP "\fB\-in filename\fR" 4
+.IX Item "-in filename"
+This specifies the input filename to read from or standard input if this
+option is not specified. Ignored if the \fB\-key\fR option is used.
+.IP "\fB\-out filename\fR" 4
+.IX Item "-out filename"
+specifies the output filename to write to or standard output by
+default.
+.IP "\fB\-key keyfile\fR" 4
+.IX Item "-key keyfile"
+create an \s-1SPKAC\s0 file using the private key in \fBkeyfile\fR. The
+\&\fB\-in\fR, \fB\-noout\fR, \fB\-spksect\fR and \fB\-verify\fR options are ignored if
+present.
+.IP "\fB\-passin password\fR" 4
+.IX Item "-passin password"
+the input file password source. For more information about the format of \fBarg\fR
+see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
+.IP "\fB\-challenge string\fR" 4
+.IX Item "-challenge string"
+specifies the challenge string if an \s-1SPKAC\s0 is being created.
+.IP "\fB\-spkac spkacname\fR" 4
+.IX Item "-spkac spkacname"
+allows an alternative name form the variable containing the
+\&\s-1SPKAC\s0. The default is \*(L"\s-1SPKAC\s0\*(R". This option affects both
+generated and input \s-1SPKAC\s0 files.
+.IP "\fB\-spksect section\fR" 4
+.IX Item "-spksect section"
+allows an alternative name form the section containing the
+\&\s-1SPKAC\s0. The default is the default section.
+.IP "\fB\-noout\fR" 4
+.IX Item "-noout"
+don't output the text version of the \s-1SPKAC\s0 (not used if an
+\&\s-1SPKAC\s0 is being created).
+.IP "\fB\-pubkey\fR" 4
+.IX Item "-pubkey"
+output the public key of an \s-1SPKAC\s0 (not used if an \s-1SPKAC\s0 is
+being created).
+.IP "\fB\-verify\fR" 4
+.IX Item "-verify"
+verifies the digital signature on the supplied \s-1SPKAC\s0.
+.IP "\fB\-engine id\fR" 4
+.IX Item "-engine id"
+specifying an engine (by it's unique \fBid\fR string) will cause \fBreq\fR
+to attempt to obtain a functional reference to the specified engine,
+thus initialising it if needed. The engine will then be set as the default
+for all available algorithms.
+.SH "EXAMPLES"
+.IX Header "EXAMPLES"
+Print out the contents of an \s-1SPKAC:\s0
+.PP
+.Vb 1
+\& openssl spkac \-in spkac.cnf
+.Ve
+.PP
+Verify the signature of an \s-1SPKAC:\s0
+.PP
+.Vb 1
+\& openssl spkac \-in spkac.cnf \-noout \-verify
+.Ve
+.PP
+Create an \s-1SPKAC\s0 using the challenge string \*(L"hello\*(R":
+.PP
+.Vb 1
+\& openssl spkac \-key key.pem \-challenge hello \-out spkac.cnf
+.Ve
+.PP
+Example of an \s-1SPKAC\s0, (long lines split up for clarity):
+.PP
+.Vb 5
+\& SPKAC=MIG5MGUwXDANBgkqhkiG9w0BAQEFAANLADBIAkEA1cCoq2Wa3Ixs47uI7F\e
+\& PVwHVIPDx5yso105Y6zpozam135a8R0CpoRvkkigIyXfcCjiVi5oWk+6FfPaD03u\e
+\& PFoQIDAQABFgVoZWxsbzANBgkqhkiG9w0BAQQFAANBAFpQtY/FojdwkJh1bEIYuc\e
+\& 2EeM2KHTWPEepWYeawvHD0gQ3DngSC75YCWnnDdq+NQ3F+X4deMx9AaEglZtULwV\e
+\& 4=
+.Ve
+.SH "NOTES"
+.IX Header "NOTES"
+A created \s-1SPKAC\s0 with suitable \s-1DN\s0 components appended can be fed into
+the \fBca\fR utility.
+.PP
+SPKACs are typically generated by Netscape when a form is submitted
+containing the \fB\s-1KEYGEN\s0\fR tag as part of the certificate enrollment
+process.
+.PP
+The challenge string permits a primitive form of proof of possession
+of private key. By checking the \s-1SPKAC\s0 signature and a random challenge
+string some guarantee is given that the user knows the private key
+corresponding to the public key being certified. This is important in
+some applications. Without this it is possible for a previous \s-1SPKAC\s0
+to be used in a \*(L"replay attack\*(R".
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIca\fR\|(1)
diff --git a/secure/usr.bin/openssl/man/verify.1 b/secure/usr.bin/openssl/man/verify.1
new file mode 100644
index 0000000..9e81860
--- /dev/null
+++ b/secure/usr.bin/openssl/man/verify.1
@@ -0,0 +1,406 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "VERIFY 1"
+.TH VERIFY 1 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+verify \- Utility to verify certificates.
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+\&\fBopenssl\fR \fBverify\fR
+[\fB\-CApath directory\fR]
+[\fB\-CAfile file\fR]
+[\fB\-purpose purpose\fR]
+[\fB\-untrusted file\fR]
+[\fB\-help\fR]
+[\fB\-issuer_checks\fR]
+[\fB\-verbose\fR]
+[\fB\-\fR]
+[certificates]
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+The \fBverify\fR command verifies certificate chains.
+.SH "COMMAND OPTIONS"
+.IX Header "COMMAND OPTIONS"
+.IP "\fB\-CApath directory\fR" 4
+.IX Item "-CApath directory"
+A directory of trusted certificates. The certificates should have names
+of the form: hash.0 or have symbolic links to them of this
+form (\*(L"hash\*(R" is the hashed certificate subject name: see the \fB\-hash\fR option
+of the \fBx509\fR utility). Under Unix the \fBc_rehash\fR script will automatically
+create symbolic links to a directory of certificates.
+.IP "\fB\-CAfile file\fR" 4
+.IX Item "-CAfile file"
+A file of trusted certificates. The file should contain multiple certificates
+in \s-1PEM\s0 format concatenated together.
+.IP "\fB\-untrusted file\fR" 4
+.IX Item "-untrusted file"
+A file of untrusted certificates. The file should contain multiple certificates
+.IP "\fB\-purpose purpose\fR" 4
+.IX Item "-purpose purpose"
+the intended use for the certificate. Without this option no chain verification
+will be done. Currently accepted uses are \fBsslclient\fR, \fBsslserver\fR,
+\&\fBnssslserver\fR, \fBsmimesign\fR, \fBsmimeencrypt\fR. See the \fB\s-1VERIFY\s0 \s-1OPERATION\s0\fR
+section for more information.
+.IP "\fB\-help\fR" 4
+.IX Item "-help"
+prints out a usage message.
+.IP "\fB\-verbose\fR" 4
+.IX Item "-verbose"
+print extra information about the operations being performed.
+.IP "\fB\-issuer_checks\fR" 4
+.IX Item "-issuer_checks"
+print out diagnostics relating to searches for the issuer certificate
+of the current certificate. This shows why each candidate issuer
+certificate was rejected. However the presence of rejection messages
+does not itself imply that anything is wrong: during the normal
+verify process several rejections may take place.
+.IP "\fB\-check_ss_sig\fR" 4
+.IX Item "-check_ss_sig"
+Verify the signature on the self-signed root \s-1CA\s0. This is disabled by default
+because it doesn't add any security.
+.IP "\fB\-\fR" 4
+.IX Item "-"
+marks the last option. All arguments following this are assumed to be
+certificate files. This is useful if the first certificate filename begins
+with a \fB\-\fR.
+.IP "\fBcertificates\fR" 4
+.IX Item "certificates"
+one or more certificates to verify. If no certificate filenames are included
+then an attempt is made to read a certificate from standard input. They should
+all be in \s-1PEM\s0 format.
+.SH "VERIFY OPERATION"
+.IX Header "VERIFY OPERATION"
+The \fBverify\fR program uses the same functions as the internal \s-1SSL\s0 and S/MIME
+verification, therefore this description applies to these verify operations
+too.
+.PP
+There is one crucial difference between the verify operations performed
+by the \fBverify\fR program: wherever possible an attempt is made to continue
+after an error whereas normally the verify operation would halt on the
+first error. This allows all the problems with a certificate chain to be
+determined.
+.PP
+The verify operation consists of a number of separate steps.
+.PP
+Firstly a certificate chain is built up starting from the supplied certificate
+and ending in the root \s-1CA\s0. It is an error if the whole chain cannot be built
+up. The chain is built up by looking up the issuers certificate of the current
+certificate. If a certificate is found which is its own issuer it is assumed
+to be the root \s-1CA\s0.
+.PP
+The process of 'looking up the issuers certificate' itself involves a number
+of steps. In versions of OpenSSL before 0.9.5a the first certificate whose
+subject name matched the issuer of the current certificate was assumed to be
+the issuers certificate. In OpenSSL 0.9.6 and later all certificates
+whose subject name matches the issuer name of the current certificate are
+subject to further tests. The relevant authority key identifier components
+of the current certificate (if present) must match the subject key identifier
+(if present) and issuer and serial number of the candidate issuer, in addition
+the keyUsage extension of the candidate issuer (if present) must permit
+certificate signing.
+.PP
+The lookup first looks in the list of untrusted certificates and if no match
+is found the remaining lookups are from the trusted certificates. The root \s-1CA\s0
+is always looked up in the trusted certificate list: if the certificate to
+verify is a root certificate then an exact match must be found in the trusted
+list.
+.PP
+The second operation is to check every untrusted certificate's extensions for
+consistency with the supplied purpose. If the \fB\-purpose\fR option is not included
+then no checks are done. The supplied or \*(L"leaf\*(R" certificate must have extensions
+compatible with the supplied purpose and all other certificates must also be valid
+\&\s-1CA\s0 certificates. The precise extensions required are described in more detail in
+the \fB\s-1CERTIFICATE\s0 \s-1EXTENSIONS\s0\fR section of the \fBx509\fR utility.
+.PP
+The third operation is to check the trust settings on the root \s-1CA\s0. The root
+\&\s-1CA\s0 should be trusted for the supplied purpose. For compatibility with previous
+versions of SSLeay and OpenSSL a certificate with no trust settings is considered
+to be valid for all purposes.
+.PP
+The final operation is to check the validity of the certificate chain. The validity
+period is checked against the current system time and the notBefore and notAfter
+dates in the certificate. The certificate signatures are also checked at this
+point.
+.PP
+If all operations complete successfully then certificate is considered valid. If
+any operation fails then the certificate is not valid.
+.SH "DIAGNOSTICS"
+.IX Header "DIAGNOSTICS"
+When a verify operation fails the output messages can be somewhat cryptic. The
+general form of the error message is:
+.PP
+.Vb 2
+\& server.pem: /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test CA (1024 bit)
+\& error 24 at 1 depth lookup:invalid CA certificate
+.Ve
+.PP
+The first line contains the name of the certificate being verified followed by
+the subject name of the certificate. The second line contains the error number
+and the depth. The depth is number of the certificate being verified when a
+problem was detected starting with zero for the certificate being verified itself
+then 1 for the \s-1CA\s0 that signed the certificate and so on. Finally a text version
+of the error number is presented.
+.PP
+An exhaustive list of the error codes and messages is shown below, this also
+includes the name of the error code as defined in the header file x509_vfy.h
+Some of the error codes are defined but never returned: these are described
+as \*(L"unused\*(R".
+.IP "\fB0 X509_V_OK: ok\fR" 4
+.IX Item "0 X509_V_OK: ok"
+the operation was successful.
+.IP "\fB2 X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: unable to get issuer certificate\fR" 4
+.IX Item "2 X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: unable to get issuer certificate"
+the issuer certificate of a looked up certificate could not be found. This
+normally means the list of trusted certificates is not complete.
+.IP "\fB3 X509_V_ERR_UNABLE_TO_GET_CRL: unable to get certificate \s-1CRL\s0\fR" 4
+.IX Item "3 X509_V_ERR_UNABLE_TO_GET_CRL: unable to get certificate CRL"
+the \s-1CRL\s0 of a certificate could not be found. Unused.
+.IP "\fB4 X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE: unable to decrypt certificate's signature\fR" 4
+.IX Item "4 X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE: unable to decrypt certificate's signature"
+the certificate signature could not be decrypted. This means that the actual signature value
+could not be determined rather than it not matching the expected value, this is only
+meaningful for \s-1RSA\s0 keys.
+.IP "\fB5 X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE: unable to decrypt \s-1CRL\s0's signature\fR" 4
+.IX Item "5 X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE: unable to decrypt CRL's signature"
+the \s-1CRL\s0 signature could not be decrypted: this means that the actual signature value
+could not be determined rather than it not matching the expected value. Unused.
+.IP "\fB6 X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY: unable to decode issuer public key\fR" 4
+.IX Item "6 X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY: unable to decode issuer public key"
+the public key in the certificate SubjectPublicKeyInfo could not be read.
+.IP "\fB7 X509_V_ERR_CERT_SIGNATURE_FAILURE: certificate signature failure\fR" 4
+.IX Item "7 X509_V_ERR_CERT_SIGNATURE_FAILURE: certificate signature failure"
+the signature of the certificate is invalid.
+.IP "\fB8 X509_V_ERR_CRL_SIGNATURE_FAILURE: \s-1CRL\s0 signature failure\fR" 4
+.IX Item "8 X509_V_ERR_CRL_SIGNATURE_FAILURE: CRL signature failure"
+the signature of the certificate is invalid. Unused.
+.IP "\fB9 X509_V_ERR_CERT_NOT_YET_VALID: certificate is not yet valid\fR" 4
+.IX Item "9 X509_V_ERR_CERT_NOT_YET_VALID: certificate is not yet valid"
+the certificate is not yet valid: the notBefore date is after the current time.
+.IP "\fB10 X509_V_ERR_CERT_HAS_EXPIRED: certificate has expired\fR" 4
+.IX Item "10 X509_V_ERR_CERT_HAS_EXPIRED: certificate has expired"
+the certificate has expired: that is the notAfter date is before the current time.
+.IP "\fB11 X509_V_ERR_CRL_NOT_YET_VALID: \s-1CRL\s0 is not yet valid\fR" 4
+.IX Item "11 X509_V_ERR_CRL_NOT_YET_VALID: CRL is not yet valid"
+the \s-1CRL\s0 is not yet valid. Unused.
+.IP "\fB12 X509_V_ERR_CRL_HAS_EXPIRED: \s-1CRL\s0 has expired\fR" 4
+.IX Item "12 X509_V_ERR_CRL_HAS_EXPIRED: CRL has expired"
+the \s-1CRL\s0 has expired. Unused.
+.IP "\fB13 X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: format error in certificate's notBefore field\fR" 4
+.IX Item "13 X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: format error in certificate's notBefore field"
+the certificate notBefore field contains an invalid time.
+.IP "\fB14 X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: format error in certificate's notAfter field\fR" 4
+.IX Item "14 X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: format error in certificate's notAfter field"
+the certificate notAfter field contains an invalid time.
+.IP "\fB15 X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD: format error in \s-1CRL\s0's lastUpdate field\fR" 4
+.IX Item "15 X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD: format error in CRL's lastUpdate field"
+the \s-1CRL\s0 lastUpdate field contains an invalid time. Unused.
+.IP "\fB16 X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD: format error in \s-1CRL\s0's nextUpdate field\fR" 4
+.IX Item "16 X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD: format error in CRL's nextUpdate field"
+the \s-1CRL\s0 nextUpdate field contains an invalid time. Unused.
+.IP "\fB17 X509_V_ERR_OUT_OF_MEM: out of memory\fR" 4
+.IX Item "17 X509_V_ERR_OUT_OF_MEM: out of memory"
+an error occurred trying to allocate memory. This should never happen.
+.IP "\fB18 X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT: self signed certificate\fR" 4
+.IX Item "18 X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT: self signed certificate"
+the passed certificate is self signed and the same certificate cannot be found in the list of
+trusted certificates.
+.IP "\fB19 X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN: self signed certificate in certificate chain\fR" 4
+.IX Item "19 X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN: self signed certificate in certificate chain"
+the certificate chain could be built up using the untrusted certificates but the root could not
+be found locally.
+.IP "\fB20 X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY: unable to get local issuer certificate\fR" 4
+.IX Item "20 X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY: unable to get local issuer certificate"
+the issuer certificate could not be found: this occurs if the issuer
+certificate of an untrusted certificate cannot be found.
+.IP "\fB21 X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE: unable to verify the first certificate\fR" 4
+.IX Item "21 X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE: unable to verify the first certificate"
+no signatures could be verified because the chain contains only one certificate and it is not
+self signed.
+.IP "\fB22 X509_V_ERR_CERT_CHAIN_TOO_LONG: certificate chain too long\fR" 4
+.IX Item "22 X509_V_ERR_CERT_CHAIN_TOO_LONG: certificate chain too long"
+the certificate chain length is greater than the supplied maximum depth. Unused.
+.IP "\fB23 X509_V_ERR_CERT_REVOKED: certificate revoked\fR" 4
+.IX Item "23 X509_V_ERR_CERT_REVOKED: certificate revoked"
+the certificate has been revoked. Unused.
+.IP "\fB24 X509_V_ERR_INVALID_CA: invalid \s-1CA\s0 certificate\fR" 4
+.IX Item "24 X509_V_ERR_INVALID_CA: invalid CA certificate"
+a \s-1CA\s0 certificate is invalid. Either it is not a \s-1CA\s0 or its extensions are not consistent
+with the supplied purpose.
+.IP "\fB25 X509_V_ERR_PATH_LENGTH_EXCEEDED: path length constraint exceeded\fR" 4
+.IX Item "25 X509_V_ERR_PATH_LENGTH_EXCEEDED: path length constraint exceeded"
+the basicConstraints pathlength parameter has been exceeded.
+.IP "\fB26 X509_V_ERR_INVALID_PURPOSE: unsupported certificate purpose\fR" 4
+.IX Item "26 X509_V_ERR_INVALID_PURPOSE: unsupported certificate purpose"
+the supplied certificate cannot be used for the specified purpose.
+.IP "\fB27 X509_V_ERR_CERT_UNTRUSTED: certificate not trusted\fR" 4
+.IX Item "27 X509_V_ERR_CERT_UNTRUSTED: certificate not trusted"
+the root \s-1CA\s0 is not marked as trusted for the specified purpose.
+.IP "\fB28 X509_V_ERR_CERT_REJECTED: certificate rejected\fR" 4
+.IX Item "28 X509_V_ERR_CERT_REJECTED: certificate rejected"
+the root \s-1CA\s0 is marked to reject the specified purpose.
+.IP "\fB29 X509_V_ERR_SUBJECT_ISSUER_MISMATCH: subject issuer mismatch\fR" 4
+.IX Item "29 X509_V_ERR_SUBJECT_ISSUER_MISMATCH: subject issuer mismatch"
+the current candidate issuer certificate was rejected because its subject name
+did not match the issuer name of the current certificate. Only displayed when
+the \fB\-issuer_checks\fR option is set.
+.IP "\fB30 X509_V_ERR_AKID_SKID_MISMATCH: authority and subject key identifier mismatch\fR" 4
+.IX Item "30 X509_V_ERR_AKID_SKID_MISMATCH: authority and subject key identifier mismatch"
+the current candidate issuer certificate was rejected because its subject key
+identifier was present and did not match the authority key identifier current
+certificate. Only displayed when the \fB\-issuer_checks\fR option is set.
+.IP "\fB31 X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH: authority and issuer serial number mismatch\fR" 4
+.IX Item "31 X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH: authority and issuer serial number mismatch"
+the current candidate issuer certificate was rejected because its issuer name
+and serial number was present and did not match the authority key identifier
+of the current certificate. Only displayed when the \fB\-issuer_checks\fR option is set.
+.IP "\fB32 X509_V_ERR_KEYUSAGE_NO_CERTSIGN:key usage does not include certificate signing\fR" 4
+.IX Item "32 X509_V_ERR_KEYUSAGE_NO_CERTSIGN:key usage does not include certificate signing"
+the current candidate issuer certificate was rejected because its keyUsage extension
+does not permit certificate signing.
+.IP "\fB50 X509_V_ERR_APPLICATION_VERIFICATION: application verification failure\fR" 4
+.IX Item "50 X509_V_ERR_APPLICATION_VERIFICATION: application verification failure"
+an application specific error. Unused.
+.SH "BUGS"
+.IX Header "BUGS"
+Although the issuer checks are a considerably improvement over the old technique they still
+suffer from limitations in the underlying X509_LOOKUP \s-1API\s0. One consequence of this is that
+trusted certificates with matching subject name must either appear in a file (as specified by the
+\&\fB\-CAfile\fR option) or a directory (as specified by \fB\-CApath\fR. If they occur in both then only
+the certificates in the file will be recognised.
+.PP
+Previous versions of OpenSSL assume certificates with matching subject name are identical and
+mishandled them.
+.PP
+Previous versions of this documentation swapped the meaning of the
+\&\fBX509_V_ERR_UNABLE_TO_GET_ISSUER_CERT\fR and
+\&\fB20 X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY\fR error codes.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIx509\fR\|(1)
diff --git a/secure/usr.bin/openssl/man/version.1 b/secure/usr.bin/openssl/man/version.1
new file mode 100644
index 0000000..0ea1798
--- /dev/null
+++ b/secure/usr.bin/openssl/man/version.1
@@ -0,0 +1,175 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "VERSION 1"
+.TH VERSION 1 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+version \- print OpenSSL version information
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+\&\fBopenssl version\fR
+[\fB\-a\fR]
+[\fB\-v\fR]
+[\fB\-b\fR]
+[\fB\-o\fR]
+[\fB\-f\fR]
+[\fB\-p\fR]
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+This command is used to print out version information about OpenSSL.
+.SH "OPTIONS"
+.IX Header "OPTIONS"
+.IP "\fB\-a\fR" 4
+.IX Item "-a"
+all information, this is the same as setting all the other flags.
+.IP "\fB\-v\fR" 4
+.IX Item "-v"
+the current OpenSSL version.
+.IP "\fB\-b\fR" 4
+.IX Item "-b"
+the date the current version of OpenSSL was built.
+.IP "\fB\-o\fR" 4
+.IX Item "-o"
+option information: various options set when the library was built.
+.IP "\fB\-c\fR" 4
+.IX Item "-c"
+compilation flags.
+.IP "\fB\-p\fR" 4
+.IX Item "-p"
+platform setting.
+.IP "\fB\-d\fR" 4
+.IX Item "-d"
+\&\s-1OPENSSLDIR\s0 setting.
+.SH "NOTES"
+.IX Header "NOTES"
+The output of \fBopenssl version \-a\fR would typically be used when sending
+in a bug report.
+.SH "HISTORY"
+.IX Header "HISTORY"
+The \fB\-d\fR option was added in OpenSSL 0.9.7.
diff --git a/secure/usr.bin/openssl/man/x509.1 b/secure/usr.bin/openssl/man/x509.1
new file mode 100644
index 0000000..e3708b2
--- /dev/null
+++ b/secure/usr.bin/openssl/man/x509.1
@@ -0,0 +1,850 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "X509 1"
+.TH X509 1 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+x509 \- Certificate display and signing utility
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+\&\fBopenssl\fR \fBx509\fR
+[\fB\-inform DER|PEM|NET\fR]
+[\fB\-outform DER|PEM|NET\fR]
+[\fB\-keyform DER|PEM\fR]
+[\fB\-CAform DER|PEM\fR]
+[\fB\-CAkeyform DER|PEM\fR]
+[\fB\-in filename\fR]
+[\fB\-out filename\fR]
+[\fB\-serial\fR]
+[\fB\-hash\fR]
+[\fB\-subject_hash\fR]
+[\fB\-issuer_hash\fR]
+[\fB\-subject\fR]
+[\fB\-issuer\fR]
+[\fB\-nameopt option\fR]
+[\fB\-email\fR]
+[\fB\-startdate\fR]
+[\fB\-enddate\fR]
+[\fB\-purpose\fR]
+[\fB\-dates\fR]
+[\fB\-modulus\fR]
+[\fB\-fingerprint\fR]
+[\fB\-alias\fR]
+[\fB\-noout\fR]
+[\fB\-trustout\fR]
+[\fB\-clrtrust\fR]
+[\fB\-clrreject\fR]
+[\fB\-addtrust arg\fR]
+[\fB\-addreject arg\fR]
+[\fB\-setalias arg\fR]
+[\fB\-days arg\fR]
+[\fB\-set_serial n\fR]
+[\fB\-signkey filename\fR]
+[\fB\-x509toreq\fR]
+[\fB\-req\fR]
+[\fB\-CA filename\fR]
+[\fB\-CAkey filename\fR]
+[\fB\-CAcreateserial\fR]
+[\fB\-CAserial filename\fR]
+[\fB\-text\fR]
+[\fB\-C\fR]
+[\fB\-md2|\-md5|\-sha1|\-mdc2\fR]
+[\fB\-clrext\fR]
+[\fB\-extfile filename\fR]
+[\fB\-extensions section\fR]
+[\fB\-engine id\fR]
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+The \fBx509\fR command is a multi purpose certificate utility. It can be
+used to display certificate information, convert certificates to
+various forms, sign certificate requests like a \*(L"mini \s-1CA\s0\*(R" or edit
+certificate trust settings.
+.PP
+Since there are a large number of options they will split up into
+various sections.
+.SH "OPTIONS"
+.IX Header "OPTIONS"
+.SS "\s-1INPUT\s0, \s-1OUTPUT\s0 \s-1AND\s0 \s-1GENERAL\s0 \s-1PURPOSE\s0 \s-1OPTIONS\s0"
+.IX Subsection "INPUT, OUTPUT AND GENERAL PURPOSE OPTIONS"
+.IP "\fB\-inform DER|PEM|NET\fR" 4
+.IX Item "-inform DER|PEM|NET"
+This specifies the input format normally the command will expect an X509
+certificate but this can change if other options such as \fB\-req\fR are
+present. The \s-1DER\s0 format is the \s-1DER\s0 encoding of the certificate and \s-1PEM\s0
+is the base64 encoding of the \s-1DER\s0 encoding with header and footer lines
+added. The \s-1NET\s0 option is an obscure Netscape server format that is now
+obsolete.
+.IP "\fB\-outform DER|PEM|NET\fR" 4
+.IX Item "-outform DER|PEM|NET"
+This specifies the output format, the options have the same meaning as the
+\&\fB\-inform\fR option.
+.IP "\fB\-in filename\fR" 4
+.IX Item "-in filename"
+This specifies the input filename to read a certificate from or standard input
+if this option is not specified.
+.IP "\fB\-out filename\fR" 4
+.IX Item "-out filename"
+This specifies the output filename to write to or standard output by
+default.
+.IP "\fB\-md2|\-md5|\-sha1|\-mdc2\fR" 4
+.IX Item "-md2|-md5|-sha1|-mdc2"
+the digest to use. This affects any signing or display option that uses a message
+digest, such as the \fB\-fingerprint\fR, \fB\-signkey\fR and \fB\-CA\fR options. If not
+specified then \s-1SHA1\s0 is used. If the key being used to sign with is a \s-1DSA\s0 key
+then this option has no effect: \s-1SHA1\s0 is always used with \s-1DSA\s0 keys.
+.IP "\fB\-engine id\fR" 4
+.IX Item "-engine id"
+specifying an engine (by it's unique \fBid\fR string) will cause \fBreq\fR
+to attempt to obtain a functional reference to the specified engine,
+thus initialising it if needed. The engine will then be set as the default
+for all available algorithms.
+.SS "\s-1DISPLAY\s0 \s-1OPTIONS\s0"
+.IX Subsection "DISPLAY OPTIONS"
+Note: the \fB\-alias\fR and \fB\-purpose\fR options are also display options
+but are described in the \fB\s-1TRUST\s0 \s-1SETTINGS\s0\fR section.
+.IP "\fB\-text\fR" 4
+.IX Item "-text"
+prints out the certificate in text form. Full details are output including the
+public key, signature algorithms, issuer and subject names, serial number
+any extensions present and any trust settings.
+.IP "\fB\-certopt option\fR" 4
+.IX Item "-certopt option"
+customise the output format used with \fB\-text\fR. The \fBoption\fR argument can be
+a single option or multiple options separated by commas. The \fB\-certopt\fR switch
+may be also be used more than once to set multiple options. See the \fB\s-1TEXT\s0 \s-1OPTIONS\s0\fR
+section for more information.
+.IP "\fB\-noout\fR" 4
+.IX Item "-noout"
+this option prevents output of the encoded version of the request.
+.IP "\fB\-modulus\fR" 4
+.IX Item "-modulus"
+this option prints out the value of the modulus of the public key
+contained in the certificate.
+.IP "\fB\-serial\fR" 4
+.IX Item "-serial"
+outputs the certificate serial number.
+.IP "\fB\-subject_hash\fR" 4
+.IX Item "-subject_hash"
+outputs the \*(L"hash\*(R" of the certificate subject name. This is used in OpenSSL to
+form an index to allow certificates in a directory to be looked up by subject
+name.
+.IP "\fB\-issuer_hash\fR" 4
+.IX Item "-issuer_hash"
+outputs the \*(L"hash\*(R" of the certificate issuer name.
+.IP "\fB\-hash\fR" 4
+.IX Item "-hash"
+synonym for \*(L"\-subject_hash\*(R" for backward compatibility reasons.
+.IP "\fB\-subject\fR" 4
+.IX Item "-subject"
+outputs the subject name.
+.IP "\fB\-issuer\fR" 4
+.IX Item "-issuer"
+outputs the issuer name.
+.IP "\fB\-nameopt option\fR" 4
+.IX Item "-nameopt option"
+option which determines how the subject or issuer names are displayed. The
+\&\fBoption\fR argument can be a single option or multiple options separated by
+commas. Alternatively the \fB\-nameopt\fR switch may be used more than once to
+set multiple options. See the \fB\s-1NAME\s0 \s-1OPTIONS\s0\fR section for more information.
+.IP "\fB\-email\fR" 4
+.IX Item "-email"
+outputs the email address(es) if any.
+.IP "\fB\-startdate\fR" 4
+.IX Item "-startdate"
+prints out the start date of the certificate, that is the notBefore date.
+.IP "\fB\-enddate\fR" 4
+.IX Item "-enddate"
+prints out the expiry date of the certificate, that is the notAfter date.
+.IP "\fB\-dates\fR" 4
+.IX Item "-dates"
+prints out the start and expiry dates of a certificate.
+.IP "\fB\-fingerprint\fR" 4
+.IX Item "-fingerprint"
+prints out the digest of the \s-1DER\s0 encoded version of the whole certificate
+(see digest options).
+.IP "\fB\-C\fR" 4
+.IX Item "-C"
+this outputs the certificate in the form of a C source file.
+.SS "\s-1TRUST\s0 \s-1SETTINGS\s0"
+.IX Subsection "TRUST SETTINGS"
+Please note these options are currently experimental and may well change.
+.PP
+A \fBtrusted certificate\fR is an ordinary certificate which has several
+additional pieces of information attached to it such as the permitted
+and prohibited uses of the certificate and an \*(L"alias\*(R".
+.PP
+Normally when a certificate is being verified at least one certificate
+must be \*(L"trusted\*(R". By default a trusted certificate must be stored
+locally and must be a root \s-1CA:\s0 any certificate chain ending in this \s-1CA\s0
+is then usable for any purpose.
+.PP
+Trust settings currently are only used with a root \s-1CA\s0. They allow a finer
+control over the purposes the root \s-1CA\s0 can be used for. For example a \s-1CA\s0
+may be trusted for \s-1SSL\s0 client but not \s-1SSL\s0 server use.
+.PP
+See the description of the \fBverify\fR utility for more information on the
+meaning of trust settings.
+.PP
+Future versions of OpenSSL will recognize trust settings on any
+certificate: not just root CAs.
+.IP "\fB\-trustout\fR" 4
+.IX Item "-trustout"
+this causes \fBx509\fR to output a \fBtrusted\fR certificate. An ordinary
+or trusted certificate can be input but by default an ordinary
+certificate is output and any trust settings are discarded. With the
+\&\fB\-trustout\fR option a trusted certificate is output. A trusted
+certificate is automatically output if any trust settings are modified.
+.IP "\fB\-setalias arg\fR" 4
+.IX Item "-setalias arg"
+sets the alias of the certificate. This will allow the certificate
+to be referred to using a nickname for example \*(L"Steve's Certificate\*(R".
+.IP "\fB\-alias\fR" 4
+.IX Item "-alias"
+outputs the certificate alias, if any.
+.IP "\fB\-clrtrust\fR" 4
+.IX Item "-clrtrust"
+clears all the permitted or trusted uses of the certificate.
+.IP "\fB\-clrreject\fR" 4
+.IX Item "-clrreject"
+clears all the prohibited or rejected uses of the certificate.
+.IP "\fB\-addtrust arg\fR" 4
+.IX Item "-addtrust arg"
+adds a trusted certificate use. Any object name can be used here
+but currently only \fBclientAuth\fR (\s-1SSL\s0 client use), \fBserverAuth\fR
+(\s-1SSL\s0 server use) and \fBemailProtection\fR (S/MIME email) are used.
+Other OpenSSL applications may define additional uses.
+.IP "\fB\-addreject arg\fR" 4
+.IX Item "-addreject arg"
+adds a prohibited use. It accepts the same values as the \fB\-addtrust\fR
+option.
+.IP "\fB\-purpose\fR" 4
+.IX Item "-purpose"
+this option performs tests on the certificate extensions and outputs
+the results. For a more complete description see the \fB\s-1CERTIFICATE\s0
+\&\s-1EXTENSIONS\s0\fR section.
+.SS "\s-1SIGNING\s0 \s-1OPTIONS\s0"
+.IX Subsection "SIGNING OPTIONS"
+The \fBx509\fR utility can be used to sign certificates and requests: it
+can thus behave like a \*(L"mini \s-1CA\s0\*(R".
+.IP "\fB\-signkey filename\fR" 4
+.IX Item "-signkey filename"
+this option causes the input file to be self signed using the supplied
+private key.
+.Sp
+If the input file is a certificate it sets the issuer name to the
+subject name (i.e. makes it self signed) changes the public key to the
+supplied value and changes the start and end dates. The start date is
+set to the current time and the end date is set to a value determined
+by the \fB\-days\fR option. Any certificate extensions are retained unless
+the \fB\-clrext\fR option is supplied.
+.Sp
+If the input is a certificate request then a self signed certificate
+is created using the supplied private key using the subject name in
+the request.
+.IP "\fB\-clrext\fR" 4
+.IX Item "-clrext"
+delete any extensions from a certificate. This option is used when a
+certificate is being created from another certificate (for example with
+the \fB\-signkey\fR or the \fB\-CA\fR options). Normally all extensions are
+retained.
+.IP "\fB\-keyform PEM|DER\fR" 4
+.IX Item "-keyform PEM|DER"
+specifies the format (\s-1DER\s0 or \s-1PEM\s0) of the private key file used in the
+\&\fB\-signkey\fR option.
+.IP "\fB\-days arg\fR" 4
+.IX Item "-days arg"
+specifies the number of days to make a certificate valid for. The default
+is 30 days.
+.IP "\fB\-x509toreq\fR" 4
+.IX Item "-x509toreq"
+converts a certificate into a certificate request. The \fB\-signkey\fR option
+is used to pass the required private key.
+.IP "\fB\-req\fR" 4
+.IX Item "-req"
+by default a certificate is expected on input. With this option a
+certificate request is expected instead.
+.IP "\fB\-set_serial n\fR" 4
+.IX Item "-set_serial n"
+specifies the serial number to use. This option can be used with either
+the \fB\-signkey\fR or \fB\-CA\fR options. If used in conjunction with the \fB\-CA\fR
+option the serial number file (as specified by the \fB\-CAserial\fR or
+\&\fB\-CAcreateserial\fR options) is not used.
+.Sp
+The serial number can be decimal or hex (if preceded by \fB0x\fR). Negative
+serial numbers can also be specified but their use is not recommended.
+.IP "\fB\-CA filename\fR" 4
+.IX Item "-CA filename"
+specifies the \s-1CA\s0 certificate to be used for signing. When this option is
+present \fBx509\fR behaves like a \*(L"mini \s-1CA\s0\*(R". The input file is signed by this
+\&\s-1CA\s0 using this option: that is its issuer name is set to the subject name
+of the \s-1CA\s0 and it is digitally signed using the CAs private key.
+.Sp
+This option is normally combined with the \fB\-req\fR option. Without the
+\&\fB\-req\fR option the input is a certificate which must be self signed.
+.IP "\fB\-CAkey filename\fR" 4
+.IX Item "-CAkey filename"
+sets the \s-1CA\s0 private key to sign a certificate with. If this option is
+not specified then it is assumed that the \s-1CA\s0 private key is present in
+the \s-1CA\s0 certificate file.
+.IP "\fB\-CAserial filename\fR" 4
+.IX Item "-CAserial filename"
+sets the \s-1CA\s0 serial number file to use.
+.Sp
+When the \fB\-CA\fR option is used to sign a certificate it uses a serial
+number specified in a file. This file consist of one line containing
+an even number of hex digits with the serial number to use. After each
+use the serial number is incremented and written out to the file again.
+.Sp
+The default filename consists of the \s-1CA\s0 certificate file base name with
+\&\*(L".srl\*(R" appended. For example if the \s-1CA\s0 certificate file is called
+\&\*(L"mycacert.pem\*(R" it expects to find a serial number file called \*(L"mycacert.srl\*(R".
+.IP "\fB\-CAcreateserial\fR" 4
+.IX Item "-CAcreateserial"
+with this option the \s-1CA\s0 serial number file is created if it does not exist:
+it will contain the serial number \*(L"02\*(R" and the certificate being signed will
+have the 1 as its serial number. Normally if the \fB\-CA\fR option is specified
+and the serial number file does not exist it is an error.
+.IP "\fB\-extfile filename\fR" 4
+.IX Item "-extfile filename"
+file containing certificate extensions to use. If not specified then
+no extensions are added to the certificate.
+.IP "\fB\-extensions section\fR" 4
+.IX Item "-extensions section"
+the section to add certificate extensions from. If this option is not
+specified then the extensions should either be contained in the unnamed
+(default) section or the default section should contain a variable called
+\&\*(L"extensions\*(R" which contains the section to use.
+.SS "\s-1NAME\s0 \s-1OPTIONS\s0"
+.IX Subsection "NAME OPTIONS"
+The \fBnameopt\fR command line switch determines how the subject and issuer
+names are displayed. If no \fBnameopt\fR switch is present the default \*(L"oneline\*(R"
+format is used which is compatible with previous versions of OpenSSL.
+Each option is described in detail below, all options can be preceded by
+a \fB\-\fR to turn the option off. Only the first four will normally be used.
+.IP "\fBcompat\fR" 4
+.IX Item "compat"
+use the old format. This is equivalent to specifying no name options at all.
+.IP "\fB\s-1RFC2253\s0\fR" 4
+.IX Item "RFC2253"
+displays names compatible with \s-1RFC2253\s0 equivalent to \fBesc_2253\fR, \fBesc_ctrl\fR,
+\&\fBesc_msb\fR, \fButf8\fR, \fBdump_nostr\fR, \fBdump_unknown\fR, \fBdump_der\fR,
+\&\fBsep_comma_plus\fR, \fBdn_rev\fR and \fBsname\fR.
+.IP "\fBoneline\fR" 4
+.IX Item "oneline"
+a oneline format which is more readable than \s-1RFC2253\s0. It is equivalent to
+specifying the \fBesc_2253\fR, \fBesc_ctrl\fR, \fBesc_msb\fR, \fButf8\fR, \fBdump_nostr\fR,
+\&\fBdump_der\fR, \fBuse_quote\fR, \fBsep_comma_plus_space\fR, \fBspace_eq\fR and \fBsname\fR
+options.
+.IP "\fBmultiline\fR" 4
+.IX Item "multiline"
+a multiline format. It is equivalent \fBesc_ctrl\fR, \fBesc_msb\fR, \fBsep_multiline\fR,
+\&\fBspace_eq\fR, \fBlname\fR and \fBalign\fR.
+.IP "\fBesc_2253\fR" 4
+.IX Item "esc_2253"
+escape the \*(L"special\*(R" characters required by \s-1RFC2253\s0 in a field That is
+\&\fB,+"<>;\fR. Additionally \fB#\fR is escaped at the beginning of a string
+and a space character at the beginning or end of a string.
+.IP "\fBesc_ctrl\fR" 4
+.IX Item "esc_ctrl"
+escape control characters. That is those with \s-1ASCII\s0 values less than
+0x20 (space) and the delete (0x7f) character. They are escaped using the
+\&\s-1RFC2253\s0 \eXX notation (where \s-1XX\s0 are two hex digits representing the
+character value).
+.IP "\fBesc_msb\fR" 4
+.IX Item "esc_msb"
+escape characters with the \s-1MSB\s0 set, that is with \s-1ASCII\s0 values larger than
+127.
+.IP "\fBuse_quote\fR" 4
+.IX Item "use_quote"
+escapes some characters by surrounding the whole string with \fB"\fR characters,
+without the option all escaping is done with the \fB\e\fR character.
+.IP "\fButf8\fR" 4
+.IX Item "utf8"
+convert all strings to \s-1UTF8\s0 format first. This is required by \s-1RFC2253\s0. If
+you are lucky enough to have a \s-1UTF8\s0 compatible terminal then the use
+of this option (and \fBnot\fR setting \fBesc_msb\fR) may result in the correct
+display of multibyte (international) characters. Is this option is not
+present then multibyte characters larger than 0xff will be represented
+using the format \eUXXXX for 16 bits and \eWXXXXXXXX for 32 bits.
+Also if this option is off any UTF8Strings will be converted to their
+character form first.
+.IP "\fBno_type\fR" 4
+.IX Item "no_type"
+this option does not attempt to interpret multibyte characters in any
+way. That is their content octets are merely dumped as though one octet
+represents each character. This is useful for diagnostic purposes but
+will result in rather odd looking output.
+.IP "\fBshow_type\fR" 4
+.IX Item "show_type"
+show the type of the \s-1ASN1\s0 character string. The type precedes the
+field contents. For example \*(L"\s-1BMPSTRING:\s0 Hello World\*(R".
+.IP "\fBdump_der\fR" 4
+.IX Item "dump_der"
+when this option is set any fields that need to be hexdumped will
+be dumped using the \s-1DER\s0 encoding of the field. Otherwise just the
+content octets will be displayed. Both options use the \s-1RFC2253\s0
+\&\fB#XXXX...\fR format.
+.IP "\fBdump_nostr\fR" 4
+.IX Item "dump_nostr"
+dump non character string types (for example \s-1OCTET\s0 \s-1STRING\s0) if this
+option is not set then non character string types will be displayed
+as though each content octet represents a single character.
+.IP "\fBdump_all\fR" 4
+.IX Item "dump_all"
+dump all fields. This option when used with \fBdump_der\fR allows the
+\&\s-1DER\s0 encoding of the structure to be unambiguously determined.
+.IP "\fBdump_unknown\fR" 4
+.IX Item "dump_unknown"
+dump any field whose \s-1OID\s0 is not recognised by OpenSSL.
+.IP "\fBsep_comma_plus\fR, \fBsep_comma_plus_space\fR, \fBsep_semi_plus_space\fR, \fBsep_multiline\fR" 4
+.IX Item "sep_comma_plus, sep_comma_plus_space, sep_semi_plus_space, sep_multiline"
+these options determine the field separators. The first character is
+between RDNs and the second between multiple AVAs (multiple AVAs are
+very rare and their use is discouraged). The options ending in
+\&\*(L"space\*(R" additionally place a space after the separator to make it
+more readable. The \fBsep_multiline\fR uses a linefeed character for
+the \s-1RDN\s0 separator and a spaced \fB+\fR for the \s-1AVA\s0 separator. It also
+indents the fields by four characters.
+.IP "\fBdn_rev\fR" 4
+.IX Item "dn_rev"
+reverse the fields of the \s-1DN\s0. This is required by \s-1RFC2253\s0. As a side
+effect this also reverses the order of multiple AVAs but this is
+permissible.
+.IP "\fBnofname\fR, \fBsname\fR, \fBlname\fR, \fBoid\fR" 4
+.IX Item "nofname, sname, lname, oid"
+these options alter how the field name is displayed. \fBnofname\fR does
+not display the field at all. \fBsname\fR uses the \*(L"short name\*(R" form
+(\s-1CN\s0 for commonName for example). \fBlname\fR uses the long form.
+\&\fBoid\fR represents the \s-1OID\s0 in numerical form and is useful for
+diagnostic purpose.
+.IP "\fBalign\fR" 4
+.IX Item "align"
+align field values for a more readable output. Only usable with
+\&\fBsep_multiline\fR.
+.IP "\fBspace_eq\fR" 4
+.IX Item "space_eq"
+places spaces round the \fB=\fR character which follows the field
+name.
+.SS "\s-1TEXT\s0 \s-1OPTIONS\s0"
+.IX Subsection "TEXT OPTIONS"
+As well as customising the name output format, it is also possible to
+customise the actual fields printed using the \fBcertopt\fR options when
+the \fBtext\fR option is present. The default behaviour is to print all fields.
+.IP "\fBcompatible\fR" 4
+.IX Item "compatible"
+use the old format. This is equivalent to specifying no output options at all.
+.IP "\fBno_header\fR" 4
+.IX Item "no_header"
+don't print header information: that is the lines saying \*(L"Certificate\*(R" and \*(L"Data\*(R".
+.IP "\fBno_version\fR" 4
+.IX Item "no_version"
+don't print out the version number.
+.IP "\fBno_serial\fR" 4
+.IX Item "no_serial"
+don't print out the serial number.
+.IP "\fBno_signame\fR" 4
+.IX Item "no_signame"
+don't print out the signature algorithm used.
+.IP "\fBno_validity\fR" 4
+.IX Item "no_validity"
+don't print the validity, that is the \fBnotBefore\fR and \fBnotAfter\fR fields.
+.IP "\fBno_subject\fR" 4
+.IX Item "no_subject"
+don't print out the subject name.
+.IP "\fBno_issuer\fR" 4
+.IX Item "no_issuer"
+don't print out the issuer name.
+.IP "\fBno_pubkey\fR" 4
+.IX Item "no_pubkey"
+don't print out the public key.
+.IP "\fBno_sigdump\fR" 4
+.IX Item "no_sigdump"
+don't give a hexadecimal dump of the certificate signature.
+.IP "\fBno_aux\fR" 4
+.IX Item "no_aux"
+don't print out certificate trust information.
+.IP "\fBno_extensions\fR" 4
+.IX Item "no_extensions"
+don't print out any X509V3 extensions.
+.IP "\fBext_default\fR" 4
+.IX Item "ext_default"
+retain default extension behaviour: attempt to print out unsupported certificate extensions.
+.IP "\fBext_error\fR" 4
+.IX Item "ext_error"
+print an error message for unsupported certificate extensions.
+.IP "\fBext_parse\fR" 4
+.IX Item "ext_parse"
+\&\s-1ASN1\s0 parse unsupported extensions.
+.IP "\fBext_dump\fR" 4
+.IX Item "ext_dump"
+hex dump unsupported extensions.
+.IP "\fBca_default\fR" 4
+.IX Item "ca_default"
+the value used by the \fBca\fR utility, equivalent to \fBno_issuer\fR, \fBno_pubkey\fR, \fBno_header\fR,
+\&\fBno_version\fR, \fBno_sigdump\fR and \fBno_signame\fR.
+.SH "EXAMPLES"
+.IX Header "EXAMPLES"
+Note: in these examples the '\e' means the example should be all on one
+line.
+.PP
+Display the contents of a certificate:
+.PP
+.Vb 1
+\& openssl x509 \-in cert.pem \-noout \-text
+.Ve
+.PP
+Display the certificate serial number:
+.PP
+.Vb 1
+\& openssl x509 \-in cert.pem \-noout \-serial
+.Ve
+.PP
+Display the certificate subject name:
+.PP
+.Vb 1
+\& openssl x509 \-in cert.pem \-noout \-subject
+.Ve
+.PP
+Display the certificate subject name in \s-1RFC2253\s0 form:
+.PP
+.Vb 1
+\& openssl x509 \-in cert.pem \-noout \-subject \-nameopt RFC2253
+.Ve
+.PP
+Display the certificate subject name in oneline form on a terminal
+supporting \s-1UTF8:\s0
+.PP
+.Vb 1
+\& openssl x509 \-in cert.pem \-noout \-subject \-nameopt oneline,\-esc_msb
+.Ve
+.PP
+Display the certificate \s-1MD5\s0 fingerprint:
+.PP
+.Vb 1
+\& openssl x509 \-in cert.pem \-noout \-fingerprint
+.Ve
+.PP
+Display the certificate \s-1SHA1\s0 fingerprint:
+.PP
+.Vb 1
+\& openssl x509 \-sha1 \-in cert.pem \-noout \-fingerprint
+.Ve
+.PP
+Convert a certificate from \s-1PEM\s0 to \s-1DER\s0 format:
+.PP
+.Vb 1
+\& openssl x509 \-in cert.pem \-inform PEM \-out cert.der \-outform DER
+.Ve
+.PP
+Convert a certificate to a certificate request:
+.PP
+.Vb 1
+\& openssl x509 \-x509toreq \-in cert.pem \-out req.pem \-signkey key.pem
+.Ve
+.PP
+Convert a certificate request into a self signed certificate using
+extensions for a \s-1CA:\s0
+.PP
+.Vb 2
+\& openssl x509 \-req \-in careq.pem \-extfile openssl.cnf \-extensions v3_ca \e
+\& \-signkey key.pem \-out cacert.pem
+.Ve
+.PP
+Sign a certificate request using the \s-1CA\s0 certificate above and add user
+certificate extensions:
+.PP
+.Vb 2
+\& openssl x509 \-req \-in req.pem \-extfile openssl.cnf \-extensions v3_usr \e
+\& \-CA cacert.pem \-CAkey key.pem \-CAcreateserial
+.Ve
+.PP
+Set a certificate to be trusted for \s-1SSL\s0 client use and change set its alias to
+\&\*(L"Steve's Class 1 \s-1CA\s0\*(R"
+.PP
+.Vb 2
+\& openssl x509 \-in cert.pem \-addtrust clientAuth \e
+\& \-setalias "Steve\*(Aqs Class 1 CA" \-out trust.pem
+.Ve
+.SH "NOTES"
+.IX Header "NOTES"
+The \s-1PEM\s0 format uses the header and footer lines:
+.PP
+.Vb 2
+\& \-\-\-\-\-BEGIN CERTIFICATE\-\-\-\-\-
+\& \-\-\-\-\-END CERTIFICATE\-\-\-\-\-
+.Ve
+.PP
+it will also handle files containing:
+.PP
+.Vb 2
+\& \-\-\-\-\-BEGIN X509 CERTIFICATE\-\-\-\-\-
+\& \-\-\-\-\-END X509 CERTIFICATE\-\-\-\-\-
+.Ve
+.PP
+Trusted certificates have the lines
+.PP
+.Vb 2
+\& \-\-\-\-\-BEGIN TRUSTED CERTIFICATE\-\-\-\-\-
+\& \-\-\-\-\-END TRUSTED CERTIFICATE\-\-\-\-\-
+.Ve
+.PP
+The conversion to \s-1UTF8\s0 format used with the name options assumes that
+T61Strings use the \s-1ISO8859\-1\s0 character set. This is wrong but Netscape
+and \s-1MSIE\s0 do this as do many certificates. So although this is incorrect
+it is more likely to display the majority of certificates correctly.
+.PP
+The \fB\-fingerprint\fR option takes the digest of the \s-1DER\s0 encoded certificate.
+This is commonly called a \*(L"fingerprint\*(R". Because of the nature of message
+digests the fingerprint of a certificate is unique to that certificate and
+two certificates with the same fingerprint can be considered to be the same.
+.PP
+The Netscape fingerprint uses \s-1MD5\s0 whereas \s-1MSIE\s0 uses \s-1SHA1\s0.
+.PP
+The \fB\-email\fR option searches the subject name and the subject alternative
+name extension. Only unique email addresses will be printed out: it will
+not print the same address more than once.
+.SH "CERTIFICATE EXTENSIONS"
+.IX Header "CERTIFICATE EXTENSIONS"
+The \fB\-purpose\fR option checks the certificate extensions and determines
+what the certificate can be used for. The actual checks done are rather
+complex and include various hacks and workarounds to handle broken
+certificates and software.
+.PP
+The same code is used when verifying untrusted certificates in chains
+so this section is useful if a chain is rejected by the verify code.
+.PP
+The basicConstraints extension \s-1CA\s0 flag is used to determine whether the
+certificate can be used as a \s-1CA\s0. If the \s-1CA\s0 flag is true then it is a \s-1CA\s0,
+if the \s-1CA\s0 flag is false then it is not a \s-1CA\s0. \fBAll\fR CAs should have the
+\&\s-1CA\s0 flag set to true.
+.PP
+If the basicConstraints extension is absent then the certificate is
+considered to be a \*(L"possible \s-1CA\s0\*(R" other extensions are checked according
+to the intended use of the certificate. A warning is given in this case
+because the certificate should really not be regarded as a \s-1CA:\s0 however
+it is allowed to be a \s-1CA\s0 to work around some broken software.
+.PP
+If the certificate is a V1 certificate (and thus has no extensions) and
+it is self signed it is also assumed to be a \s-1CA\s0 but a warning is again
+given: this is to work around the problem of Verisign roots which are V1
+self signed certificates.
+.PP
+If the keyUsage extension is present then additional restraints are
+made on the uses of the certificate. A \s-1CA\s0 certificate \fBmust\fR have the
+keyCertSign bit set if the keyUsage extension is present.
+.PP
+The extended key usage extension places additional restrictions on the
+certificate uses. If this extension is present (whether critical or not)
+the key can only be used for the purposes specified.
+.PP
+A complete description of each test is given below. The comments about
+basicConstraints and keyUsage and V1 certificates above apply to \fBall\fR
+\&\s-1CA\s0 certificates.
+.IP "\fB\s-1SSL\s0 Client\fR" 4
+.IX Item "SSL Client"
+The extended key usage extension must be absent or include the \*(L"web client
+authentication\*(R" \s-1OID\s0. keyUsage must be absent or it must have the
+digitalSignature bit set. Netscape certificate type must be absent or it must
+have the \s-1SSL\s0 client bit set.
+.IP "\fB\s-1SSL\s0 Client \s-1CA\s0\fR" 4
+.IX Item "SSL Client CA"
+The extended key usage extension must be absent or include the \*(L"web client
+authentication\*(R" \s-1OID\s0. Netscape certificate type must be absent or it must have
+the \s-1SSL\s0 \s-1CA\s0 bit set: this is used as a work around if the basicConstraints
+extension is absent.
+.IP "\fB\s-1SSL\s0 Server\fR" 4
+.IX Item "SSL Server"
+The extended key usage extension must be absent or include the \*(L"web server
+authentication\*(R" and/or one of the \s-1SGC\s0 OIDs. keyUsage must be absent or it
+must have the digitalSignature, the keyEncipherment set or both bits set.
+Netscape certificate type must be absent or have the \s-1SSL\s0 server bit set.
+.IP "\fB\s-1SSL\s0 Server \s-1CA\s0\fR" 4
+.IX Item "SSL Server CA"
+The extended key usage extension must be absent or include the \*(L"web server
+authentication\*(R" and/or one of the \s-1SGC\s0 OIDs. Netscape certificate type must
+be absent or the \s-1SSL\s0 \s-1CA\s0 bit must be set: this is used as a work around if the
+basicConstraints extension is absent.
+.IP "\fBNetscape \s-1SSL\s0 Server\fR" 4
+.IX Item "Netscape SSL Server"
+For Netscape \s-1SSL\s0 clients to connect to an \s-1SSL\s0 server it must have the
+keyEncipherment bit set if the keyUsage extension is present. This isn't
+always valid because some cipher suites use the key for digital signing.
+Otherwise it is the same as a normal \s-1SSL\s0 server.
+.IP "\fBCommon S/MIME Client Tests\fR" 4
+.IX Item "Common S/MIME Client Tests"
+The extended key usage extension must be absent or include the \*(L"email
+protection\*(R" \s-1OID\s0. Netscape certificate type must be absent or should have the
+S/MIME bit set. If the S/MIME bit is not set in netscape certificate type
+then the \s-1SSL\s0 client bit is tolerated as an alternative but a warning is shown:
+this is because some Verisign certificates don't set the S/MIME bit.
+.IP "\fBS/MIME Signing\fR" 4
+.IX Item "S/MIME Signing"
+In addition to the common S/MIME client tests the digitalSignature bit must
+be set if the keyUsage extension is present.
+.IP "\fBS/MIME Encryption\fR" 4
+.IX Item "S/MIME Encryption"
+In addition to the common S/MIME tests the keyEncipherment bit must be set
+if the keyUsage extension is present.
+.IP "\fBS/MIME \s-1CA\s0\fR" 4
+.IX Item "S/MIME CA"
+The extended key usage extension must be absent or include the \*(L"email
+protection\*(R" \s-1OID\s0. Netscape certificate type must be absent or must have the
+S/MIME \s-1CA\s0 bit set: this is used as a work around if the basicConstraints
+extension is absent.
+.IP "\fB\s-1CRL\s0 Signing\fR" 4
+.IX Item "CRL Signing"
+The keyUsage extension must be absent or it must have the \s-1CRL\s0 signing bit
+set.
+.IP "\fB\s-1CRL\s0 Signing \s-1CA\s0\fR" 4
+.IX Item "CRL Signing CA"
+The normal \s-1CA\s0 tests apply. Except in this case the basicConstraints extension
+must be present.
+.SH "BUGS"
+.IX Header "BUGS"
+Extensions in certificates are not transferred to certificate requests and
+vice versa.
+.PP
+It is possible to produce invalid certificates or requests by specifying the
+wrong private key or using inconsistent options in some cases: these should
+be checked.
+.PP
+There should be options to explicitly set such things as start and end
+dates rather than an offset from the current time.
+.PP
+The code to implement the verify behaviour described in the \fB\s-1TRUST\s0 \s-1SETTINGS\s0\fR
+is currently being developed. It thus describes the intended behaviour rather
+than the current behaviour. It is hoped that it will represent reality in
+OpenSSL 0.9.5 and later.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIreq\fR\|(1), \fIca\fR\|(1), \fIgenrsa\fR\|(1),
+\&\fIgendsa\fR\|(1), \fIverify\fR\|(1)
+.SH "HISTORY"
+.IX Header "HISTORY"
+Before OpenSSL 0.9.8, the default digest for \s-1RSA\s0 keys was \s-1MD5\s0.
diff --git a/secure/usr.bin/openssl/man/x509v3_config.1 b/secure/usr.bin/openssl/man/x509v3_config.1
new file mode 100644
index 0000000..e9935c1
--- /dev/null
+++ b/secure/usr.bin/openssl/man/x509v3_config.1
@@ -0,0 +1,601 @@
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "X509V3_CONFIG 1"
+.TH X509V3_CONFIG 1 "2010-12-02" "0.9.8q" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+x509v3_config \- X509 V3 certificate extension configuration format
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+Several of the OpenSSL utilities can add extensions to a certificate or
+certificate request based on the contents of a configuration file.
+.PP
+Typically the application will contain an option to point to an extension
+section. Each line of the extension section takes the form:
+.PP
+.Vb 1
+\& extension_name=[critical,] extension_options
+.Ve
+.PP
+If \fBcritical\fR is present then the extension will be critical.
+.PP
+The format of \fBextension_options\fR depends on the value of \fBextension_name\fR.
+.PP
+There are four main types of extension: \fIstring\fR extensions, \fImulti-valued\fR
+extensions, \fIraw\fR and \fIarbitrary\fR extensions.
+.PP
+String extensions simply have a string which contains either the value itself
+or how it is obtained.
+.PP
+For example:
+.PP
+.Vb 1
+\& nsComment="This is a Comment"
+.Ve
+.PP
+Multi-valued extensions have a short form and a long form. The short form
+is a list of names and values:
+.PP
+.Vb 1
+\& basicConstraints=critical,CA:true,pathlen:1
+.Ve
+.PP
+The long form allows the values to be placed in a separate section:
+.PP
+.Vb 1
+\& basicConstraints=critical,@bs_section
+\&
+\& [bs_section]
+\&
+\& CA=true
+\& pathlen=1
+.Ve
+.PP
+Both forms are equivalent.
+.PP
+The syntax of raw extensions is governed by the extension code: it can
+for example contain data in multiple sections. The correct syntax to
+use is defined by the extension code itself: check out the certificate
+policies extension for an example.
+.PP
+If an extension type is unsupported then the \fIarbitrary\fR extension syntax
+must be used, see the \s-1ARBITRART\s0 \s-1EXTENSIONS\s0 section for more details.
+.SH "STANDARD EXTENSIONS"
+.IX Header "STANDARD EXTENSIONS"
+The following sections describe each supported extension in detail.
+.SS "Basic Constraints."
+.IX Subsection "Basic Constraints."
+This is a multi valued extension which indicates whether a certificate is
+a \s-1CA\s0 certificate. The first (mandatory) name is \fB\s-1CA\s0\fR followed by \fB\s-1TRUE\s0\fR or
+\&\fB\s-1FALSE\s0\fR. If \fB\s-1CA\s0\fR is \fB\s-1TRUE\s0\fR then an optional \fBpathlen\fR name followed by an
+non-negative value can be included.
+.PP
+For example:
+.PP
+.Vb 1
+\& basicConstraints=CA:TRUE
+\&
+\& basicConstraints=CA:FALSE
+\&
+\& basicConstraints=critical,CA:TRUE, pathlen:0
+.Ve
+.PP
+A \s-1CA\s0 certificate \fBmust\fR include the basicConstraints value with the \s-1CA\s0 field
+set to \s-1TRUE\s0. An end user certificate must either set \s-1CA\s0 to \s-1FALSE\s0 or exclude the
+extension entirely. Some software may require the inclusion of basicConstraints
+with \s-1CA\s0 set to \s-1FALSE\s0 for end entity certificates.
+.PP
+The pathlen parameter indicates the maximum number of CAs that can appear
+below this one in a chain. So if you have a \s-1CA\s0 with a pathlen of zero it can
+only be used to sign end user certificates and not further CAs.
+.SS "Key Usage."
+.IX Subsection "Key Usage."
+Key usage is a multi valued extension consisting of a list of names of the
+permitted key usages.
+.PP
+The supporte names are: digitalSignature, nonRepudiation, keyEncipherment,
+dataEncipherment, keyAgreement, keyCertSign, cRLSign, encipherOnly
+and decipherOnly.
+.PP
+Examples:
+.PP
+.Vb 1
+\& keyUsage=digitalSignature, nonRepudiation
+\&
+\& keyUsage=critical, keyCertSign
+.Ve
+.SS "Extended Key Usage."
+.IX Subsection "Extended Key Usage."
+This extensions consists of a list of usages indicating purposes for which
+the certificate public key can be used for,
+.PP
+These can either be object short names of the dotted numerical form of OIDs.
+While any \s-1OID\s0 can be used only certain values make sense. In particular the
+following \s-1PKIX\s0, \s-1NS\s0 and \s-1MS\s0 values are meaningful:
+.PP
+.Vb 10
+\& Value Meaning
+\& \-\-\-\-\- \-\-\-\-\-\-\-
+\& serverAuth SSL/TLS Web Server Authentication.
+\& clientAuth SSL/TLS Web Client Authentication.
+\& codeSigning Code signing.
+\& emailProtection E\-mail Protection (S/MIME).
+\& timeStamping Trusted Timestamping
+\& msCodeInd Microsoft Individual Code Signing (authenticode)
+\& msCodeCom Microsoft Commercial Code Signing (authenticode)
+\& msCTLSign Microsoft Trust List Signing
+\& msSGC Microsoft Server Gated Crypto
+\& msEFS Microsoft Encrypted File System
+\& nsSGC Netscape Server Gated Crypto
+.Ve
+.PP
+Examples:
+.PP
+.Vb 2
+\& extendedKeyUsage=critical,codeSigning,1.2.3.4
+\& extendedKeyUsage=nsSGC,msSGC
+.Ve
+.SS "Subject Key Identifier."
+.IX Subsection "Subject Key Identifier."
+This is really a string extension and can take two possible values. Either
+the word \fBhash\fR which will automatically follow the guidelines in \s-1RFC3280\s0
+or a hex string giving the extension value to include. The use of the hex
+string is strongly discouraged.
+.PP
+Example:
+.PP
+.Vb 1
+\& subjectKeyIdentifier=hash
+.Ve
+.SS "Authority Key Identifier."
+.IX Subsection "Authority Key Identifier."
+The authority key identifier extension permits two options. keyid and issuer:
+both can take the optional value \*(L"always\*(R".
+.PP
+If the keyid option is present an attempt is made to copy the subject key
+identifier from the parent certificate. If the value \*(L"always\*(R" is present
+then an error is returned if the option fails.
+.PP
+The issuer option copies the issuer and serial number from the issuer
+certificate. This will only be done if the keyid option fails or
+is not included unless the \*(L"always\*(R" flag will always include the value.
+.PP
+Example:
+.PP
+.Vb 1
+\& authorityKeyIdentifier=keyid,issuer
+.Ve
+.SS "Subject Alternative Name."
+.IX Subsection "Subject Alternative Name."
+The subject alternative name extension allows various literal values to be
+included in the configuration file. These include \fBemail\fR (an email address)
+\&\fB\s-1URI\s0\fR a uniform resource indicator, \fB\s-1DNS\s0\fR (a \s-1DNS\s0 domain name), \fB\s-1RID\s0\fR (a
+registered \s-1ID:\s0 \s-1OBJECT\s0 \s-1IDENTIFIER\s0), \fB\s-1IP\s0\fR (an \s-1IP\s0 address), \fBdirName\fR
+(a distinguished name) and otherName.
+.PP
+The email option include a special 'copy' value. This will automatically
+include and email addresses contained in the certificate subject name in
+the extension.
+.PP
+The \s-1IP\s0 address used in the \fB\s-1IP\s0\fR options can be in either IPv4 or IPv6 format.
+.PP
+The value of \fBdirName\fR should point to a section containing the distinguished
+name to use as a set of name value pairs. Multi values AVAs can be formed by
+preceeding the name with a \fB+\fR character.
+.PP
+otherName can include arbitrary data associated with an \s-1OID:\s0 the value
+should be the \s-1OID\s0 followed by a semicolon and the content in standard
+\&\fIASN1_generate_nconf()\fR format.
+.PP
+Examples:
+.PP
+.Vb 5
+\& subjectAltName=email:copy,email:my@other.address,URI:http://my.url.here/
+\& subjectAltName=IP:192.168.7.1
+\& subjectAltName=IP:13::17
+\& subjectAltName=email:my@other.address,RID:1.2.3.4
+\& subjectAltName=otherName:1.2.3.4;UTF8:some other identifier
+\&
+\& subjectAltName=dirName:dir_sect
+\&
+\& [dir_sect]
+\& C=UK
+\& O=My Organization
+\& OU=My Unit
+\& CN=My Name
+.Ve
+.SS "Issuer Alternative Name."
+.IX Subsection "Issuer Alternative Name."
+The issuer alternative name option supports all the literal options of
+subject alternative name. It does \fBnot\fR support the email:copy option because
+that would not make sense. It does support an additional issuer:copy option
+that will copy all the subject alternative name values from the issuer
+certificate (if possible).
+.PP
+Example:
+.PP
+.Vb 1
+\& issuserAltName = issuer:copy
+.Ve
+.SS "Authority Info Access."
+.IX Subsection "Authority Info Access."
+The authority information access extension gives details about how to access
+certain information relating to the \s-1CA\s0. Its syntax is accessOID;location
+where \fIlocation\fR has the same syntax as subject alternative name (except
+that email:copy is not supported). accessOID can be any valid \s-1OID\s0 but only
+certain values are meaningful, for example \s-1OCSP\s0 and caIssuers.
+.PP
+Example:
+.PP
+.Vb 2
+\& authorityInfoAccess = OCSP;URI:http://ocsp.my.host/
+\& authorityInfoAccess = caIssuers;URI:http://my.ca/ca.html
+.Ve
+.SS "\s-1CRL\s0 distribution points."
+.IX Subsection "CRL distribution points."
+This is a multi-valued extension that supports all the literal options of
+subject alternative name. Of the few software packages that currently interpret
+this extension most only interpret the \s-1URI\s0 option.
+.PP
+Currently each option will set a new DistributionPoint with the fullName
+field set to the given value.
+.PP
+Other fields like cRLissuer and reasons cannot currently be set or displayed:
+at this time no examples were available that used these fields.
+.PP
+Examples:
+.PP
+.Vb 2
+\& crlDistributionPoints=URI:http://myhost.com/myca.crl
+\& crlDistributionPoints=URI:http://my.com/my.crl,URI:http://oth.com/my.crl
+.Ve
+.SS "Certificate Policies."
+.IX Subsection "Certificate Policies."
+This is a \fIraw\fR extension. All the fields of this extension can be set by
+using the appropriate syntax.
+.PP
+If you follow the \s-1PKIX\s0 recommendations and just using one \s-1OID\s0 then you just
+include the value of that \s-1OID\s0. Multiple OIDs can be set separated by commas,
+for example:
+.PP
+.Vb 1
+\& certificatePolicies= 1.2.4.5, 1.1.3.4
+.Ve
+.PP
+If you wish to include qualifiers then the policy \s-1OID\s0 and qualifiers need to
+be specified in a separate section: this is done by using the \f(CW@section\fR syntax
+instead of a literal \s-1OID\s0 value.
+.PP
+The section referred to must include the policy \s-1OID\s0 using the name
+policyIdentifier, cPSuri qualifiers can be included using the syntax:
+.PP
+.Vb 1
+\& CPS.nnn=value
+.Ve
+.PP
+userNotice qualifiers can be set using the syntax:
+.PP
+.Vb 1
+\& userNotice.nnn=@notice
+.Ve
+.PP
+The value of the userNotice qualifier is specified in the relevant section.
+This section can include explicitText, organization and noticeNumbers
+options. explicitText and organization are text strings, noticeNumbers is a
+comma separated list of numbers. The organization and noticeNumbers options
+(if included) must \s-1BOTH\s0 be present. If you use the userNotice option with \s-1IE5\s0
+then you need the 'ia5org' option at the top level to modify the encoding:
+otherwise it will not be interpreted properly.
+.PP
+Example:
+.PP
+.Vb 1
+\& certificatePolicies=ia5org,1.2.3.4,1.5.6.7.8,@polsect
+\&
+\& [polsect]
+\&
+\& policyIdentifier = 1.3.5.8
+\& CPS.1="http://my.host.name/"
+\& CPS.2="http://my.your.name/"
+\& userNotice.1=@notice
+\&
+\& [notice]
+\&
+\& explicitText="Explicit Text Here"
+\& organization="Organisation Name"
+\& noticeNumbers=1,2,3,4
+.Ve
+.PP
+The \fBia5org\fR option changes the type of the \fIorganization\fR field. In \s-1RFC2459\s0
+it can only be of type DisplayText. In \s-1RFC3280\s0 IA5Strring is also permissible.
+Some software (for example some versions of \s-1MSIE\s0) may require ia5org.
+.SS "Policy Constraints"
+.IX Subsection "Policy Constraints"
+This is a multi-valued extension which consisting of the names
+\&\fBrequireExplicitPolicy\fR or \fBinhibitPolicyMapping\fR and a non negative intger
+value. At least one component must be present.
+.PP
+Example:
+.PP
+.Vb 1
+\& policyConstraints = requireExplicitPolicy:3
+.Ve
+.SS "Inhibit Any Policy"
+.IX Subsection "Inhibit Any Policy"
+This is a string extension whose value must be a non negative integer.
+.PP
+Example:
+.PP
+.Vb 1
+\& inhibitAnyPolicy = 2
+.Ve
+.SS "Name Constraints"
+.IX Subsection "Name Constraints"
+The name constraints extension is a multi-valued extension. The name should
+begin with the word \fBpermitted\fR or \fBexcluded\fR followed by a \fB;\fR. The rest of
+the name and the value follows the syntax of subjectAltName except email:copy
+is not supported and the \fB\s-1IP\s0\fR form should consist of an \s-1IP\s0 addresses and
+subnet mask separated by a \fB/\fR.
+.PP
+Examples:
+.PP
+.Vb 1
+\& nameConstraints=permitted;IP:192.168.0.0/255.255.0.0
+\&
+\& nameConstraints=permitted;email:.somedomain.com
+\&
+\& nameConstraints=excluded;email:.com
+.Ve
+.SH "DEPRECATED EXTENSIONS"
+.IX Header "DEPRECATED EXTENSIONS"
+The following extensions are non standard, Netscape specific and largely
+obsolete. Their use in new applications is discouraged.
+.SS "Netscape String extensions."
+.IX Subsection "Netscape String extensions."
+Netscape Comment (\fBnsComment\fR) is a string extension containing a comment
+which will be displayed when the certificate is viewed in some browsers.
+.PP
+Example:
+.PP
+.Vb 1
+\& nsComment = "Some Random Comment"
+.Ve
+.PP
+Other supported extensions in this category are: \fBnsBaseUrl\fR,
+\&\fBnsRevocationUrl\fR, \fBnsCaRevocationUrl\fR, \fBnsRenewalUrl\fR, \fBnsCaPolicyUrl\fR
+and \fBnsSslServerName\fR.
+.SS "Netscape Certificate Type"
+.IX Subsection "Netscape Certificate Type"
+This is a multi-valued extensions which consists of a list of flags to be
+included. It was used to indicate the purposes for which a certificate could
+be used. The basicConstraints, keyUsage and extended key usage extensions are
+now used instead.
+.PP
+Acceptable values for nsCertType are: \fBclient\fR, \fBserver\fR, \fBemail\fR,
+\&\fBobjsign\fR, \fBreserved\fR, \fBsslCA\fR, \fBemailCA\fR, \fBobjCA\fR.
+.SH "ARBITRARY EXTENSIONS"
+.IX Header "ARBITRARY EXTENSIONS"
+If an extension is not supported by the OpenSSL code then it must be encoded
+using the arbitrary extension format. It is also possible to use the arbitrary
+format for supported extensions. Extreme care should be taken to ensure that
+the data is formatted correctly for the given extension type.
+.PP
+There are two ways to encode arbitrary extensions.
+.PP
+The first way is to use the word \s-1ASN1\s0 followed by the extension content
+using the same syntax as \fIASN1_generate_nconf()\fR. For example:
+.PP
+.Vb 1
+\& 1.2.3.4=critical,ASN1:UTF8String:Some random data
+\&
+\& 1.2.3.4=ASN1:SEQUENCE:seq_sect
+\&
+\& [seq_sect]
+\&
+\& field1 = UTF8:field1
+\& field2 = UTF8:field2
+.Ve
+.PP
+It is also possible to use the word \s-1DER\s0 to include the raw encoded data in any
+extension.
+.PP
+.Vb 2
+\& 1.2.3.4=critical,DER:01:02:03:04
+\& 1.2.3.4=DER:01020304
+.Ve
+.PP
+The value following \s-1DER\s0 is a hex dump of the \s-1DER\s0 encoding of the extension
+Any extension can be placed in this form to override the default behaviour.
+For example:
+.PP
+.Vb 1
+\& basicConstraints=critical,DER:00:01:02:03
+.Ve
+.SH "WARNING"
+.IX Header "WARNING"
+There is no guarantee that a specific implementation will process a given
+extension. It may therefore be sometimes possible to use certificates for
+purposes prohibited by their extensions because a specific application does
+not recognize or honour the values of the relevant extensions.
+.PP
+The \s-1DER\s0 and \s-1ASN1\s0 options should be used with caution. It is possible to create
+totally invalid extensions if they are not used carefully.
+.SH "NOTES"
+.IX Header "NOTES"
+If an extension is multi-value and a field value must contain a comma the long
+form must be used otherwise the comma would be misinterpreted as a field
+separator. For example:
+.PP
+.Vb 1
+\& subjectAltName=URI:ldap://somehost.com/CN=foo,OU=bar
+.Ve
+.PP
+will produce an error but the equivalent form:
+.PP
+.Vb 1
+\& subjectAltName=@subject_alt_section
+\&
+\& [subject_alt_section]
+\& subjectAltName=URI:ldap://somehost.com/CN=foo,OU=bar
+.Ve
+.PP
+is valid.
+.PP
+Due to the behaviour of the OpenSSL \fBconf\fR library the same field name
+can only occur once in a section. This means that:
+.PP
+.Vb 1
+\& subjectAltName=@alt_section
+\&
+\& [alt_section]
+\&
+\& email=steve@here
+\& email=steve@there
+.Ve
+.PP
+will only recognize the last value. This can be worked around by using the form:
+.PP
+.Vb 1
+\& [alt_section]
+\&
+\& email.1=steve@here
+\& email.2=steve@there
+.Ve
+.SH "HISTORY"
+.IX Header "HISTORY"
+The X509v3 extension code was first added to OpenSSL 0.9.2.
+.PP
+Policy mappings, inhibit any policy and name constraints support was added in
+OpenSSL 0.9.8
+.PP
+The \fBdirectoryName\fR and \fBotherName\fR option as well as the \fB\s-1ASN1\s0\fR option
+for arbitrary extensions was added in OpenSSL 0.9.8
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIreq\fR\|(1), \fIca\fR\|(1), \fIx509\fR\|(1)
diff --git a/secure/usr.bin/scp/Makefile b/secure/usr.bin/scp/Makefile
new file mode 100644
index 0000000..8a558c7
--- /dev/null
+++ b/secure/usr.bin/scp/Makefile
@@ -0,0 +1,17 @@
+# $FreeBSD$
+
+PROG= scp
+SRCS= scp.c
+CFLAGS+=-I${SSHDIR} -include ssh_namespace.h
+
+# required when linking with a dynamic libssh
+SRCS+= roaming_dummy.c
+
+DPADD= ${LIBSSH} ${LIBCRYPT} ${LIBCRYPTO} ${LIBZ}
+LDADD= -lssh -lcrypt -lcrypto -lz
+
+.include <bsd.prog.mk>
+
+.PATH: ${SSHDIR}
+
+${OBJS} ${POBJS} ${SOBJS}: ssh_namespace.h
diff --git a/secure/usr.bin/sftp/Makefile b/secure/usr.bin/sftp/Makefile
new file mode 100644
index 0000000..dce0104
--- /dev/null
+++ b/secure/usr.bin/sftp/Makefile
@@ -0,0 +1,17 @@
+# $FreeBSD$
+
+PROG= sftp
+SRCS= sftp.c sftp-client.c sftp-common.c sftp-glob.c progressmeter.c
+CFLAGS+=-I${SSHDIR} -include ssh_namespace.h
+
+# required when linking with a dynamic libssh
+SRCS+= roaming_dummy.c
+
+DPADD= ${LIBSSH} ${LIBCRYPT} ${LIBCRYPTO} ${LIBZ} ${LIBEDIT} ${LIBNCURSES}
+LDADD= -lssh -lcrypt -lcrypto -lz -ledit -lncurses
+
+.include <bsd.prog.mk>
+
+.PATH: ${SSHDIR}
+
+${OBJS} ${POBJS} ${SOBJS}: ssh_namespace.h
diff --git a/secure/usr.bin/ssh-add/Makefile b/secure/usr.bin/ssh-add/Makefile
new file mode 100644
index 0000000..0cbcbcb
--- /dev/null
+++ b/secure/usr.bin/ssh-add/Makefile
@@ -0,0 +1,17 @@
+# $FreeBSD$
+
+PROG= ssh-add
+SRCS+= ssh-add.c
+CFLAGS+=-I${SSHDIR} -include ssh_namespace.h
+
+# required when linking with a dynamic libssh
+SRCS+= roaming_dummy.c
+
+DPADD= ${LIBSSH} ${LIBCRYPT} ${LIBCRYPTO} ${LIBZ}
+LDADD= -lssh -lcrypt -lcrypto -lz
+
+.include <bsd.prog.mk>
+
+.PATH: ${SSHDIR}
+
+${OBJS} ${POBJS} ${SOBJS}: ssh_namespace.h
diff --git a/secure/usr.bin/ssh-agent/Makefile b/secure/usr.bin/ssh-agent/Makefile
new file mode 100644
index 0000000..a93a1c6
--- /dev/null
+++ b/secure/usr.bin/ssh-agent/Makefile
@@ -0,0 +1,17 @@
+# $FreeBSD$
+
+PROG= ssh-agent
+SRCS= ssh-agent.c
+CFLAGS+=-I${SSHDIR} -include ssh_namespace.h
+
+# required when linking with a dynamic libssh
+SRCS+= roaming_dummy.c
+
+DPADD= ${LIBSSH} ${LIBCRYPT} ${LIBCRYPTO} ${LIBZ}
+LDADD= -lssh -lcrypt -lcrypto -lz
+
+.include <bsd.prog.mk>
+
+.PATH: ${SSHDIR}
+
+${OBJS} ${POBJS} ${SOBJS}: ssh_namespace.h
diff --git a/secure/usr.bin/ssh-keygen/Makefile b/secure/usr.bin/ssh-keygen/Makefile
new file mode 100644
index 0000000..0c25033
--- /dev/null
+++ b/secure/usr.bin/ssh-keygen/Makefile
@@ -0,0 +1,17 @@
+# $FreeBSD$
+
+PROG= ssh-keygen
+SRCS= ssh-keygen.c
+CFLAGS+=-I${SSHDIR} -include ssh_namespace.h
+
+# required when linking with a dynamic libssh
+SRCS+= roaming_dummy.c
+
+DPADD= ${LIBSSH} ${LIBCRYPT} ${LIBCRYPTO} ${LIBZ}
+LDADD= -lssh -lcrypt -lcrypto -lz
+
+.include <bsd.prog.mk>
+
+.PATH: ${SSHDIR}
+
+${OBJS} ${POBJS} ${SOBJS}: ssh_namespace.h
diff --git a/secure/usr.bin/ssh-keyscan/Makefile b/secure/usr.bin/ssh-keyscan/Makefile
new file mode 100644
index 0000000..8d3f6c6
--- /dev/null
+++ b/secure/usr.bin/ssh-keyscan/Makefile
@@ -0,0 +1,14 @@
+# $FreeBSD$
+
+PROG= ssh-keyscan
+SRCS= ssh-keyscan.c roaming_dummy.c
+CFLAGS+=-I${SSHDIR} -include ssh_namespace.h
+
+DPADD= ${LIBSSH} ${LIBCRYPT} ${LIBCRYPTO} ${LIBZ}
+LDADD= -lssh -lcrypt -lcrypto -lz
+
+.include <bsd.prog.mk>
+
+.PATH: ${SSHDIR}
+
+${OBJS} ${POBJS} ${SOBJS}: ssh_namespace.h
diff --git a/secure/usr.bin/ssh/Makefile b/secure/usr.bin/ssh/Makefile
new file mode 100644
index 0000000..f85784e
--- /dev/null
+++ b/secure/usr.bin/ssh/Makefile
@@ -0,0 +1,48 @@
+# $FreeBSD$
+#
+
+.include <bsd.own.mk>
+
+PROG= ssh
+CFLAGS+=-I${SSHDIR} -include ssh_namespace.h
+LINKS= ${BINDIR}/ssh ${BINDIR}/slogin
+MAN= ssh.1 ssh_config.5
+MLINKS= ssh.1 slogin.1
+
+SRCS= ssh.c readconf.c clientloop.c sshtty.c \
+ sshconnect.c sshconnect1.c sshconnect2.c mux.c \
+ roaming_common.c roaming_client.c
+
+# gss-genr.c really belongs in libssh; see src/secure/lib/libssh/Makefile
+SRCS+= gss-genr.c
+
+DPADD= ${LIBSSH} ${LIBUTIL} ${LIBZ}
+LDADD= -lssh -lutil -lz
+
+.if ${MK_KERBEROS_SUPPORT} != "no"
+CFLAGS+= -DGSSAPI -DHAVE_GSSAPI_GSSAPI_H=1 -DKRB5 -DHEIMDAL
+DPADD+= ${LIBGSSAPI}
+LDADD+= -lgssapi
+.endif
+
+.if defined(X11BASE) || defined(LOCALBASE)
+# Recommended /etc/make.conf setting is X11BASE=${LOCALBASE} for x.org
+# 7.x upgrade on <= 6.2, but LOCALBASE has moved out of scope of src/
+# so we need to provide the default for users with old make.conf
+# settings.
+LOCALBASE?= /usr/local
+
+# Users may override either LOCALBASE or X11BASE to move the location
+# of xauth
+X11BASE?= ${LOCALBASE}
+CFLAGS+= -DXAUTH_PATH=\"${X11BASE}/bin/xauth\"
+.endif
+
+DPADD+= ${LIBCRYPT} ${LIBCRYPTO}
+LDADD+= -lcrypt -lcrypto
+
+.include <bsd.prog.mk>
+
+.PATH: ${SSHDIR}
+
+${OBJS} ${POBJS} ${SOBJS}: ssh_namespace.h
diff --git a/secure/usr.sbin/Makefile b/secure/usr.sbin/Makefile
new file mode 100644
index 0000000..e08025c
--- /dev/null
+++ b/secure/usr.sbin/Makefile
@@ -0,0 +1,10 @@
+# $FreeBSD$
+
+.include <bsd.own.mk>
+
+SUBDIR=
+.if ${MK_OPENSSH} != "no"
+SUBDIR+=sshd
+.endif
+
+.include <bsd.subdir.mk>
diff --git a/secure/usr.sbin/Makefile.inc b/secure/usr.sbin/Makefile.inc
new file mode 100644
index 0000000..282198e
--- /dev/null
+++ b/secure/usr.sbin/Makefile.inc
@@ -0,0 +1,5 @@
+# $FreeBSD$
+
+BINDIR?= /usr/sbin
+
+.include "../Makefile.inc"
diff --git a/secure/usr.sbin/sshd/Makefile b/secure/usr.sbin/sshd/Makefile
new file mode 100644
index 0000000..702bcd0
--- /dev/null
+++ b/secure/usr.sbin/sshd/Makefile
@@ -0,0 +1,62 @@
+# $FreeBSD$
+#
+
+.include <bsd.own.mk>
+
+PROG= sshd
+SRCS= sshd.c auth-rhosts.c auth-passwd.c auth-rsa.c auth-rh-rsa.c \
+ audit.c audit-bsm.c audit-linux.c platform.c \
+ sshpty.c sshlogin.c servconf.c serverloop.c \
+ auth.c auth1.c auth2.c auth-options.c session.c \
+ auth-chall.c auth2-chall.c groupaccess.c \
+ auth-skey.c auth-bsdauth.c auth2-hostbased.c auth2-kbdint.c \
+ auth2-none.c auth2-passwd.c auth2-pubkey.c auth2-jpake.c \
+ monitor_mm.c monitor.c monitor_wrap.c kexdhs.c kexgexs.c kexecdhs.c \
+ auth-krb5.c \
+ auth2-gss.c gss-serv.c gss-serv-krb5.c \
+ loginrec.c auth-pam.c auth-shadow.c auth-sia.c md5crypt.c \
+ sftp-server.c sftp-common.c \
+ roaming_common.c roaming_serv.c
+
+# gss-genr.c really belongs in libssh; see src/secure/lib/libssh/Makefile
+SRCS+= gss-genr.c
+
+MAN= sshd.8 sshd_config.5
+CFLAGS+=-I${SSHDIR} -include ssh_namespace.h
+
+DPADD= ${LIBSSH} ${LIBUTIL} ${LIBZ} ${LIBWRAP} ${LIBPAM}
+LDADD= -lssh -lutil -lz -lwrap ${MINUSLPAM}
+
+.if ${MK_AUDIT} != "no"
+CFLAGS+= -DUSE_BSM_AUDIT -DHAVE_GETAUDIT_ADDR
+DPADD+= ${LIBBSM}
+LDADD+= -lbsm
+.endif
+
+.if ${MK_KERBEROS_SUPPORT} != "no"
+CFLAGS+= -DGSSAPI -DHAVE_GSSAPI_GSSAPI_H=1 -DHAVE_GSSAPI_GSSAPI_KRB5_H=1 -DKRB5 -DHEIMDAL
+DPADD+= ${LIBGSSAPI_KRB5} ${LIBGSSAPI} ${LIBKRB5} ${LIBASN1}
+LDADD+= -lgssapi_krb5 -lgssapi -lkrb5 -lasn1
+.endif
+
+.if defined(X11BASE)
+# Recommended /etc/make.conf setting is X11BASE=${LOCALBASE} for x.org
+# 7.x upgrade on <= 6.2, but LOCALBASE has moved out of scope of src/
+# so we need to provide the default for users with old make.conf
+# settings.
+LOCALBASE?= /usr/local
+
+# Users may override either LOCALBASE or X11BASE to move the location
+# of xauth
+X11BASE?= ${LOCALBASE}
+CFLAGS+= -DXAUTH_PATH=\"${X11BASE}/bin/xauth\"
+.endif
+
+DPADD+= ${LIBCRYPTO} ${LIBCRYPT}
+LDADD+= -lcrypto -lcrypt
+
+.include <bsd.prog.mk>
+
+.PATH: ${SSHDIR}
+
+${OBJS} ${POBJS} ${SOBJS}: ssh_namespace.h
OpenPOWER on IntegriCloud