fourth batch of perlpod(1) to mdoc(7) conversion

author: schwarze <> 2015-02-23 17:43:24 +0000
committer: schwarze <> 2015-02-23 17:43:24 +0000
commit: 9cb1a51933a1847042ee88e16d560485f682bcad (patch)
tree: 5a76fb973ee649bdb33c7731bc1ca457abfcec1e
parent: 2820d04ee847cb7bede0b25e49194c3ade7ebdbf (diff)
download: openbsd-9cb1a51933a1847042ee88e16d560485f682bcad.tar.gz
openbsd-9cb1a51933a1847042ee88e16d560485f682bcad.tar.bz2
openbsd-9cb1a51933a1847042ee88e16d560485f682bcad.zip
37 files changed, 2521 insertions, 1276 deletions
diff --git a/src/lib/libcrypto/man/BN_BLINDING_new.3 b/src/lib/libcrypto/man/BN_BLINDING_new.3
new file mode 100644
index 0000000000..c65d79c3bc
--- /dev/null
+++ b/src/lib/libcrypto/man/BN_BLINDING_new.3
@@ -0,0 +1,269 @@
+.Dd $Mdocdate: February 23 2015 $
+.Dt BN_BLINDING_NEW 3
+.Os
+.Sh NAME
+.Nm BN_BLINDING_new ,
+.Nm BN_BLINDING_free ,
+.Nm BN_BLINDING_update ,
+.Nm BN_BLINDING_convert ,
+.Nm BN_BLINDING_invert ,
+.Nm BN_BLINDING_convert_ex ,
+.Nm BN_BLINDING_invert_ex ,
+.Nm BN_BLINDING_get_thread_id ,
+.Nm BN_BLINDING_set_thread_id ,
+.Nm BN_BLINDING_thread_id ,
+.Nm BN_BLINDING_get_flags ,
+.Nm BN_BLINDING_set_flags ,
+.Nm BN_BLINDING_create_param
+.Nd blinding related BIGNUM functions
+.Sh SYNOPSIS
+.In openssl/bn.h
+.Ft BN_BLINDING *
+.Fo BN_BLINDING_new
+.Fa "const BIGNUM *A"
+.Fa "const BIGNUM *Ai"
+.Fa "BIGNUM *mod"
+.Fc
+.Ft void
+.Fo BN_BLINDING_free
+.Fa "BN_BLINDING *b"
+.Fc
+.Ft int
+.Fo BN_BLINDING_update
+.Fa "BN_BLINDING *b"
+.Fa "BN_CTX *ctx"
+.Fc
+.Ft int
+.Fo BN_BLINDING_convert
+.Fa "BIGNUM *n"
+.Fa "BN_BLINDING *b"
+.Fa "BN_CTX *ctx"
+.Fc
+.Ft int
+.Fo BN_BLINDING_invert
+.Fa "BIGNUM *n"
+.Fa "BN_BLINDING *b"
+.Fa "BN_CTX *ctx"
+.Fc
+.Ft int
+.Fo BN_BLINDING_convert_ex
+.Fa "BIGNUM *n"
+.Fa "BIGNUM *r"
+.Fa "BN_BLINDING *b"
+.Fa "BN_CTX *ctx"
+.Fc
+.Ft int
+.Fo BN_BLINDING_invert_ex
+.Fa "BIGNUM *n"
+.Fa "const BIGNUM *r"
+.Fa "BN_BLINDING *b"
+.Fa "BN_CTX *ctx"
+.Fc
+.Fd #ifndef OPENSSL_NO_DEPRECATED
+.Ft unsigned long
+.Fo BN_BLINDING_get_thread_id
+.Fa "const BN_BLINDING *"
+.Fc
+.Ft void
+.Fo BN_BLINDING_set_thread_id
+.Fa "BN_BLINDING *"
+.Fa "unsigned long"
+.Fc
+.Fd #endif
+.Ft CRYPTO_THREADID *
+.Fo BN_BLINDING_thread_id
+.Fa "BN_BLINDING *"
+.Fc
+.Ft unsigned long
+.Fo BN_BLINDING_get_flags
+.Fa "const BN_BLINDING *"
+.Fc
+.Ft void
+.Fo BN_BLINDING_set_flags
+.Fa "BN_BLINDING *"
+.Fa "unsigned long"
+.Fc
+.Ft BN_BLINDING *
+.Fo BN_BLINDING_create_param
+.Fa "BN_BLINDING *b"
+.Fa "const BIGNUM *e"
+.Fa "BIGNUM *m"
+.Fa "BN_CTX *ctx"
+.Fa "int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,\
+ const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)"
+.Fa "BN_MONT_CTX *m_ctx"
+.Fc
+.Sh DESCRIPTION
+.Fn BN_BLINDING_new
+allocates a new
+.Vt BN_BLINDING
+structure and copies the
+.Fa A
+and
+.Fa \&Ai
+values into the newly created
+.Vt BN_BLINDING
+object.
+.Pp
+.Fn BN_BLINDING_free
+frees the
+.Vt BN_BLINDING
+structure.
+.Pp
+.Fn BN_BLINDING_update
+updates the
+.Vt BN_BLINDING
+parameters by squaring the
+.Fa A
+and
+.Fa \&Ai
+or, after specific number of uses and if the necessary parameters are
+set, by re-creating the blinding parameters.
+.Pp
+.Fn BN_BLINDING_convert_ex
+multiplies
+.Fa n
+with the blinding factor
+.Fa A .
+If
+.Fa r
+is not
+.Dv NULL ,
+a copy of the inverse blinding factor
+.Fa \&Ai
+will be returned in
+.Fa r
+(this is useful if a
+.Vt RSA
+object is shared among several threads).
+.Fn BN_BLINDING_invert_ex
+multiplies
+.Fa n
+with the inverse blinding factor
+.Fa \&Ai .
+If
+.Fa r
+is not
+.Dv NULL ,
+it will be used as the inverse blinding.
+.Pp
+.Fn BN_BLINDING_convert
+and
+.Fn BN_BLINDING_invert
+are wrapper functions for
+.Fn BN_BLINDING_convert_ex
+and
+.Fn BN_BLINDING_invert_ex
+with
+.Fa r
+set to
+.Dv NULL .
+.Pp
+.Fn BN_BLINDING_thread_id
+provides access to the
+.Vt CRYPTO_THREADID
+object within the
+.Vt BN_BLINDING
+structure.
+This is to help users provide proper locking if needed for
+multi-threaded use.
+The "thread id" object of a newly allocated
+.Vt BN_BLINDING
+structure is initialised to the thread id in which
+.Fn BN_BLINDING_new
+was called.
+.Pp
+.Fn BN_BLINDING_get_flags
+returns the
+.Dv BN_BLINDING_*
+flags.
+Currently there are two supported flags:
+.Dv BN_BLINDING_NO_UPDATE
+and
+.Dv BN_BLINDING_NO_RECREATE .
+.Dv BN_BLINDING_NO_UPDATE
+inhibits the automatic update of the
+.Vt BN_BLINDING
+parameters after each use and
+.Dv BN_BLINDING_NO_RECREATE
+inhibits the automatic re-creation of the
+.Vt BN_BLINDING
+parameters after a fixed number of uses (currently 32).
+In newly allocated
+.Vt BN_BLINDING
+objects no flags are set.
+.Fn BN_BLINDING_set_flags
+sets the
+.Dv BN_BLINDING_*
+parameters flags.
+.Pp
+.Fn BN_BLINDING_create_param
+creates new
+.Vt BN_BLINDING
+parameters using the exponent
+.Fa e
+and the modulus
+.Fa m .
+.Fa bn_mod_exp
+and
+.Fa m_ctx
+can be used to pass special functions for exponentiation (normally
+.Xr BN_mod_exp_mont 3
+and
+.Vt BN_MONT_CTX Ns ).
+.Sh RETURN VALUES
+.Fn BN_BLINDING_new
+returns the newly allocated
+.Vt BN_BLINDING
+structure or
+.Dv NULL
+in case of an error.
+.Pp
+.Fn BN_BLINDING_update ,
+.Fn BN_BLINDING_convert ,
+.Fn BN_BLINDING_invert ,
+.Fn BN_BLINDING_convert_ex
+and
+.Fn BN_BLINDING_invert_ex
+return 1 on success and 0 if an error occured.
+.Pp
+.Fn BN_BLINDING_thread_id
+returns a pointer to the thread id object within a
+.Vt BN_BLINDING
+object.
+.Pp
+.Fn BN_BLINDING_get_flags
+returns the currently set
+.Dv BN_BLINDING_*
+flags (an
+.Vt unsigned long
+value).
+.Pp
+.Fn BN_BLINDING_create_param
+returns the newly created
+.Vt BN_BLINDING
+parameters or
+.Dv NULL
+on error.
+.Sh SEE ALSO
+.Xr bn 3
+.Sh HISTORY
+.Fn BN_BLINDING_thread_id
+was first introduced in OpenSSL 1.0.0, and it deprecates
+.Fn BN_BLINDING_set_thread_id
+and
+.Fn BN_BLINDING_get_thread_id .
+.Pp
+.Fn BN_BLINDING_convert_ex ,
+.Fn BN_BLINDIND_invert_ex ,
+.Fn BN_BLINDING_get_thread_id ,
+.Fn BN_BLINDING_set_thread_id ,
+.Fn BN_BLINDING_set_flags ,
+.Fn BN_BLINDING_get_flags
+and
+.Fn BN_BLINDING_create_param
+were first introduced in OpenSSL 0.9.8
+.Sh AUTHORS
+.An Nils Larsch
+for
+.Lk http://www.openssl.org/ "the OpenSSL project" .
diff --git a/src/lib/libcrypto/man/BN_CTX_new.3 b/src/lib/libcrypto/man/BN_CTX_new.3
new file mode 100644
index 0000000000..1a77314854
--- /dev/null
+++ b/src/lib/libcrypto/man/BN_CTX_new.3
@@ -0,0 +1,91 @@
+.Dd $Mdocdate: February 23 2015 $
+.Dt BN_CTX_NEW 3
+.Os
+.Sh NAME
+.Nm BN_CTX_new ,
+.Nm BN_CTX_init ,
+.Nm BN_CTX_free
+.Nd allocate and free BN_CTX structures
+.Sh SYNOPSIS
+.In openssl/bn.h
+.Ft BN_CTX *
+.Fo BN_CTX_new
+.Fa void
+.Fc
+.Ft void
+.Fo BN_CTX_free
+.Fa "BN_CTX *c"
+.Fc
+.Pp
+Deprecated:
+.Pp
+.Ft void
+.Fo BN_CTX_init
+.Fa "BN_CTX *c"
+.Fc
+.Sh DESCRIPTION
+A
+.Vt BN_CTX
+is a structure that holds
+.Vt BIGNUM
+temporary variables used by library functions.
+Since dynamic memory allocation to create
+.Vt BIGNUM Ns s
+is rather expensive when used in conjunction with repeated subroutine
+calls, the
+.Vt BN_CTX
+structure is used.
+.Pp
+.Fn BN_CTX_new
+allocates and initializes a
+.Vt BN_CTX
+structure.
+.Pp
+.Fn BN_CTX_free
+frees the components of the
+.Vt BN_CTX ,
+and if it was created by
+.Fn BN_CTX_new ,
+also the structure itself.
+If
+.Xr BN_CTX_start 3
+has been used on the
+.Vt BN_CTX ,
+.Xr BN_CTX_end 3
+must be called before the
+.Vt BN_CTX
+may be freed by
+.Fn BN_CTX_free .
+.Pp
+.Fn BN_CTX_init
+(deprecated) initializes an existing uninitialized
+.Vt BN_CTX .
+This should not be used for new programs.
+Use
+.Fn BN_CTX_new
+instead.
+.Sh RETURN VALUES
+.Fn BN_CTX_new
+returns a pointer to the
+.Vt BN_CTX .
+If the allocation fails, it returns
+.Dv NULL
+and sets an error code that can be obtained by
+.Xr ERR_get_error 3 .
+.Pp
+.Fn BN_CTX_init
+and
+.Fn BN_CTX_free
+return no value.
+.Sh SEE ALSO
+.Xr bn 3 ,
+.Xr BN_add 3 ,
+.Xr BN_CTX_start 3 ,
+.Xr ERR_get_error 3
+.Sh HISTORY
+.Fn BN_CTX_new
+and
+.Fn BN_CTX_free
+are available in all versions on SSLeay and OpenSSL.
+.Fn BN_CTX_init
+was added in SSLeay 0.9.1b.
diff --git a/src/lib/libcrypto/man/BN_CTX_start.3 b/src/lib/libcrypto/man/BN_CTX_start.3
new file mode 100644
index 0000000000..986208ba1a
--- /dev/null
+++ b/src/lib/libcrypto/man/BN_CTX_start.3
@@ -0,0 +1,85 @@
+.Dd $Mdocdate: February 23 2015 $
+.Dt BN_CTX_START 3
+.Os
+.Sh NAME
+.Nm BN_CTX_start ,
+.Nm BN_CTX_get ,
+.Nm BN_CTX_end
+.Nd use temporary BIGNUM variables
+.Sh SYNOPSIS
+.In openssl/bn.h
+.Ft void
+.Fo BN_CTX_start
+.Fa "BN_CTX *ctx"
+.Fc
+.Ft BIGNUM *
+.Fo BN_CTX_get
+.Fa "BN_CTX *ctx"
+.Fc
+.Ft void
+.Fo BN_CTX_end
+.Fa "BN_CTX *ctx"
+.Fc
+.Sh DESCRIPTION
+These functions are used to obtain temporary
+.Vt BIGNUM
+variables from a
+.Vt BN_CTX
+(which can been created by using
+.Xr BN_CTX_new 3 )
+in order to save the overhead of repeatedly creating and freeing
+.Vt BIGNUM Ns s
+in functions that are called from inside a loop.
+.Pp
+A function must call
+.Fn BN_CTX_start
+first.
+Then,
+.Fn BN_CTX_get
+may be called repeatedly to obtain temporary
+.Vt BIGNUM Ns s.
+All
+.Fn BN_CTX_get
+calls must be made before calling any other functions that use the
+.Fa ctx
+as an argument.
+.Pp
+Finally,
+.Fn BN_CTX_end
+must be called before returning from the function.
+When
+.Fn BN_CTX_end
+is called, the
+.Vt BIGNUM
+pointers obtained from
+.Fn BN_CTX_get
+become invalid.
+.Sh RETURN VALUES
+.Fn BN_CTX_start
+and
+.Fn BN_CTX_end
+return no values.
+.Pp
+.Fn BN_CTX_get
+returns a pointer to the
+.Vt BIGNUM ,
+or
+.Dv NULL
+on error.
+Once
+.Fn BN_CTX_get
+has failed, the subsequent calls will return
+.Dv NULL
+as well, so it is sufficient to check the return value of the last
+.Fn BN_CTX_get
+call.
+In case of an error, an error code is set, which can be obtained by
+.Xr ERR_get_error 3 .
+.Sh SEE ALSO
+.Xr BN_CTX_new 3
+.Sh HISTORY
+.Fn BN_CTX_start ,
+.Fn BN_CTX_get ,
+and
+.Fn BN_CTX_end
+were added in OpenSSL 0.9.5.
diff --git a/src/lib/libcrypto/man/BN_add.3 b/src/lib/libcrypto/man/BN_add.3
new file mode 100644
index 0000000000..d41599d8b0
--- /dev/null
+++ b/src/lib/libcrypto/man/BN_add.3
@@ -0,0 +1,352 @@
+.Dd $Mdocdate: February 23 2015 $
+.Dt BN_ADD 3
+.Os
+.Sh NAME
+.Nm BN_add ,
+.Nm BN_sub ,
+.Nm BN_mul ,
+.Nm BN_sqr ,
+.Nm BN_div ,
+.Nm BN_mod ,
+.Nm BN_nnmod ,
+.Nm BN_mod_add ,
+.Nm BN_mod_sub ,
+.Nm BN_mod_mul ,
+.Nm BN_mod_sqr ,
+.Nm BN_exp ,
+.Nm BN_mod_exp ,
+.Nm BN_gcd
+.Nd arithmetic operations on BIGNUMs
+.Sh SYNOPSIS
+.In openssl/bn.h
+.Ft int
+.Fo BN_add
+.Fa "BIGNUM *r"
+.Fa "const BIGNUM *a"
+.Fa "const BIGNUM *b"
+.Fc
+.Ft int
+.Fo BN_sub
+.Fa "BIGNUM *r"
+.Fa "const BIGNUM *a"
+.Fa "const BIGNUM *b"
+.Fc
+.Ft int
+.Fo BN_mul
+.Fa "BIGNUM *r"
+.Fa "BIGNUM *a"
+.Fa "BIGNUM *b"
+.Fa "BN_CTX *ctx"
+.Fc
+.Ft int
+.Fo BN_sqr
+.Fa "BIGNUM *r"
+.Fa "BIGNUM *a"
+.Fa "BN_CTX *ctx"
+.Fc
+.Ft int
+.Fo BN_div
+.Fa "BIGNUM *dv"
+.Fa "BIGNUM *rem"
+.Fa "const BIGNUM *a"
+.Fa "const BIGNUM *d"
+.Fa "BN_CTX *ctx"
+.Fc
+.Ft int
+.Fo BN_mod
+.Fa "BIGNUM *rem"
+.Fa "const BIGNUM *a"
+.Fa "const BIGNUM *m"
+.Fa "BN_CTX *ctx"
+.Fc
+.Ft int
+.Fo BN_nnmod
+.Fa "BIGNUM *r"
+.Fa "const BIGNUM *a"
+.Fa "const BIGNUM *m"
+.Fa "BN_CTX *ctx"
+.Fc
+.Ft int
+.Fo BN_mod_add
+.Fa "BIGNUM *r"
+.Fa "BIGNUM *a"
+.Fa "BIGNUM *b"
+.Fa "const BIGNUM *m"
+.Fa "BN_CTX *ctx"
+.Fc
+.Ft int
+.Fo BN_mod_sub
+.Fa "BIGNUM *r"
+.Fa "BIGNUM *a"
+.Fa "BIGNUM *b"
+.Fa "const BIGNUM *m"
+.Fa "BN_CTX *ctx"
+.Fc
+.Ft int
+.Fo BN_mod_mul
+.Fa "BIGNUM *r"
+.Fa "BIGNUM *a"
+.Fa "BIGNUM *b"
+.Fa "const BIGNUM *m"
+.Fa "BN_CTX *ctx"
+.Fc
+.Ft int
+.Fo BN_mod_sqr
+.Fa "BIGNUM *r"
+.Fa "BIGNUM *a"
+.Fa "const BIGNUM *m"
+.Fa "BN_CTX *ctx"
+.Fc
+.Ft int
+.Fo BN_exp
+.Fa "BIGNUM *r"
+.Fa "BIGNUM *a"
+.Fa "BIGNUM *p"
+.Fa "BN_CTX *ctx"
+.Fc
+.Ft int
+.Fo BN_mod_exp
+.Fa "BIGNUM *r"
+.Fa "BIGNUM *a"
+.Fa "const BIGNUM *p"
+.Fa "const BIGNUM *m"
+.Fa "BN_CTX *ctx"
+.Fc
+.Ft int
+.Fo BN_gcd
+.Fa "BIGNUM *r"
+.Fa "BIGNUM *a"
+.Fa "BIGNUM *b"
+.Fa "BN_CTX *ctx"
+.Fc
+.Sh DESCRIPTION
+.Fn BN_add
+adds
+.Fa a
+and
+.Fa b
+and places the result in
+.Fa r
+.Pq Li r=a+b .
+.Fa r
+may be the same
+.Vt BIGNUM
+as
+.Fa a
+or
+.Fa b .
+.Pp
+.Fn BN_sub
+subtracts
+.Fa b
+from
+.Fa a
+and places the result in
+.Fa r
+.Pq Li r=a-b .
+.Pp
+.Fn BN_mul
+multiplies
+.Fa a
+and
+.Fa b
+and places the result in
+.Fa r
+.Pq Li r=a*b .
+.Fa r
+may be the same
+.Vt BIGNUM
+as
+.Fa a
+or
+.Fa b .
+For multiplication by powers of 2, use
+.Xr BN_lshift 3 .
+.Pp
+.Fn BN_sqr
+takes the square of
+.Fa a
+and places the result in
+.Fa r
+.Pq Li r=a^2 .
+.Fa r
+and
+.Fa a
+may be the same
+.Vt BIGNUM .
+This function is faster than
+.Fn BN_mul r a a .
+.Pp
+.Fn BN_div
+divides
+.Fa a
+by
+.Fa d
+and places the result in
+.Fa dv
+and the remainder in
+.Fa rem
+.Pq Li dv=a/d , rem=a%d .
+Either of
+.Fa dv
+and
+.Fa rem
+may be
+.Dv NULL ,
+in which case the respective value is not returned.
+The result is rounded towards zero; thus if
+.Fa a
+is negative, the remainder will be zero or negative.
+For division by powers of 2, use
+.Fn BN_rshift 3 .
+.Pp
+.Fn BN_mod
+corresponds to
+.Fn BN_div
+with
+.Fa dv
+set to
+.Dv NULL .
+.Pp
+.Fn BN_nnmod
+reduces
+.Fa a
+modulo
+.Fa m
+and places the non-negative remainder in
+.Fa r .
+.Pp
+.Fn BN_mod_add
+adds
+.Fa a
+to
+.Fa b
+modulo
+.Fa m
+and places the non-negative result in
+.Fa r .
+.Pp
+.Fn BN_mod_sub
+subtracts
+.Fa b
+from
+.Fa a
+modulo
+.Fa m
+and places the non-negative result in
+.Fa r .
+.Pp
+.Fn BN_mod_mul
+multiplies
+.Fa a
+by
+.Fa b
+and finds the non-negative remainder respective to modulus
+.Fa m
+.Pq Li r=(a*b)%m .
+.Fa r
+may be the same
+.Vt BIGNUM
+as
+.Fa a
+or
+.Fa b .
+For more efficient algorithms for repeated computations using the same
+modulus, see
+.Xr BN_mod_mul_montgomery 3
+and
+.Xr BN_mod_mul_reciprocal 3 .
+.Pp
+.Fn BN_mod_sqr
+takes the square of
+.Fa a
+modulo
+.Fa m
+and places the result in
+.Fa r .
+.Pp
+.Fn BN_exp
+raises
+.Fa a
+to the
+.Fa p Ns -th
+power and places the result in
+.Fa r
+.Pq Li r=a^p .
+This function is faster than repeated applications of
+.Fn BN_mul .
+.Pp
+.Fn BN_mod_exp
+computes
+.Fa a
+to the
+.Fa p Ns -th
+power modulo
+.Fa m
+.Pq Li r=(a^p)%m .
+This function uses less time and space than
+.Fn BN_exp .
+.Pp
+.Fn BN_gcd
+computes the greatest common divisor of
+.Fa a
+and
+.Fa b
+and places the result in
+.Fa r .
+.Fa r
+may be the same
+.Vt BIGNUM
+as
+.Fa a
+or
+.Fa b .
+.Pp
+For all functions,
+.Fa ctx
+is a previously allocated
+.Vt BN_CTX
+used for temporary variables; see
+.Xr BN_CTX_new 3 .
+.Pp
+Unless noted otherwise, the result
+.Vt BIGNUM
+must be different from the arguments.
+.Sh RETURN VALUES
+For all functions, 1 is returned for success, 0 on error.
+The return value should always be checked, for example:
+.Pp
+.Dl if (!BN_add(r,a,b)) goto err;
+.Pp
+The error codes can be obtained by
+.Xr ERR_get_error 3 .
+.Sh SEE ALSO
+.Xr bn 3 ,
+.Xr BN_add_word 3 ,
+.Xr BN_CTX_new 3 ,
+.Xr BN_set_bit 3 ,
+.Xr ERR_get_error 3
+.Sh HISTORY
+.Fn BN_add ,
+.Fn BN_sub ,
+.Fn BN_sqr ,
+.Fn BN_div ,
+.Fn BN_mod ,
+.Fn BN_mod_mul ,
+.Fn BN_mod_exp ,
+and
+.Fn BN_gcd
+are available in all versions of SSLeay and OpenSSL.
+The
+.Fa ctx
+argument to
+.Fn BN_mul
+was added in SSLeay 0.9.1b.
+.Fn BN_exp
+appeared in SSLeay 0.9.0.
+.Fn BN_nnmod ,
+.Fn BN_mod_add ,
+.Fn BN_mod_sub ,
+and
+.Fn BN_mod_sqr
+were added in OpenSSL 0.9.7.
diff --git a/src/lib/libcrypto/man/BN_add_word.3 b/src/lib/libcrypto/man/BN_add_word.3
new file mode 100644
index 0000000000..930aae4d32
--- /dev/null
+++ b/src/lib/libcrypto/man/BN_add_word.3
@@ -0,0 +1,123 @@
+.Dd $Mdocdate: February 23 2015 $
+.Dt BN_ADD_WORD 3
+.Os
+.Sh NAME
+.Nm BN_add_word ,
+.Nm BN_sub_word ,
+.Nm BN_mul_word ,
+.Nm BN_div_word ,
+.Nm BN_mod_word
+.Nd arithmetic functions on BIGNUMs with integers
+.Sh SYNOPSIS
+.In openssl/bn.h
+.Ft int
+.Fo BN_add_word
+.Fa "BIGNUM *a"
+.Fa "BN_ULONG w"
+.Fc
+.Ft int
+.Fo BN_sub_word
+.Fa "BIGNUM *a"
+.Fa "BN_ULONG w"
+.Fc
+.Ft int
+.Fo BN_mul_word
+.Fa "BIGNUM *a"
+.Fa "BN_ULONG w"
+.Fc
+.Ft BN_ULONG
+.Fo BN_div_word
+.Fa "BIGNUM *a"
+.Fa "BN_ULONG w"
+.Fc
+.Ft BN_ULONG
+.Fo BN_mod_word
+.Fa "const BIGNUM *a"
+.Fa "BN_ULONG w"
+.Fc
+.Sh DESCRIPTION
+These functions perform arithmetic operations on BIGNUMs with unsigned
+integers.
+They are much more efficient than the normal BIGNUM arithmetic
+operations.
+.Pp
+.Fn BN_add_word
+adds
+.Fa w
+to
+.Fa a
+.Pq Li a+=w .
+.Pp
+.Fn BN_sub_word
+subtracts
+.Fa w
+from
+.Fa a
+.Pq Li a-=w .
+.Pp
+.Fn BN_mul_word
+multiplies
+.Fa a
+and
+.Fa w
+.Pq Li a*=w .
+.Pp
+.Fn BN_div_word
+divides
+.Fa a
+by
+.Fa w
+.Pq Li a/=w
+and returns the remainder.
+.Pp
+.Fn BN_mod_word
+returns the remainder of
+.Fa a
+divided by
+.Fa w
+.Pq Li a%w .
+.Pp
+For
+.Fn BN_div_word
+and
+.Fn BN_mod_word ,
+.Fa w
+must not be 0.
+.Sh RETURN VALUES
+.Fn BN_add_word ,
+.Fn BN_sub_word ,
+and
+.Fn BN_mul_word
+return 1 for success, 0 on error.
+The error codes can be obtained by
+.Xr ERR_get_error 3 .
+.Pp
+.Fn BN_mod_word
+and
+.Fn BN_div_word
+return
+.Fa a Ns % Ns Fa w
+on success and
+.Pq Vt BN_ULONG Ns -1
+if an error occurred.
+.Sh SEE ALSO
+.Xr bn 3 ,
+.Xr BN_add 3 ,
+.Xr ERR_get_error 3
+.Sh HISTORY
+.Fn BN_add_word
+and
+.Fn BN_mod_word
+are available in all versions of SSLeay and OpenSSL.
+.Fn BN_div_word
+was added in SSLeay 0.8, and
+.Fn BN_sub_word
+and
+.Fn BN_mul_word
+in SSLeay 0.9.0.
+.Pp
+Before 0.9.8a, the return value for
+.Fn BN_div_word
+and
+.Fn BN_mod_word
+in case of an error was 0.
diff --git a/src/lib/libcrypto/man/BN_bn2bin.3 b/src/lib/libcrypto/man/BN_bn2bin.3
new file mode 100644
index 0000000000..02d6b2c8b8
--- /dev/null
+++ b/src/lib/libcrypto/man/BN_bn2bin.3
@@ -0,0 +1,237 @@
+.Dd $Mdocdate: February 23 2015 $
+.Dt BN_BN2BIN 3
+.Os
+.Sh NAME
+.Nm BN_bn2bin ,
+.Nm BN_bin2bn ,
+.Nm BN_bn2hex ,
+.Nm BN_bn2dec ,
+.Nm BN_hex2bn ,
+.Nm BN_dec2bn ,
+.Nm BN_print ,
+.Nm BN_print_fp ,
+.Nm BN_bn2mpi ,
+.Nm BN_mpi2bn
+.Nd format conversions
+.Sh SYNOPSIS
+.In openssl/bn.h
+.Ft int
+.Fo BN_bn2bin
+.Fa "const BIGNUM *a"
+.Fa "unsigned char *to"
+.Fc
+.Ft BIGNUM *
+.Fo BN_bin2bn
+.Fa "const unsigned char *s"
+.Fa "int len"
+.Fa "BIGNUM *ret"
+.Fc
+.Ft char *
+.Fo BN_bn2hex
+.Fa "const BIGNUM *a"
+.Fc
+.Ft char *
+.Fo BN_bn2dec
+.Fa "const BIGNUM *a"
+.Fc
+.Ft int
+.Fo BN_hex2bn
+.Fa "BIGNUM **a"
+.Fa "const char *str"
+.Fc
+.Ft int
+.Fo BN_dec2bn
+.Fa "BIGNUM **a"
+.Fa "const char *str"
+.Fc
+.Ft int
+.Fo BN_print
+.Fa "BIO *fp"
+.Fa "const BIGNUM *a"
+.Fc
+.Ft int
+.Fo BN_print_fp
+.Fa "FILE *fp"
+.Fa "const BIGNUM *a"
+.Fc
+.Ft int
+.Fo BN_bn2mpi
+.Fa "const BIGNUM *a"
+.Fa "unsigned char *to"
+.Fc
+.Ft BIGNUM *
+.Fo BN_mpi2bn
+.Fa "unsigned char *s"
+.Fa "int len"
+.Fa "BIGNUM *ret"
+.Fc
+.Sh DESCRIPTION
+.Fn BN_bn2bin
+converts the absolute value of
+.Fa a
+into big-endian form and stores it at
+.Fa to .
+.Fa to
+must point to
+.Fn BN_num_bytes a
+bytes of memory.
+.Pp
+.Fn BN_bin2bn
+converts the positive integer in big-endian form of length
+.Fa len
+at
+.Fa s
+into a
+.Vt BIGNUM
+and places it in
+.Fa ret .
+If
+.Fa ret
+is
+.Dv NULL ,
+a new
+.Vt BIGNUM
+is created.
+.Pp
+.Fn BN_bn2hex
+and
+.Fn BN_bn2dec
+return printable strings containing the hexadecimal and decimal encoding of
+.Fa a
+respectively.
+For negative numbers, the string is prefaced with a leading minus sign.
+The string must be freed later using
+.Xr free 3 .
+.Pp
+.Fn BN_hex2bn
+converts the string
+.Fa str
+containing a hexadecimal number to a
+.Vt BIGNUM
+and stores it in
+.Pf * Fa a .
+If
+.Pf * Fa a
+is
+.Dv NULL ,
+a new
+.Vt BIGNUM
+is created.
+If
+.Fa a
+is
+.Dv NULL ,
+it only computes the number's length in hexadecimal digits.
+If the string starts with a minus sign, the number is negative.
+.Fn BN_dec2bn
+is the same using the decimal system.
+.Pp
+.Fn BN_print
+and
+.Fn BN_print_fp
+write the hexadecimal encoding of
+.Fa a ,
+with a leading minus sign for negative numbers, to the
+.Vt BIO
+or
+.Vt FILE
+.Fa fp .
+.Pp
+.Fn BN_bn2mpi
+and
+.Fn BN_mpi2bn
+convert
+.Vt BIGNUM Ns s
+from and to a format that consists of the number's length in bytes
+represented as a 4-byte big-endian number, and the number itself in
+big-endian format, where the most significant bit signals a negative
+number (the representation of numbers with the MSB set is prefixed with
+a NUL byte).
+.Pp
+.Fn BN_bn2mpi
+stores the representation of
+.Fa a
+at
+.Fa to ,
+where
+.Fa to
+must be large enough to hold the result.
+The size can be determined by calling
+.Fn BN_bn2mpi a , NULL .
+.Pp
+.Fn BN_mpi2bn
+converts the
+.Fa len
+bytes long representation at
+.Fa s
+to a
+.Vt BIGNUM
+and stores it at
+.Fa ret ,
+or in a newly allocated
+.Vt BIGNUM
+if
+.Fa ret
+is
+.Dv NULL .
+.Sh RETURN VALUES
+.Fn BN_bn2bin
+returns the length of the big-endian number placed at
+.Fa to .
+.Fn BN_bin2bn
+returns the
+.Vt BIGNUM ,
+or
+.Dv NULL
+on error.
+.Pp
+.Fn BN_bn2hex
+and
+.Fn BN_bn2dec
+return a NUL-terminated string, or
+.Dv NULL
+on error.
+.Fn BN_hex2bn
+and
+.Fn BN_dec2bn
+return the number's length in hexadecimal or decimal digits, and 0 on
+error.
+.Pp
+.Fn BN_print_fp
+and
+.Fn BN_print
+return 1 on success, 0 on write errors.
+.Pp
+.Fn BN_bn2mpi
+returns the length of the representation.
+.Fn BN_mpi2bn
+returns the
+.Vt BIGNUM ,
+or
+.Dv NULL
+on error.
+.Pp
+The error codes can be obtained by
+.Xr ERR_get_error 3 .
+.Sh SEE ALSO
+.Xr ASN1_INTEGER_to_BN 3 ,
+.Xr bn 3 ,
+.Xr BN_num_bytes 3 ,
+.Xr BN_zero 3 ,
+.Xr ERR_get_error 3
+.Sh HISTORY
+.Fn BN_bn2bin ,
+.Fn BN_bin2bn ,
+.Fn BN_print_fp ,
+and
+.Fn BN_print
+are available in all versions of SSLeay and OpenSSL.
+.Pp
+.Fn BN_bn2hex ,
+.Fn BN_bn2dec ,
+.Fn BN_hex2bn ,
+.Fn BN_dec2bn ,
+.Fn BN_bn2mpi ,
+and
+.Fn BN_mpi2bn
+were added in SSLeay 0.9.0.
diff --git a/src/lib/libcrypto/man/BN_cmp.3 b/src/lib/libcrypto/man/BN_cmp.3
new file mode 100644
index 0000000000..b0a03b25ce
--- /dev/null
+++ b/src/lib/libcrypto/man/BN_cmp.3
@@ -0,0 +1,99 @@
+.Dd $Mdocdate: February 23 2015 $
+.Dt BN_CMP 3
+.Os
+.Sh NAME
+.Nm BN_cmp ,
+.Nm BN_ucmp ,
+.Nm BN_is_zero ,
+.Nm BN_is_one ,
+.Nm BN_is_word ,
+.Nm BN_is_odd
+.Nd BIGNUM comparison and test functions
+.Sh SYNOPSIS
+.In openssl/bn.h
+.Ft int
+.Fo BN_cmp
+.Fa "BIGNUM *a"
+.Fa "BIGNUM *b"
+.Fc
+.Ft int
+.Fo BN_ucmp
+.Fa "BIGNUM *a"
+.Fa "BIGNUM *b"
+.Fc
+.Ft int
+.Fo BN_is_zero
+.Fa "BIGNUM *a"
+.Fc
+.Ft int
+.Fo BN_is_one
+.Fa "BIGNUM *a"
+.Fc
+.Ft int
+.Fo BN_is_word
+.Fa "BIGNUM *a"
+.Fa "BN_ULONG w"
+.Fc
+.Ft int
+.Fo BN_is_odd
+.Fa "BIGNUM *a"
+.Fc
+.Sh DESCRIPTION
+.Fn BN_cmp
+compares the numbers
+.Fa a
+and
+.Fa b .
+.Fn BN_ucmp
+compares their absolute values.
+.Pp
+.Fn BN_is_zero ,
+.Fn BN_is_one
+and
+.Fn BN_is_word
+test if
+.Fa a
+equals 0, 1, or
+.Fa w
+respectively.
+.Fn BN_is_odd
+tests if a is odd.
+.Pp
+.Fn BN_is_zero ,
+.Fn BN_is_one ,
+.Fn BN_is_word ,
+and
+.Fn BN_is_odd
+are macros.
+.Sh RETURN VALUES
+.Fn BN_cmp
+returns -1 if
+.Fa a Ns < Ns Fa b ,
+0 if
+.Fa a Ns == Ns Fa b ,
+and 1 if
+.Fa a Ns > Ns Fa b .
+.Fn BN_ucmp
+is the same using the absolute values of
+.Fa a
+and
+.Fa b .
+.Pp
+.Fn BN_is_zero ,
+.Fn BN_is_one ,
+.Fn BN_is_word ,
+and
+.Fn BN_is_odd
+return 1 if the condition is true, 0 otherwise.
+.Sh SEE ALSO
+.Xr bn 3
+.Sh HISTORY
+.Fn BN_cmp ,
+.Fn BN_ucmp ,
+.Fn BN_is_zero ,
+.Fn BN_is_one
+and
+.Fn BN_is_word
+are available in all versions of SSLeay and OpenSSL.
+.Fn BN_is_odd
+was added in SSLeay 0.8.
diff --git a/src/lib/libcrypto/man/BN_copy.3 b/src/lib/libcrypto/man/BN_copy.3
new file mode 100644
index 0000000000..765e46c01c
--- /dev/null
+++ b/src/lib/libcrypto/man/BN_copy.3
@@ -0,0 +1,52 @@
+.Dd $Mdocdate: February 23 2015 $
+.Dt BN_COPY 3
+.Os
+.Sh NAME
+.Nm BN_copy ,
+.Nm BN_dup
+.Nd copy BIGNUMs
+.Sh SYNOPSIS
+.In openssl/bn.h
+.Ft BIGNUM *
+.Fo BN_copy
+.Fa "BIGNUM *to"
+.Fa "const BIGNUM *from"
+.Fc
+.Ft BIGNUM *
+.Fo BN_dup
+.Fa "const BIGNUM *from"
+.Fc
+.Sh DESCRIPTION
+.Fn BN_copy
+copies
+.Fa from
+to
+.Fa to .
+.Fn BN_dup
+creates a new
+.Vt BIGNUM
+containing the value
+.Fa from .
+.Sh RETURN VALUES
+.Fn BN_copy
+returns
+.Fa to
+on success,
+.Dv NULL
+on error.
+.Fn BN_dup
+returns the new
+.Vt BIGNUM ,
+or
+.Dv NULL
+on error.
+The error codes can be obtained by
+.Xr ERR_get_error 3 .
+.Sh SEE ALSO
+.Xr bn 3 ,
+.Xr ERR_get_error 3
+.Sh HISTORY
+.Fn BN_copy
+and
+.Fn BN_dup
+are available in all versions of SSLeay and OpenSSL.
diff --git a/src/lib/libcrypto/man/BN_generate_prime.3 b/src/lib/libcrypto/man/BN_generate_prime.3
new file mode 100644
index 0000000000..e269571914
--- /dev/null
+++ b/src/lib/libcrypto/man/BN_generate_prime.3
@@ -0,0 +1,289 @@
+.Dd $Mdocdate: February 23 2015 $
+.Dt BN_GENERATE_PRIME 3
+.Os
+.Sh NAME
+.Nm BN_generate_prime_ex ,
+.Nm BN_is_prime_ex ,
+.Nm BN_is_prime_fasttest_ex ,
+.Nm BN_GENCB_call ,
+.Nm BN_GENCB_set_old ,
+.Nm BN_GENCB_set ,
+.Nm BN_generate_prime ,
+.Nm BN_is_prime ,
+.Nm BN_is_prime_fasttest
+.Nd generate primes and test for primality
+.Sh SYNOPSIS
+.In openssl/bn.h
+.Ft int
+.Fo BN_generate_prime_ex
+.Fa "BIGNUM *ret"
+.Fa "int bits"
+.Fa "int safe"
+.Fa "const BIGNUM *add"
+.Fa "const BIGNUM *rem"
+.Fa "BN_GENCB *cb"
+.Fc
+.Ft int
+.Fo BN_is_prime_ex
+.Fa "const BIGNUM *p"
+.Fa "int nchecks"
+.Fa "BN_CTX *ctx"
+.Fa "BN_GENCB *cb"
+.Fc
+.Ft int
+.Fo BN_is_prime_fasttest_ex
+.Fa "const BIGNUM *p"
+.Fa "int nchecks"
+.Fa "BN_CTX *ctx"
+.Fa "int do_trial_division"
+.Fa "BN_GENCB *cb"
+.Fc
+.Ft int
+.Fo BN_GENCB_call
+.Fa "BN_GENCB *cb"
+.Fa "int a"
+.Fa "int b"
+.Fc
+.Fd #define BN_GENCB_set_old(gencb, callback, cb_arg) ...
+.Fd #define BN_GENCB_set(gencb, callback, cb_arg) ...
+.Pp
+Deprecated:
+.Pp
+.Ft BIGNUM *
+.Fo BN_generate_prime
+.Fa "BIGNUM *ret"
+.Fa "int num"
+.Fa "int safe"
+.Fa "BIGNUM *add"
+.Fa "BIGNUM *rem"
+.Fa "void (*callback)(int, int, void *)"
+.Fa "void *cb_arg"
+.Fc
+.Ft int
+.Fo BN_is_prime
+.Fa "const BIGNUM *a"
+.Fa "int checks"
+.Fa "void (*callback)(int, int, void *)"
+.Fa "BN_CTX *ctx"
+.Fa "void *cb_arg"
+.Fc
+.Ft int
+.Fo BN_is_prime_fasttest
+.Fa "const BIGNUM *a"
+.Fa "int checks"
+.Fa "void (*callback)(int, int, void *)"
+.Fa "BN_CTX *ctx"
+.Fa "void *cb_arg"
+.Fa "int do_trial_division"
+.Fc
+.Sh DESCRIPTION
+.Fn BN_generate_prime_ex
+generates a pseudo-random prime number of bit length
+.Fa bits .
+If
+.Fa ret
+is not
+.Dv NULL ,
+it will be used to store the number.
+.Pp
+If
+.Fa cb
+is not
+.Dv NULL ,
+it is used as follows:
+.Bl -bullet
+.It
+.Fn BN_GENCB_call cb 0 i
+is called after generating the i-th potential prime number.
+.It
+While the number is being tested for primality,
+.Fn BN_GENCB_call cb 1 j
+is called as described below.
+.It
+When a prime has been found,
+.Fn BN_GENCB_call cb 2 i
+is called.
+.El
+.Pp
+The prime may have to fulfill additional requirements for use in
+Diffie-Hellman key exchange:
+.Pp
+If
+.Fa add
+is not
+.Dv NULL ,
+the prime will fulfill the condition p %
+.Fa add
+==
+.Fa rem
+(p %
+.Fa add
+== 1 if
+.Fa rem
+==
+.Dv NULL )
+in order to suit a given generator.
+.Pp
+If
+.Fa safe
+is true, it will be a safe prime (i.e. a prime p so that (p-1)/2
+is also prime).
+.Pp
+The prime number generation has a negligible error probability.
+.Pp
+.Fn BN_is_prime_ex
+and
+.Fn BN_is_prime_fasttest_ex
+test if the number
+.Fa p
+is prime.
+The following tests are performed until one of them shows that
+.Fa p
+is composite; if
+.Fa p
+passes all these tests, it is considered prime.
+.Pp
+.Fn BN_is_prime_fasttest_ex ,
+when called with
+.Fa do_trial_division
+== 1, first attempts trial division by a number of small primes;
+if no divisors are found by this test and
+.Fa cb
+is not
+.Dv NULL ,
+.Sy BN_GENCB_call(cb, 1, -1)
+is called.
+If
+.Fa do_trial_division
+== 0, this test is skipped.
+.Pp
+Both
+.Fn BN_is_prime_ex
+and
+.Fn BN_is_prime_fasttest_ex
+perform a Miller-Rabin probabilistic primality test with
+.Fa nchecks
+iterations.
+If
+.Fa nchecks
+==
+.Dv BN_prime_checks ,
+a number of iterations is used that yields a false positive rate of at
+most 2^-80 for random input.
+.Pp
+If
+.Fa cb
+is not
+.Dv NULL ,
+.Fa BN_GENCB_call cb 1 j
+is called after the j-th iteration (j = 0, 1, ...).
+.Fa ctx
+is a pre-allocated
+.Vt BN_CTX
+(to save the overhead of allocating and freeing the structure in a
+loop), or
+.Dv NULL .
+.Pp
+.Fn BN_GENCB_call
+calls the callback function held in the
+.Vt BN_GENCB
+structure and passes the ints
+.Fa a
+and
+.Fa b
+as arguments.
+There are two types of
+.Vt BN_GENCB
+structures that are supported: "new" style and "old" style.
+New programs should prefer the "new" style, whilst the "old" style is
+provided for backwards compatibility purposes.
+.Pp
+For "new" style callbacks a
+.Vt BN_GENCB
+structure should be initialised with a call to
+.Fn BN_GENCB_set ,
+where
+.Fa gencb
+is a
+.Vt BN_GENCB * ,
+.Fa callback
+is of type
+.Vt int (*callback)(int, int, BN_GENCB *)
+and
+.Fa cb_arg
+is a
+.Vt void * .
+"Old" style callbacks are the same except they are initialised with a
+call to
+.Fn BN_GENCB_set_old
+and
+.Fa callback
+is of type
+.Vt void (*callback)(int, int, void *) .
+.Pp
+A callback is invoked through a call to
+.Fn BN_GENCB_call .
+This will check the type of the callback and will invoke
+.Fn callback a b gencb
+for new style callbacks or
+.Fn callback a b cb_arg
+for old style.
+.Pp
+.Fn BN_generate_prime
+(deprecated) works in the same way as
+.Fn BN_generate_prime_ex
+but expects an old style callback function directly in the
+.Fa callback
+parameter, and an argument to pass to it in the
+.Fa cb_arg .
+Similarly
+.Fn BN_is_prime
+and
+.Fn BN_is_prime_fasttest
+are deprecated and can be compared to
+.Fn BN_is_prime_ex
+and
+.Fn BN_is_prime_fasttest_ex
+respectively.
+.Sh RETURN VALUES
+.Fn BN_generate_prime_ex
+returns 1 on success or 0 on error.
+.Pp
+.Fn BN_is_prime_ex ,
+.Fn BN_is_prime_fasttest_ex ,
+.Fn BN_is_prime ,
+and
+.Fn BN_is_prime_fasttest
+return 0 if the number is composite, 1 if it is prime with an error
+probability of less than
+.Pf 0.25^ Fa nchecks ,
+and -1 on error.
+.Pp
+.Fn BN_generate_prime
+returns the prime number on success,
+.Dv NULL
+otherwise.
+.Pp
+Callback functions should return 1 on success or 0 on error.
+.Pp
+The error codes can be obtained by
+.Xr ERR_get_error 3 .
+.Sh SEE ALSO
+.Xr bn 3 ,
+.Xr ERR_get_error 3 ,
+.Xr rand 3
+.Sh HISTORY
+The
+.Fa cb_arg
+arguments to
+.Fn BN_generate_prime
+and to
+.Fn BN_is_prime
+were added in SSLeay 0.9.0.
+The
+.Fa ret
+argument to
+.Fn BN_generate_prime
+was added in SSLeay 0.9.1.
+.Fn BN_is_prime_fasttest
+was added in OpenSSL 0.9.5.
diff --git a/src/lib/libcrypto/man/BN_mod_inverse.3 b/src/lib/libcrypto/man/BN_mod_inverse.3
new file mode 100644
index 0000000000..db63269fb8
--- /dev/null
+++ b/src/lib/libcrypto/man/BN_mod_inverse.3
@@ -0,0 +1,59 @@
+.Dd $Mdocdate: February 23 2015 $
+.Dt BN_MOD_INVERSE 3
+.Os
+.Sh NAME
+.Nm BN_mod_inverse
+.Nd compute inverse modulo n
+.Sh SYNOPSIS
+.In openssl/bn.h
+.Ft BIGNUM *
+.Fo BN_mod_inverse
+.Fa "BIGNUM *r"
+.Fa "BIGNUM *a"
+.Fa "const BIGNUM *n"
+.Fa "BN_CTX *ctx"
+.Fc
+.Sh DESCRIPTION
+.Fn BN_mod_inverse
+computes the inverse of
+.Fa a
+modulo
+.Fa n
+add places the result in
+.Fa r
+.Pq Li (a*r)%n==1 .
+If
+.Fa r
+is
+.Dv NULL ,
+a new
+.Vt BIGNUM
+is created.
+.Pp
+.Fa ctx
+is a previously allocated
+.Vt BN_CTX
+used for temporary variables.
+.Fa r
+may be the same
+.Vt BIGNUM
+as
+.Fa a
+or
+.Fa n .
+.Sh RETURN VALUES
+.Fn BN_mod_inverse
+returns the
+.Vt BIGNUM
+containing the inverse, or
+.Dv NULL
+on error.
+The error codes can be obtained by
+.Xr ERR_get_error 3 .
+.Sh SEE ALSO
+.Xr bn 3 ,
+.Xr BN_add 3 ,
+.Xr ERR_get_error 3
+.Sh HISTORY
+.Fn BN_mod_inverse
+is available in all versions of SSLeay and OpenSSL.
diff --git a/src/lib/libcrypto/man/BN_mod_mul_montgomery.3 b/src/lib/libcrypto/man/BN_mod_mul_montgomery.3
new file mode 100644
index 0000000000..ac120f3c02
--- /dev/null
+++ b/src/lib/libcrypto/man/BN_mod_mul_montgomery.3
@@ -0,0 +1,181 @@
+.Dd $Mdocdate: February 23 2015 $
+.Dt BN_MOD_MUL_MONTGOMERY 3
+.Os
+.Sh NAME
+.Nm BN_mod_mul_montgomery ,
+.Nm BN_MONT_CTX_new ,
+.Nm BN_MONT_CTX_init ,
+.Nm BN_MONT_CTX_free ,
+.Nm BN_MONT_CTX_set ,
+.Nm BN_MONT_CTX_copy ,
+.Nm BN_from_montgomery ,
+.Nm BN_to_montgomery
+.Nd Montgomery multiplication
+.Sh SYNOPSIS
+.In openssl/bn.h
+.Ft BN_MONT_CTX *
+.Fo BN_MONT_CTX_new
+.Fa void
+.Fc
+.Ft void
+.Fo BN_MONT_CTX_init
+.Fa "BN_MONT_CTX *ctx"
+.Fc
+.Ft void
+.Fo BN_MONT_CTX_free
+.Fa "BN_MONT_CTX *mont"
+.Fc
+.Ft int
+.Fo BN_MONT_CTX_set
+.Fa "BN_MONT_CTX *mont"
+.Fa "const BIGNUM *m"
+.Fa "BN_CTX *ctx"
+.Fc
+.Ft BN_MONT_CTX *
+.Fo BN_MONT_CTX_copy
+.Fa "BN_MONT_CTX *to"
+.Fa "BN_MONT_CTX *from"
+.Fc
+.Ft int
+.Fo BN_mod_mul_montgomery
+.Fa "BIGNUM *r"
+.Fa "BIGNUM *a"
+.Fa "BIGNUM *b"
+.Fa "BN_MONT_CTX *mont"
+.Fa "BN_CTX *ctx"
+.Fc
+.Ft int
+.Fo BN_from_montgomery
+.Fa "BIGNUM *r"
+.Fa "BIGNUM *a"
+.Fa "BN_MONT_CTX *mont"
+.Fa "BN_CTX *ctx"
+.Fc
+.Ft int
+.Fo BN_to_montgomery
+.Fa "BIGNUM *r"
+.Fa "BIGNUM *a"
+.Fa "BN_MONT_CTX *mont"
+.Fa "BN_CTX *ctx"
+.Fc
+.Sh DESCRIPTION
+These functions implement Montgomery multiplication.
+They are used automatically when
+.Xr BN_mod_exp 3
+is called with suitable input, but they may be useful when several
+operations are to be performed using the same modulus.
+.Pp
+.Fn BN_MONT_CTX_new
+allocates and initializes a
+.Vt BN_MONT_CTX
+structure.
+.Fn BN_MONT_CTX_init
+initializes an existing uninitialized
+.Vt BN_MONT_CTX .
+.Pp
+.Fn BN_MONT_CTX_set
+sets up the
+.Fa mont
+structure from the modulus
+.Fa m
+by precomputing its inverse and a value R.
+.Pp
+.Fn BN_MONT_CTX_copy
+copies the
+.Vt BN_MONT_CTX
+.Fa from
+to
+.Fa to .
+.Pp
+.Fn BN_MONT_CTX_free
+frees the components of the
+.Vt BN_MONT_CTX ,
+and, if it was created by
+.Fn BN_MONT_CTX_new ,
+also the structure itself.
+.Pp
+.Fn BN_mod_mul_montgomery
+computes
+.Pp
+.D1 Mont Ns Po Fa a , Fa b Pc := Fa a No * Fa b No * R^-1
+.Pp
+and places the result in
+.Fa r .
+.Pp
+.Fn BN_from_montgomery
+performs the Montgomery reduction
+.Pp
+.D1 Fa r No = Fa a No * R^-1.
+.Pp
+.Fn BN_to_montgomery
+computes
+.Pp
+.D1 Mont Ns Po Fa a , No R^2 Pc = Fa a No * R .
+.Pp
+Note that
+.Fa a
+must be non-negative and smaller than the modulus.
+.Pp
+For all functions,
+.Fa ctx
+is a previously allocated
+.Vt BN_CTX
+used for temporary variables.
+.Pp
+The
+.Vt BN_MONT_CTX
+structure is defined as follows:
+.Bd -literal
+typedef struct bn_mont_ctx_st {
+        int ri;         /* number of bits in R */
+        BIGNUM RR;      /* R^2 (used to convert to Montgomery form) */
+        BIGNUM N;       /* The modulus */
+        BIGNUM Ni;      /* R*(1/R mod N) - N*Ni = 1
+                         * (Ni is only stored for bignum algorithm) */
+        BN_ULONG n0;    /* least significant word of Ni */
+        int flags;
+} BN_MONT_CTX;
+.Ed
+.Pp
+.Fn BN_to_montgomery
+is a macro.
+.Pp
+.Sy Warning:
+The inputs must be reduced modulo
+.Fa m ,
+otherwise the result will be outside the expected range.
+.Sh RETURN VALUES
+.Fn BN_MONT_CTX_new
+returns the newly allocated
+.Vt BN_MONT_CTX ,
+and
+.Dv NULL
+on error.
+.Pp
+.Fn BN_MONT_CTX_init
+and
+.Fn BN_MONT_CTX_free
+return no values.
+.Pp
+For the other functions, 1 is returned for success, 0 on error.
+The error codes can be obtained by
+.Xr ERR_get_error 3 .
+.Sh SEE ALSO
+.Xr bn 3 ,
+.Xr BN_add 3 ,
+.Xr BN_CTX_new 3 ,
+.Xr ERR_get_error 3
+.Sh HISTORY
+.Fn BN_MONT_CTX_new ,
+.Fn BN_MONT_CTX_free ,
+.Fn BN_MONT_CTX_set ,
+.Fn BN_mod_mul_montgomery ,
+.Fn BN_from_montgomery
+and
+.Fn BN_to_montgomery
+are available in all versions of SSLeay and OpenSSL.
+.Pp
+.Fn BN_MONT_CTX_init
+and
+.Fn BN_MONT_CTX_copy
+were added in SSLeay 0.9.1b.
diff --git a/src/lib/libcrypto/man/BN_mod_mul_reciprocal.3 b/src/lib/libcrypto/man/BN_mod_mul_reciprocal.3
new file mode 100644
index 0000000000..ceb1ffae5b
--- /dev/null
+++ b/src/lib/libcrypto/man/BN_mod_mul_reciprocal.3
@@ -0,0 +1,147 @@
+.Dd $Mdocdate: February 23 2015 $
+.Dt BN_MOD_MUL_RECIPROCAL 3
+.Os
+.Sh NAME
+.Nm BN_mod_mul_reciprocal ,
+.Nm BN_div_recp ,
+.Nm BN_RECP_CTX_new ,
+.Nm BN_RECP_CTX_init ,
+.Nm BN_RECP_CTX_free ,
+.Nm BN_RECP_CTX_set
+.Nd modular multiplication using reciprocal
+.Sh SYNOPSIS
+.In openssl/bn.h
+.Ft BN_RECP_CTX *
+.Fo BN_RECP_CTX_new
+.Fa void
+.Fc
+.Ft void
+.Fo BN_RECP_CTX_init
+.Fa "BN_RECP_CTX *recp"
+.Fc
+.Ft void
+.Fo BN_RECP_CTX_free
+.Fa "BN_RECP_CTX *recp"
+.Fc
+.Ft int
+.Fo BN_RECP_CTX_set
+.Fa "BN_RECP_CTX *recp"
+.Fa "const BIGNUM *m"
+.Fa "BN_CTX *ctx"
+.Fc
+.Ft int
+.Fo BN_div_recp
+.Fa "BIGNUM *dv"
+.Fa "BIGNUM *rem"
+.Fa "BIGNUM *a"
+.Fa "BN_RECP_CTX *recp"
+.Fa "BN_CTX *ctx"
+.Fc
+.Ft int
+.Fo BN_mod_mul_reciprocal
+.Fa "BIGNUM *r"
+.Fa "BIGNUM *a"
+.Fa "BIGNUM *b"
+.Fa "BN_RECP_CTX *recp"
+.Fa "BN_CTX *ctx"
+.Fc
+.Sh DESCRIPTION
+.Fn BN_mod_mul_reciprocal
+can be used to perform an efficient
+.Xr BN_mod_mul 3
+operation when the operation will be performed repeatedly with the same
+modulus.
+It computes
+.Fa r Ns =( Ns Fa a Ns * Ns Fa b Ns )% Ns Fa m
+using
+.Fa recp Ns =1/ Ns Fa m ,
+which is set as described below.
+.Fa ctx
+is a previously allocated
+.Vt BN_CTX
+used for temporary variables.
+.Pp
+.Fn BN_RECP_CTX_new
+allocates and initializes a
+.Vt BN_RECP_CTX
+structure.
+.Fn BN_RECP_CTX_init
+initializes an existing uninitialized
+.Vt BN_RECP_CTX .
+.Pp
+.Fn BN_RECP_CTX_free
+frees the components of the
+.Vt BN_RECP_CTX ,
+and, if it was created by
+.Fn BN_RECP_CTX_new ,
+also the structure itself.
+.Pp
+.Fn BN_RECP_CTX_set
+stores
+.Fa m
+in
+.Fa recp
+and sets it up for computing
+.Pf 1/ Fa m
+and shifting it left by
+.Fn BN_num_bits m Ns +1
+to make it an integer.
+The result and the number of bits it was shifted left will later be
+stored in
+.Fa recp .
+.Pp
+.Fn BN_div_recp
+divides
+.Fa a
+by
+.Fa m
+using
+.Fa recp .
+It places the quotient in
+.Fa dv
+and the remainder in
+.Fa rem .
+.Pp
+The
+.Vt BN_RECP_CTX
+structure is defined as follows:
+.Bd -literal
+typedef struct bn_recp_ctx_st {
+        BIGNUM N;       /* the divisor */
+        BIGNUM Nr;      /* the reciprocal */
+        int num_bits;
+        int shift;
+        int flags;
+} BN_RECP_CTX;
+.Ed
+.Pp
+It cannot be shared between threads.
+.Sh RETURN VALUES
+.Fn BN_RECP_CTX_new
+returns the newly allocated
+.Vt BN_RECP_CTX ,
+or
+.Dv NULL
+on error.
+.Pp
+.Fn BN_RECP_CTX_init
+and
+.Fn BN_RECP_CTX_free
+return no values.
+.Pp
+For the other functions, 1 is returned for success, 0 on error.
+The error codes can be obtained by
+.Xr ERR_get_error 3 .
+.Sh SEE ALSO
+.Xr bn 3 ,
+.Xr BN_add 3 ,
+.Xr BN_CTX_new 3 ,
+.Xr ERR_get_error 3
+.Sh HISTORY
+.Vt BN_RECP_CTX
+was added in SSLeay 0.9.0.
+Before that, a function
+.Fn BN_reciprocal
+was used instead, and the
+.Fn BN_mod_mul_reciprocal
+arguments were different.
diff --git a/src/lib/libcrypto/man/BN_new.3 b/src/lib/libcrypto/man/BN_new.3
new file mode 100644
index 0000000000..ad8ce886d9
--- /dev/null
+++ b/src/lib/libcrypto/man/BN_new.3
@@ -0,0 +1,84 @@
+.Dd $Mdocdate: February 23 2015 $
+.Dt BN_NEW 3
+.Os
+.Sh NAME
+.Nm BN_new ,
+.Nm BN_init ,
+.Nm BN_clear ,
+.Nm BN_free ,
+.Nm BN_clear_free
+.Nd allocate and free BIGNUMs
+.Sh SYNOPSIS
+.In openssl/bn.h
+.Ft BIGNUM *
+.Fo BN_new
+.Fa void
+.Fc
+.Ft void
+.Fo BN_init
+.Fa "BIGNUM *"
+.Fc
+.Ft void
+.Fo BN_clear
+.Fa "BIGNUM *a"
+.Fc
+.Ft void
+.Fo BN_free
+.Fa "BIGNUM *a"
+.Fc
+.Ft void
+.Fo BN_clear_free
+.Fa "BIGNUM *a"
+.Fc
+.Sh DESCRIPTION
+.Fn BN_new
+allocates and initializes a
+.Vt BIGNUM
+structure.
+.Fn BN_init
+initializes an existing uninitialized
+.Vt BIGNUM .
+.Pp
+.Fn BN_clear
+is used to destroy sensitive data such as keys when they are no longer
+needed.
+It erases the memory used by
+.Fa a
+and sets it to the value 0.
+.Pp
+.Fn BN_free
+frees the components of the
+.Vt BIGNUM ,
+and if it was created by
+.Fn BN_new ,
+also the structure itself.
+.Fn BN_clear_free
+additionally overwrites the data before the memory is returned to the
+system.
+.Sh RETURN VALUES
+.Fn BN_new
+returns a pointer to the
+.Vt BIGNUM .
+If the allocation fails, it returns
+.Dv NULL
+and sets an error code that can be obtained by
+.Xr ERR_get_error 3 .
+.Pp
+.Fn BN_init ,
+.Fn BN_clear ,
+.Fn BN_free ,
+and
+.Fn BN_clear_free
+return no values.
+.Sh SEE ALSO
+.Xr bn 3 ,
+.Xr ERR_get_error 3
+.Sh HISTORY
+.Fn BN_new ,
+.Fn BN_clear ,
+.Fn BN_free ,
+and
+.Fn BN_clear_free
+are available in all versions on SSLeay and OpenSSL.
+.Fn BN_init
+was added in SSLeay 0.9.1b.
diff --git a/src/lib/libcrypto/man/BN_num_bytes.3 b/src/lib/libcrypto/man/BN_num_bytes.3
new file mode 100644
index 0000000000..2d7be7e443
--- /dev/null
+++ b/src/lib/libcrypto/man/BN_num_bytes.3
@@ -0,0 +1,76 @@
+.Dd $Mdocdate: February 23 2015 $
+.Dt BN_NUM_BYTES 3
+.Os
+.Sh NAME
+.Nm BN_num_bits ,
+.Nm BN_num_bytes ,
+.Nm BN_num_bits_word
+.Nd get BIGNUM size
+.Sh SYNOPSIS
+.In openssl/bn.h
+.Ft int
+.Fo BN_num_bytes
+.Fa "const BIGNUM *a"
+.Fc
+.Ft int
+.Fo BN_num_bits
+.Fa "const BIGNUM *a"
+.Fc
+.Ft int
+.Fo BN_num_bits_word
+.Fa "BN_ULONG w"
+.Fc
+.Sh DESCRIPTION
+.Fn BN_num_bytes
+returns the size of a
+.Sy BIGNUM
+in bytes.
+.Pp
+.Fn BN_num_bits_word
+returns the number of significant bits in a word.
+If we take 0x00000432 as an example, it returns 11, not 16, not 32.
+Basically, except for a zero, it returns
+.Pp
+.D1 floor(log2( Ns Fa w ) ) No + 1 .
+.Pp
+.Fn BN_num_bits
+returns the number of significant bits in a
+.Sy BIGNUM ,
+following the same principle as
+.Fn BN_num_bits_word .
+.Pp
+.Fn BN_num_bytes
+is a macro.
+.Sh RETURN VALUES
+The size.
+.Sh NOTES
+Some have tried using
+.Fn BN_num_bits
+on individual numbers in RSA keys, DH keys and DSA keys, and found that
+they don't always come up with the number of bits they expected
+(something like 512, 1024, 2048, ...). This is because generating a
+number with some specific number of bits doesn't always set the highest
+bits, thereby making the number of
+.Em significant
+bits a little lower.
+If you want to know the "key size" of such a key, either use functions
+like
+.Xr RSA_size 3 ,
+.Xr DH_size 3 ,
+and
+.Xr DSA_size 3 ,
+or use
+.Fn BN_num_bytes
+and multiply with 8 (although there's no real guarantee that will match
+the "key size", just a lot more probability).
+.Sh SEE ALSO
+.Xr bn 3 ,
+.Xr DH_size 3 ,
+.Xr DSA_size 3 ,
+.Xr RSA_size 3
+.Sh HISTORY
+.Fn BN_num_bytes ,
+.Fn BN_num_bits ,
+and
+.Fn BN_num_bits_word
+are available in all versions of SSLeay and OpenSSL.
diff --git a/src/lib/libcrypto/man/BN_rand.3 b/src/lib/libcrypto/man/BN_rand.3
new file mode 100644
index 0000000000..5ae9e9d791
--- /dev/null
+++ b/src/lib/libcrypto/man/BN_rand.3
@@ -0,0 +1,93 @@
+.Dd $Mdocdate: February 23 2015 $
+.Dt BN_RAND 3
+.Os
+.Sh NAME
+.Nm BN_rand ,
+.Nm BN_pseudo_rand ,
+.Nm BN_rand_range ,
+.Nm BN_pseudo_rand_range
+.Nd generate pseudo-random number
+.Sh SYNOPSIS
+.In openssl/bn.h
+.Ft int
+.Fo BN_rand
+.Fa "BIGNUM *rnd"
+.Fa "int bits"
+.Fa "int top"
+.Fa "int bottom"
+.Fc
+.Ft int
+.Fo BN_pseudo_rand
+.Fa "BIGNUM *rnd"
+.Fa "int bits"
+.Fa "int top"
+.Fa "int bottom"
+.Fc
+.Ft int
+.Fo BN_rand_range
+.Fa "BIGNUM *rnd"
+.Fa "BIGNUM *range"
+.Fc
+.Ft int
+.Fo BN_pseudo_rand_range
+.Fa "BIGNUM *rnd"
+.Fa "BIGNUM *range"
+.Fc
+.Sh DESCRIPTION
+.Fn BN_rand
+generates a cryptographically strong pseudo-random number of
+.Fa bits
+bits in length and stores it in
+.Fa rnd .
+If
+.Fa top
+is -1, the most significant bit of the random number can be zero.
+If
+.Fa top
+is 0, it is set to 1, and if
+.Fa top
+is 1, the two most significant bits of the number will be set to 1, so
+that the product of two such random numbers will always have
+.Pf 2* Fa bits
+length.
+If
+.Fa bottom
+is true, the number will be odd.
+.Pp
+.Fn BN_pseudo_rand
+does the same, but pseudo-random numbers generated by this function are
+not necessarily unpredictable.
+They can be used for non-cryptographic purposes and for certain purposes
+in cryptographic protocols, but usually not for key generation etc.
+.Pp
+.Fn BN_rand_range
+generates a cryptographically strong pseudo-random number
+.Fa rnd
+in the range 0 <=
+.Fa rnd No < Fa range .
+.Fn BN_pseudo_rand_range
+does the same, but is based on
+.Fn BN_pseudo_rand ,
+and hence numbers generated by it are not necessarily unpredictable.
+.Sh RETURN VALUES
+The functions return 1 on success, 0 on error.
+The error codes can be obtained by
+.Xr ERR_get_error 3 .
+.Sh SEE ALSO
+.Xr bn 3 ,
+.Xr ERR_get_error 3 ,
+.Xr rand 3 ,
+.Xr RAND_add 3 ,
+.Xr RAND_bytes 3
+.Sh HISTORY
+.Fn BN_rand
+is available in all versions of SSLeay and OpenSSL.
+.Fn BN_pseudo_rand
+was added in OpenSSL 0.9.5.
+The
+.Fa top
+== -1 case and the function
+.Fn BN_rand_range
+were added in OpenSSL 0.9.6a.
+.Fn BN_pseudo_rand_range
+was added in OpenSSL 0.9.6c.
diff --git a/src/lib/libcrypto/man/BN_set_bit.3 b/src/lib/libcrypto/man/BN_set_bit.3
new file mode 100644
index 0000000000..4a199cd0d0
--- /dev/null
+++ b/src/lib/libcrypto/man/BN_set_bit.3
@@ -0,0 +1,157 @@
+.Dd $Mdocdate: February 23 2015 $
+.Dt BN_SET_BIT 3
+.Os
+.Sh NAME
+.Nm BN_set_bit ,
+.Nm BN_clear_bit ,
+.Nm BN_is_bit_set ,
+.Nm BN_mask_bits ,
+.Nm BN_lshift ,
+.Nm BN_lshift1 ,
+.Nm BN_rshift ,
+.Nm BN_rshift1
+.Nd bit operations on BIGNUMs
+.Sh SYNOPSIS
+.In openssl/bn.h
+.Ft int
+.Fo BN_set_bit
+.Fa "BIGNUM *a"
+.Fa "int n"
+.Fc
+.Ft int
+.Fo BN_clear_bit
+.Fa "BIGNUM *a"
+.Fa "int n"
+.Fc
+.Ft int
+.Fo BN_is_bit_set
+.Fa "const BIGNUM *a"
+.Fa "int n"
+.Fc
+.Ft int
+.Fo BN_mask_bits
+.Fa "BIGNUM *a"
+.Fa "int n"
+.Fc
+.Ft int
+.Fo BN_lshift
+.Fa "BIGNUM *r"
+.Fa "const BIGNUM *a"
+.Fa "int n"
+.Fc
+.Ft int
+.Fo BN_lshift1
+.Fa "BIGNUM *r"
+.Fa "BIGNUM *a"
+.Fc
+.Ft int
+.Fo BN_rshift
+.Fa "BIGNUM *r"
+.Fa "BIGNUM *a"
+.Fa "int n"
+.Fc
+.Ft int
+.Fo BN_rshift1
+.Fa "BIGNUM *r"
+.Fa "BIGNUM *a"
+.Fc
+.Sh DESCRIPTION
+.Fn BN_set_bit
+sets bit
+.Fa n
+in
+.Fa a
+to 1
+.Pq Li a|=(1<<n) .
+The number is expanded if necessary.
+.Pp
+.Fn BN_clear_bit
+sets bit
+.Fa n
+in
+.Fa a
+to 0
+.Pq Li a&=~(1<<n) .
+An error occurs if
+.Fa a
+is shorter than
+.Fa n
+bits.
+.Pp
+.Fn BN_is_bit_set
+tests if bit
+.Fa n
+in
+.Fa a
+is set.
+.Pp
+.Fn BN_mask_bits
+truncates
+.Fa a
+to an
+.Fa n
+bit number
+.Pq Li a&=~((~0)>>n) .
+An error occurs if
+.Fa a
+already is shorter than
+.Fa n
+bits.
+.Pp
+.Fn BN_lshift
+shifts
+.Fa a
+left by
+.Fa n
+bits and places the result in
+.Fa r
+.Pq Li r=a*2^n .
+.Fn BN_lshift1
+shifts
+.Fa a
+left by one and places the result in
+.Fa r
+.Pq Li r=2*a .
+.Pp
+.Fn BN_rshift
+shifts
+.Fa a
+right by
+.Fa n
+bits and places the result in
+.Fa r
+.Pq Li r=a/2^n .
+.Fn BN_rshift1
+shifts
+.Fa a
+right by one and places the result in
+.Fa r
+.Pq Li r=a/2 .
+.Pp
+For the shift functions,
+.Fa r
+and
+.Fa a
+may be the same variable.
+.Sh RETURN VALUES
+.Fn BN_is_bit_set
+returns 1 if the bit is set, 0 otherwise.
+.Pp
+All other functions return 1 for success, 0 on error.
+The error codes can be obtained by
+.Xr ERR_get_error 3 .
+.Sh SEE ALSO
+.Xr bn 3 ,
+.Xr BN_add 3 ,
+.Xr BN_num_bytes 3
+.Sh HISTORY
+.Fn BN_set_bit ,
+.Fn BN_clear_bit ,
+.Fn BN_is_bit_set ,
+.Fn BN_mask_bits ,
+.Fn BN_lshift ,
+.Fn BN_lshift1 ,
+.Fn BN_rshift ,
+and
+.Fn BN_rshift1
+are available in all versions of SSLeay and OpenSSL.
diff --git a/src/lib/libcrypto/man/BN_swap.3 b/src/lib/libcrypto/man/BN_swap.3
new file mode 100644
index 0000000000..b252261067
--- /dev/null
+++ b/src/lib/libcrypto/man/BN_swap.3
@@ -0,0 +1,23 @@
+.Dd $Mdocdate: February 23 2015 $
+.Dt BN_SWAP 3
+.Os
+.Sh NAME
+.Nm BN_swap
+.Nd exchange BIGNUMs
+.Sh SYNOPSIS
+.In openssl/bn.h
+.Ft void
+.Fo BN_swap
+.Fa "BIGNUM *a"
+.Fa "BIGNUM *b"
+.Fc
+.Sh DESCRIPTION
+.Fn BN_swap
+exchanges the values of
+.Fa a
+and
+.Fa b .
+.Sh SEE ALSO
+.Xr bn 3
+.Sh HISTORY
+BN_swap was added in OpenSSL 0.9.7.
diff --git a/src/lib/libcrypto/man/BN_zero.3 b/src/lib/libcrypto/man/BN_zero.3
new file mode 100644
index 0000000000..adfd6a0c65
--- /dev/null
+++ b/src/lib/libcrypto/man/BN_zero.3
@@ -0,0 +1,101 @@
+.Dd $Mdocdate: February 23 2015 $
+.Dt BN_ZERO 3
+.Os
+.Sh NAME
+.Nm BN_zero ,
+.Nm BN_one ,
+.Nm BN_value_one ,
+.Nm BN_set_word ,
+.Nm BN_get_word
+.Nd BIGNUM assignment operations
+.Sh SYNOPSIS
+.In openssl/bn.h
+.Ft int
+.Fo BN_zero
+.Fa "BIGNUM *a"
+.Fc
+.Ft int
+.Fo BN_one
+.Fa "BIGNUM *a"
+.Fc
+.Ft const BIGNUM *
+.Fo BN_value_one
+.Fa void
+.Fc
+.Ft int
+.Fo BN_set_word
+.Fa "BIGNUM *a"
+.Fa "unsigned long w"
+.Fc
+.Ft unsigned long
+.Fo BN_get_word
+.Fa "BIGNUM *a"
+.Fc
+.Sh DESCRIPTION
+.Fn BN_zero ,
+.Fn BN_one ,
+and
+.Fn BN_set_word
+set
+.Fa a
+to the values 0, 1 and
+.Fa w
+respectively.
+.Fn BN_zero
+and
+.Fn BN_one
+are macros.
+.Pp
+.Fn BN_value_one
+returns a
+.Vt BIGNUM
+constant of value 1.
+This constant is useful for use in comparisons and assignment.
+.Pp
+.Fn BN_get_word
+returns
+.Fa a
+if it can be represented as an
+.Vt unsigned long .
+.Sh RETURN VALUES
+.Fn BN_get_word
+returns the value
+.Fa a ,
+or 0xffffffffL if
+.Fa a
+cannot be represented as an
+.Vt unsigned long .
+.Pp
+.Fn BN_zero ,
+.Fn BN_one ,
+and
+.Fn BN_set_word
+return 1 on success, 0 otherwise.
+.Fn BN_value_one
+returns the constant.
+.Sh SEE ALSO
+.Xr bn 3 ,
+.Xr BN_bn2bin 3
+.Sh HISTORY
+.Fn BN_zero ,
+.Fn BN_one ,
+and
+.Fn BN_set_word
+are available in all versions of SSLeay and OpenSSL.
+.Fn BN_value_one
+and
+.Fn BN_get_word
+were added in SSLeay 0.8.
+.Pp
+.Fn BN_value_one
+was changed to return a true
+.Vt const BIGNUM *
+in OpenSSL 0.9.7.
+.Sh BUGS
+Someone might change the constant.
+.Pp
+If a
+.Vt BIGNUM
+is equal to 0xffffffffL it can be represented as an
+.Vt unsigned long
+but this value is also returned on error.
diff --git a/src/lib/libcrypto/man/Makefile b/src/lib/libcrypto/man/Makefile
index 2ac6e5b6f6..bce02f647f 100644
--- a/src/lib/libcrypto/man/Makefile
+++ b/src/lib/libcrypto/man/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.18 2015/02/16 16:42:14 schwarze Exp $
+# $OpenBSD: Makefile,v 1.19 2015/02/23 17:43:24 schwarze Exp $
 .include <bsd.own.mk>           # for NOMAN
@@ -33,8 +33,6 @@ MAN=	\
        BIO_s_socket.3 \
        BIO_set_callback.3 \
        BIO_should_retry.3 \
-GENMAN= \
        BN_BLINDING_new.3 \
        BN_CTX_new.3 \
        BN_CTX_start.3 \
@@ -53,6 +51,8 @@ GENMAN= \
        BN_set_bit.3 \
        BN_swap.3 \
        BN_zero.3 \
+GENMAN= \
        BUF_MEM_new.3 \
        CONF_modules_free.3 \
        CONF_modules_load_file.3 \
diff --git a/src/lib/libssl/src/doc/crypto/BN_BLINDING_new.pod b/src/lib/libssl/src/doc/crypto/BN_BLINDING_new.pod
deleted file mode 100644
index 1c586ac54e..0000000000
--- a/src/lib/libssl/src/doc/crypto/BN_BLINDING_new.pod
+++ /dev/null
@@ -1,115 +0,0 @@
-=pod
-=head1 NAME
-BN_BLINDING_new, BN_BLINDING_free, BN_BLINDING_update, BN_BLINDING_convert,
-BN_BLINDING_invert, BN_BLINDING_convert_ex, BN_BLINDING_invert_ex,
-BN_BLINDING_get_thread_id, BN_BLINDING_set_thread_id, BN_BLINDING_thread_id,
-BN_BLINDING_get_flags, BN_BLINDING_set_flags,
-BN_BLINDING_create_param - blinding related BIGNUM functions.
-=head1 SYNOPSIS
- #include <openssl/bn.h>
- BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai,
-        BIGNUM *mod);
- void BN_BLINDING_free(BN_BLINDING *b);
- int BN_BLINDING_update(BN_BLINDING *b,BN_CTX *ctx);
- int BN_BLINDING_convert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx);
- int BN_BLINDING_invert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx);
- int BN_BLINDING_convert_ex(BIGNUM *n, BIGNUM *r, BN_BLINDING *b,
-        BN_CTX *ctx);
- int BN_BLINDING_invert_ex(BIGNUM *n, const BIGNUM *r, BN_BLINDING *b,
-        BN_CTX *ctx);
- #ifndef OPENSSL_NO_DEPRECATED
- unsigned long BN_BLINDING_get_thread_id(const BN_BLINDING *);
- void BN_BLINDING_set_thread_id(BN_BLINDING *, unsigned long);
- #endif
- CRYPTO_THREADID *BN_BLINDING_thread_id(BN_BLINDING *);
- unsigned long BN_BLINDING_get_flags(const BN_BLINDING *);
- void BN_BLINDING_set_flags(BN_BLINDING *, unsigned long);
- BN_BLINDING *BN_BLINDING_create_param(BN_BLINDING *b,
-        const BIGNUM *e, BIGNUM *m, BN_CTX *ctx,
-        int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
-                          const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx),
-        BN_MONT_CTX *m_ctx);
-=head1 DESCRIPTION
-BN_BLINDING_new() allocates a new B<BN_BLINDING> structure and copies
-the B<A> and B<Ai> values into the newly created B<BN_BLINDING> object.
-BN_BLINDING_free() frees the B<BN_BLINDING> structure.
-BN_BLINDING_update() updates the B<BN_BLINDING> parameters by squaring
-the B<A> and B<Ai> or, after specific number of uses and if the
-necessary parameters are set, by re-creating the blinding parameters.
-BN_BLINDING_convert_ex() multiplies B<n> with the blinding factor B<A>.
-If B<r> is not NULL a copy the inverse blinding factor B<Ai> will be
-returned in B<r> (this is useful if a B<RSA> object is shared among
-several threads). BN_BLINDING_invert_ex() multiplies B<n> with the
-inverse blinding factor B<Ai>. If B<r> is not NULL it will be used as
-the inverse blinding.
-BN_BLINDING_convert() and BN_BLINDING_invert() are wrapper
-functions for BN_BLINDING_convert_ex() and BN_BLINDING_invert_ex()
-with B<r> set to NULL.
-BN_BLINDING_thread_id() provides access to the B<CRYPTO_THREADID>
-object within the B<BN_BLINDING> structure. This is to help users
-provide proper locking if needed for multi-threaded use. The "thread
-id" object of a newly allocated B<BN_BLINDING> structure is
-initialised to the thread id in which BN_BLINDING_new() was called.
-BN_BLINDING_get_flags() returns the BN_BLINDING flags. Currently
-there are two supported flags: B<BN_BLINDING_NO_UPDATE> and
-B<BN_BLINDING_NO_RECREATE>. B<BN_BLINDING_NO_UPDATE> inhibits the
-automatic update of the B<BN_BLINDING> parameters after each use
-and B<BN_BLINDING_NO_RECREATE> inhibits the automatic re-creation
-of the B<BN_BLINDING> parameters after a fixed number of uses (currently
-32). In newly allocated B<BN_BLINDING> objects no flags are set.
-BN_BLINDING_set_flags() sets the B<BN_BLINDING> parameters flags.
-BN_BLINDING_create_param() creates new B<BN_BLINDING> parameters
-using the exponent B<e> and the modulus B<m>. B<bn_mod_exp> and
-B<m_ctx> can be used to pass special functions for exponentiation
-(normally BN_mod_exp_mont() and B<BN_MONT_CTX>).
-=head1 RETURN VALUES
-BN_BLINDING_new() returns the newly allocated B<BN_BLINDING> structure
-or NULL in case of an error.
-BN_BLINDING_update(), BN_BLINDING_convert(), BN_BLINDING_invert(),
-BN_BLINDING_convert_ex() and BN_BLINDING_invert_ex() return 1 on
-success and 0 if an error occured.
-BN_BLINDING_thread_id() returns a pointer to the thread id object
-within a B<BN_BLINDING> object.
-BN_BLINDING_get_flags() returns the currently set B<BN_BLINDING> flags
-(a B<unsigned long> value).
-BN_BLINDING_create_param() returns the newly created B<BN_BLINDING>
-parameters or NULL on error.
-=head1 SEE ALSO
-L<bn(3)|bn(3)>
-=head1 HISTORY
-BN_BLINDING_thread_id was first introduced in OpenSSL 1.0.0, and it
-deprecates BN_BLINDING_set_thread_id and BN_BLINDING_get_thread_id.
-BN_BLINDING_convert_ex, BN_BLINDIND_invert_ex, BN_BLINDING_get_thread_id,
-BN_BLINDING_set_thread_id, BN_BLINDING_set_flags, BN_BLINDING_get_flags
-and BN_BLINDING_create_param were first introduced in OpenSSL 0.9.8
-=head1 AUTHOR
-Nils Larsch for the OpenSSL project (http://www.openssl.org).
-=cut
diff --git a/src/lib/libssl/src/doc/crypto/BN_CTX_new.pod b/src/lib/libssl/src/doc/crypto/BN_CTX_new.pod
deleted file mode 100644
index bbedbb1778..0000000000
--- a/src/lib/libssl/src/doc/crypto/BN_CTX_new.pod
+++ /dev/null
@@ -1,57 +0,0 @@
-=pod
-=head1 NAME
-BN_CTX_new, BN_CTX_init, BN_CTX_free - allocate and free BN_CTX structures
-=head1 SYNOPSIS
- #include <openssl/bn.h>
- BN_CTX *BN_CTX_new(void);
- void BN_CTX_free(BN_CTX *c);
-Deprecated:
- void BN_CTX_init(BN_CTX *c);
-=head1 DESCRIPTION
-A B<BN_CTX> is a structure that holds B<BIGNUM> temporary variables used by
-library functions. Since dynamic memory allocation to create B<BIGNUM>s
-is rather expensive when used in conjunction with repeated subroutine
-calls, the B<BN_CTX> structure is used.
-BN_CTX_new() allocates and initializes a B<BN_CTX>
-structure. 
-BN_CTX_free() frees the components of the B<BN_CTX>, and if it was
-created by BN_CTX_new(), also the structure itself.
-If L<BN_CTX_start(3)|BN_CTX_start(3)> has been used on the B<BN_CTX>,
-L<BN_CTX_end(3)|BN_CTX_end(3)> must be called before the B<BN_CTX>
-may be freed by BN_CTX_free().
-BN_CTX_init() (deprecated) initializes an existing uninitialized B<BN_CTX>.
-This should not be used for new programs. Use BN_CTX_new() instead.
-=head1 RETURN VALUES
-BN_CTX_new() returns a pointer to the B<BN_CTX>. If the allocation fails,
-it returns B<NULL> and sets an error code that can be obtained by
-L<ERR_get_error(3)|ERR_get_error(3)>.
-BN_CTX_init() and BN_CTX_free() have no return values.
-=head1 SEE ALSO
-L<bn(3)|bn(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<BN_add(3)|BN_add(3)>,
-L<BN_CTX_start(3)|BN_CTX_start(3)>
-=head1 HISTORY
-BN_CTX_new() and BN_CTX_free() are available in all versions on SSLeay
-and OpenSSL. BN_CTX_init() was added in SSLeay 0.9.1b.
-=cut
diff --git a/src/lib/libssl/src/doc/crypto/BN_CTX_start.pod b/src/lib/libssl/src/doc/crypto/BN_CTX_start.pod
deleted file mode 100644
index dfcefe1a88..0000000000
--- a/src/lib/libssl/src/doc/crypto/BN_CTX_start.pod
+++ /dev/null
@@ -1,52 +0,0 @@
-=pod
-=head1 NAME
-BN_CTX_start, BN_CTX_get, BN_CTX_end - use temporary BIGNUM variables
-=head1 SYNOPSIS
- #include <openssl/bn.h>
- void BN_CTX_start(BN_CTX *ctx);
- BIGNUM *BN_CTX_get(BN_CTX *ctx);
- void BN_CTX_end(BN_CTX *ctx);
-=head1 DESCRIPTION
-These functions are used to obtain temporary B<BIGNUM> variables from
-a B<BN_CTX> (which can been created by using L<BN_CTX_new(3)|BN_CTX_new(3)>)
-in order to save the overhead of repeatedly creating and
-freeing B<BIGNUM>s in functions that are called from inside a loop.
-A function must call BN_CTX_start() first. Then, BN_CTX_get() may be
-called repeatedly to obtain temporary B<BIGNUM>s. All BN_CTX_get()
-calls must be made before calling any other functions that use the
-B<ctx> as an argument.
-Finally, BN_CTX_end() must be called before returning from the function.
-When BN_CTX_end() is called, the B<BIGNUM> pointers obtained from
-BN_CTX_get() become invalid.
-=head1 RETURN VALUES
-BN_CTX_start() and BN_CTX_end() return no values.
-BN_CTX_get() returns a pointer to the B<BIGNUM>, or B<NULL> on error.
-Once BN_CTX_get() has failed, the subsequent calls will return B<NULL>
-as well, so it is sufficient to check the return value of the last
-BN_CTX_get() call. In case of an error, an error code is set, which
-can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
-=head1 SEE ALSO
-L<BN_CTX_new(3)|BN_CTX_new(3)>
-=head1 HISTORY
-BN_CTX_start(), BN_CTX_get() and BN_CTX_end() were added in OpenSSL 0.9.5.
-=cut
diff --git a/src/lib/libssl/src/doc/crypto/BN_add.pod b/src/lib/libssl/src/doc/crypto/BN_add.pod
deleted file mode 100644
index 15b28d8334..0000000000
--- a/src/lib/libssl/src/doc/crypto/BN_add.pod
+++ /dev/null
@@ -1,127 +0,0 @@
-=pod
-=head1 NAME
-BN_add, BN_sub, BN_mul, BN_sqr, BN_div, BN_mod, BN_nnmod, BN_mod_add,
-BN_mod_sub, BN_mod_mul, BN_mod_sqr, BN_exp, BN_mod_exp, BN_gcd -
-arithmetic operations on BIGNUMs
-=head1 SYNOPSIS
- #include <openssl/bn.h>
- int BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
- int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
- int BN_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b, BN_CTX *ctx);
- int BN_sqr(BIGNUM *r, BIGNUM *a, BN_CTX *ctx);
- int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *a, const BIGNUM *d,
-         BN_CTX *ctx);
- int BN_mod(BIGNUM *rem, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx);
- int BN_nnmod(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx);
- int BN_mod_add(BIGNUM *r, BIGNUM *a, BIGNUM *b, const BIGNUM *m,
-         BN_CTX *ctx);
- int BN_mod_sub(BIGNUM *r, BIGNUM *a, BIGNUM *b, const BIGNUM *m,
-         BN_CTX *ctx);
- int BN_mod_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b, const BIGNUM *m,
-         BN_CTX *ctx);
- int BN_mod_sqr(BIGNUM *r, BIGNUM *a, const BIGNUM *m, BN_CTX *ctx);
- int BN_exp(BIGNUM *r, BIGNUM *a, BIGNUM *p, BN_CTX *ctx);
- int BN_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
-         const BIGNUM *m, BN_CTX *ctx);
- int BN_gcd(BIGNUM *r, BIGNUM *a, BIGNUM *b, BN_CTX *ctx);
-=head1 DESCRIPTION
-BN_add() adds I<a> and I<b> and places the result in I<r> (C<r=a+b>).
-I<r> may be the same B<BIGNUM> as I<a> or I<b>.
-BN_sub() subtracts I<b> from I<a> and places the result in I<r> (C<r=a-b>).
-BN_mul() multiplies I<a> and I<b> and places the result in I<r> (C<r=a*b>).
-I<r> may be the same B<BIGNUM> as I<a> or I<b>.
-For multiplication by powers of 2, use L<BN_lshift(3)|BN_lshift(3)>.
-BN_sqr() takes the square of I<a> and places the result in I<r>
-(C<r=a^2>). I<r> and I<a> may be the same B<BIGNUM>.
-This function is faster than BN_mul(r,a,a).
-BN_div() divides I<a> by I<d> and places the result in I<dv> and the
-remainder in I<rem> (C<dv=a/d, rem=a%d>). Either of I<dv> and I<rem> may
-be B<NULL>, in which case the respective value is not returned.
-The result is rounded towards zero; thus if I<a> is negative, the
-remainder will be zero or negative.
-For division by powers of 2, use BN_rshift(3).
-BN_mod() corresponds to BN_div() with I<dv> set to B<NULL>.
-BN_nnmod() reduces I<a> modulo I<m> and places the non-negative
-remainder in I<r>.
-BN_mod_add() adds I<a> to I<b> modulo I<m> and places the non-negative
-result in I<r>.
-BN_mod_sub() subtracts I<b> from I<a> modulo I<m> and places the
-non-negative result in I<r>.
-BN_mod_mul() multiplies I<a> by I<b> and finds the non-negative
-remainder respective to modulus I<m> (C<r=(a*b) mod m>). I<r> may be
-the same B<BIGNUM> as I<a> or I<b>. For more efficient algorithms for
-repeated computations using the same modulus, see
-L<BN_mod_mul_montgomery(3)|BN_mod_mul_montgomery(3)> and
-L<BN_mod_mul_reciprocal(3)|BN_mod_mul_reciprocal(3)>.
-BN_mod_sqr() takes the square of I<a> modulo B<m> and places the
-result in I<r>.
-BN_exp() raises I<a> to the I<p>-th power and places the result in I<r>
-(C<r=a^p>). This function is faster than repeated applications of
-BN_mul().
-BN_mod_exp() computes I<a> to the I<p>-th power modulo I<m> (C<r=a^p %
-m>). This function uses less time and space than BN_exp().
-BN_gcd() computes the greatest common divisor of I<a> and I<b> and
-places the result in I<r>. I<r> may be the same B<BIGNUM> as I<a> or
-I<b>.
-For all functions, I<ctx> is a previously allocated B<BN_CTX> used for
-temporary variables; see L<BN_CTX_new(3)|BN_CTX_new(3)>.
-Unless noted otherwise, the result B<BIGNUM> must be different from
-the arguments.
-=head1 RETURN VALUES
-For all functions, 1 is returned for success, 0 on error. The return
-value should always be checked (e.g., C<if (!BN_add(r,a,b)) goto err;>).
-The error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
-=head1 SEE ALSO
-L<bn(3)|bn(3)>, L<ERR_get_error(3)|ERR_get_error(3)>,
-L<BN_CTX_new(3)|BN_CTX_new(3)>, L<BN_add_word(3)|BN_add_word(3)>,
-L<BN_set_bit(3)|BN_set_bit(3)>
-=head1 HISTORY
-BN_add(), BN_sub(), BN_sqr(), BN_div(), BN_mod(), BN_mod_mul(),
-BN_mod_exp() and BN_gcd() are available in all versions of SSLeay and
-OpenSSL. The I<ctx> argument to BN_mul() was added in SSLeay
-0.9.1b. BN_exp() appeared in SSLeay 0.9.0.
-BN_nnmod(), BN_mod_add(), BN_mod_sub(), and BN_mod_sqr() were added in
-OpenSSL 0.9.7.
-=cut
diff --git a/src/lib/libssl/src/doc/crypto/BN_add_word.pod b/src/lib/libssl/src/doc/crypto/BN_add_word.pod
deleted file mode 100644
index ba1026417d..0000000000
--- a/src/lib/libssl/src/doc/crypto/BN_add_word.pod
+++ /dev/null
@@ -1,61 +0,0 @@
-=pod
-=head1 NAME
-BN_add_word, BN_sub_word, BN_mul_word, BN_div_word, BN_mod_word - arithmetic
-functions on BIGNUMs with integers
-=head1 SYNOPSIS
- #include <openssl/bn.h>
- int BN_add_word(BIGNUM *a, BN_ULONG w);
- int BN_sub_word(BIGNUM *a, BN_ULONG w);
- int BN_mul_word(BIGNUM *a, BN_ULONG w);
- BN_ULONG BN_div_word(BIGNUM *a, BN_ULONG w);
- BN_ULONG BN_mod_word(const BIGNUM *a, BN_ULONG w);
-=head1 DESCRIPTION
-These functions perform arithmetic operations on BIGNUMs with unsigned
-integers. They are much more efficient than the normal BIGNUM
-arithmetic operations.
-BN_add_word() adds B<w> to B<a> (C<a+=w>).
-BN_sub_word() subtracts B<w> from B<a> (C<a-=w>).
-BN_mul_word() multiplies B<a> and B<w> (C<a*=w>).
-BN_div_word() divides B<a> by B<w> (C<a/=w>) and returns the remainder.
-BN_mod_word() returns the remainder of B<a> divided by B<w> (C<a%w>).
-For BN_div_word() and BN_mod_word(), B<w> must not be 0.
-=head1 RETURN VALUES
-BN_add_word(), BN_sub_word() and BN_mul_word() return 1 for success, 0 on
-error. The error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
-BN_mod_word() and BN_div_word() return B<a>%B<w> on success and
-B<(BN_ULONG)-1> if an error occurred.
-=head1 SEE ALSO
-L<bn(3)|bn(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<BN_add(3)|BN_add(3)>
-=head1 HISTORY
-BN_add_word() and BN_mod_word() are available in all versions of
-SSLeay and OpenSSL. BN_div_word() was added in SSLeay 0.8, and
-BN_sub_word() and BN_mul_word() in SSLeay 0.9.0.
-Before 0.9.8a the return value for BN_div_word() and BN_mod_word()
-in case of an error was 0.
-=cut
diff --git a/src/lib/libssl/src/doc/crypto/BN_bn2bin.pod b/src/lib/libssl/src/doc/crypto/BN_bn2bin.pod
deleted file mode 100644
index 03b439c7b9..0000000000
--- a/src/lib/libssl/src/doc/crypto/BN_bn2bin.pod
+++ /dev/null
@@ -1,95 +0,0 @@
-=pod
-=head1 NAME
-BN_bn2bin, BN_bin2bn, BN_bn2hex, BN_bn2dec, BN_hex2bn, BN_dec2bn,
-BN_print, BN_print_fp, BN_bn2mpi, BN_mpi2bn - format conversions
-=head1 SYNOPSIS
- #include <openssl/bn.h>
- int BN_bn2bin(const BIGNUM *a, unsigned char *to);
- BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret);
- char *BN_bn2hex(const BIGNUM *a);
- char *BN_bn2dec(const BIGNUM *a);
- int BN_hex2bn(BIGNUM **a, const char *str);
- int BN_dec2bn(BIGNUM **a, const char *str);
- int BN_print(BIO *fp, const BIGNUM *a);
- int BN_print_fp(FILE *fp, const BIGNUM *a);
- int BN_bn2mpi(const BIGNUM *a, unsigned char *to);
- BIGNUM *BN_mpi2bn(unsigned char *s, int len, BIGNUM *ret);
-=head1 DESCRIPTION
-BN_bn2bin() converts the absolute value of B<a> into big-endian form
-and stores it at B<to>. B<to> must point to BN_num_bytes(B<a>) bytes of
-memory.
-BN_bin2bn() converts the positive integer in big-endian form of length
-B<len> at B<s> into a B<BIGNUM> and places it in B<ret>. If B<ret> is
-NULL, a new B<BIGNUM> is created.
-BN_bn2hex() and BN_bn2dec() return printable strings containing the
-hexadecimal and decimal encoding of B<a> respectively. For negative
-numbers, the string is prefaced with a leading '-'. The string must be
-freed later using free().
-BN_hex2bn() converts the string B<str> containing a hexadecimal number
-to a B<BIGNUM> and stores it in **B<bn>. If *B<bn> is NULL, a new
-B<BIGNUM> is created. If B<bn> is NULL, it only computes the number's
-length in hexadecimal digits. If the string starts with '-', the
-number is negative. BN_dec2bn() is the same using the decimal system.
-BN_print() and BN_print_fp() write the hexadecimal encoding of B<a>,
-with a leading '-' for negative numbers, to the B<BIO> or B<FILE>
-B<fp>.
-BN_bn2mpi() and BN_mpi2bn() convert B<BIGNUM>s from and to a format
-that consists of the number's length in bytes represented as a 4-byte
-big-endian number, and the number itself in big-endian format, where
-the most significant bit signals a negative number (the representation
-of numbers with the MSB set is prefixed with null byte).
-BN_bn2mpi() stores the representation of B<a> at B<to>, where B<to>
-must be large enough to hold the result. The size can be determined by
-calling BN_bn2mpi(B<a>, NULL).
-BN_mpi2bn() converts the B<len> bytes long representation at B<s> to
-a B<BIGNUM> and stores it at B<ret>, or in a newly allocated B<BIGNUM>
-if B<ret> is NULL.
-=head1 RETURN VALUES
-BN_bn2bin() returns the length of the big-endian number placed at B<to>.
-BN_bin2bn() returns the B<BIGNUM>, NULL on error.
-BN_bn2hex() and BN_bn2dec() return a null-terminated string, or NULL
-on error. BN_hex2bn() and BN_dec2bn() return the number's length in
-hexadecimal or decimal digits, and 0 on error.
-BN_print_fp() and BN_print() return 1 on success, 0 on write errors.
-BN_bn2mpi() returns the length of the representation. BN_mpi2bn()
-returns the B<BIGNUM>, and NULL on error.
-The error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
-=head1 SEE ALSO
-L<bn(3)|bn(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<BN_zero(3)|BN_zero(3)>,
-L<ASN1_INTEGER_to_BN(3)|ASN1_INTEGER_to_BN(3)>,
-L<BN_num_bytes(3)|BN_num_bytes(3)>
-=head1 HISTORY
-BN_bn2bin(), BN_bin2bn(), BN_print_fp() and BN_print() are available
-in all versions of SSLeay and OpenSSL.
-BN_bn2hex(), BN_bn2dec(), BN_hex2bn(), BN_dec2bn(), BN_bn2mpi() and
-BN_mpi2bn() were added in SSLeay 0.9.0.
-=cut
diff --git a/src/lib/libssl/src/doc/crypto/BN_cmp.pod b/src/lib/libssl/src/doc/crypto/BN_cmp.pod
deleted file mode 100644
index 29df69631e..0000000000
--- a/src/lib/libssl/src/doc/crypto/BN_cmp.pod
+++ /dev/null
@@ -1,49 +0,0 @@
-=pod
-=head1 NAME
-BN_cmp, BN_ucmp, BN_is_zero, BN_is_one, BN_is_word, BN_is_odd - BIGNUM
-comparison and test functions
-=head1 SYNOPSIS
- #include <openssl/bn.h>
- int BN_cmp(BIGNUM *a, BIGNUM *b);
- int BN_ucmp(BIGNUM *a, BIGNUM *b);
- int BN_is_zero(BIGNUM *a);
- int BN_is_one(BIGNUM *a);
- int BN_is_word(BIGNUM *a, BN_ULONG w);
- int BN_is_odd(BIGNUM *a);
-=head1 DESCRIPTION
-BN_cmp() compares the numbers B<a> and B<b>. BN_ucmp() compares their
-absolute values.
-BN_is_zero(), BN_is_one() and BN_is_word() test if B<a> equals 0, 1,
-or B<w> respectively. BN_is_odd() tests if a is odd.
-BN_is_zero(), BN_is_one(), BN_is_word() and BN_is_odd() are macros.
-=head1 RETURN VALUES
-BN_cmp() returns -1 if B<a> E<lt> B<b>, 0 if B<a> == B<b> and 1 if
-B<a> E<gt> B<b>. BN_ucmp() is the same using the absolute values
-of B<a> and B<b>.
-BN_is_zero(), BN_is_one() BN_is_word() and BN_is_odd() return 1 if
-the condition is true, 0 otherwise.
-=head1 SEE ALSO
-L<bn(3)|bn(3)>
-=head1 HISTORY
-BN_cmp(), BN_ucmp(), BN_is_zero(), BN_is_one() and BN_is_word() are
-available in all versions of SSLeay and OpenSSL.
-BN_is_odd() was added in SSLeay 0.8.
-=cut
diff --git a/src/lib/libssl/src/doc/crypto/BN_copy.pod b/src/lib/libssl/src/doc/crypto/BN_copy.pod
deleted file mode 100644
index 388dd7df26..0000000000
--- a/src/lib/libssl/src/doc/crypto/BN_copy.pod
+++ /dev/null
@@ -1,34 +0,0 @@
-=pod
-=head1 NAME
-BN_copy, BN_dup - copy BIGNUMs
-=head1 SYNOPSIS
- #include <openssl/bn.h>
- BIGNUM *BN_copy(BIGNUM *to, const BIGNUM *from);
- BIGNUM *BN_dup(const BIGNUM *from);
-=head1 DESCRIPTION
-BN_copy() copies B<from> to B<to>. BN_dup() creates a new B<BIGNUM>
-containing the value B<from>.
-=head1 RETURN VALUES
-BN_copy() returns B<to> on success, NULL on error. BN_dup() returns
-the new B<BIGNUM>, and NULL on error. The error codes can be obtained
-by L<ERR_get_error(3)|ERR_get_error(3)>.
-=head1 SEE ALSO
-L<bn(3)|bn(3)>, L<ERR_get_error(3)|ERR_get_error(3)>
-=head1 HISTORY
-BN_copy() and BN_dup() are available in all versions of SSLeay and OpenSSL.
-=cut
diff --git a/src/lib/libssl/src/doc/crypto/BN_generate_prime.pod b/src/lib/libssl/src/doc/crypto/BN_generate_prime.pod
deleted file mode 100644
index 0a95633d54..0000000000
--- a/src/lib/libssl/src/doc/crypto/BN_generate_prime.pod
+++ /dev/null
@@ -1,149 +0,0 @@
-=pod
-=head1 NAME
-BN_generate_prime, BN_is_prime_ex, BN_is_prime_fasttest_ex, BN_GENCB_call,
-BN_GENCB_set_old, BN_GENCB_set, BN_generate_prime, BN_is_prime,
-BN_is_prime_fasttest - generate primes and test for primality
-=head1 SYNOPSIS
- #include <openssl/bn.h>
- int BN_generate_prime_ex(BIGNUM *ret,int bits,int safe, const BIGNUM *add,
-     const BIGNUM *rem, BN_GENCB *cb);
- int BN_is_prime_ex(const BIGNUM *p,int nchecks, BN_CTX *ctx, BN_GENCB *cb);
- int BN_is_prime_fasttest_ex(const BIGNUM *p,int nchecks, BN_CTX *ctx,
-     int do_trial_division, BN_GENCB *cb);
- int BN_GENCB_call(BN_GENCB *cb, int a, int b);
- #define BN_GENCB_set_old(gencb, callback, cb_arg) ...
- #define BN_GENCB_set(gencb, callback, cb_arg) ...
-Deprecated:
-BIGNUM *BN_generate_prime(BIGNUM *ret, int num, int safe, BIGNUM *add,
-     BIGNUM *rem, void (*callback)(int, int, void *), void *cb_arg);
- int BN_is_prime(const BIGNUM *a, int checks, void (*callback)(int, int,
-     void *), BN_CTX *ctx, void *cb_arg);
- int BN_is_prime_fasttest(const BIGNUM *a, int checks,
-     void (*callback)(int, int, void *), BN_CTX *ctx, void *cb_arg,
-     int do_trial_division);
-=head1 DESCRIPTION
-BN_generate_prime_ex() generates a pseudo-random prime number of
-bit length B<bits>.
-If B<ret> is not B<NULL>, it will be used to store the number.
-If B<cb> is not B<NULL>, it is used as follows:
-=over 4
-=item *
-B<BN_GENCB_call(cb, 0, i)> is called after generating the i-th
-potential prime number.
-=item *
-While the number is being tested for primality,
-B<BN_GENCB_call(cb, 1, j)> is called as described below.
-=item *
-When a prime has been found, B<BN_GENCB_call(cb, 2, i)> is called.
-=back
-The prime may have to fulfill additional requirements for use in
-Diffie-Hellman key exchange:
-If B<add> is not B<NULL>, the prime will fulfill the condition p % B<add>
-== B<rem> (p % B<add> == 1 if B<rem> == B<NULL>) in order to suit a given
-generator.
-If B<safe> is true, it will be a safe prime (i.e. a prime p so
-that (p-1)/2 is also prime).
-The prime number generation has a negligible error probability.
-BN_is_prime_ex() and BN_is_prime_fasttest_ex() test if the number B<p> is
-prime.  The following tests are performed until one of them shows that
-B<p> is composite; if B<p> passes all these tests, it is considered
-prime.
-BN_is_prime_fasttest_ex(), when called with B<do_trial_division == 1>,
-first attempts trial division by a number of small primes;
-if no divisors are found by this test and B<cb> is not B<NULL>,
-B<BN_GENCB_call(cb, 1, -1)> is called.
-If B<do_trial_division == 0>, this test is skipped.
-Both BN_is_prime_ex() and BN_is_prime_fasttest_ex() perform a Miller-Rabin
-probabilistic primality test with B<nchecks> iterations. If
-B<nchecks == BN_prime_checks>, a number of iterations is used that
-yields a false positive rate of at most 2^-80 for random input.
-If B<cb> is not B<NULL>, B<BN_GENCB_call(cb, 1, j)> is called
-after the j-th iteration (j = 0, 1, ...). B<ctx> is a
-pre-allocated B<BN_CTX> (to save the overhead of allocating and
-freeing the structure in a loop), or B<NULL>.
-BN_GENCB_call calls the callback function held in the B<BN_GENCB> structure
-and passes the ints B<a> and B<b> as arguments. There are two types of
-B<BN_GENCB> structure that are supported: "new" style and "old" style. New
-programs should prefer the "new" style, whilst the "old" style is provided
-for backwards compatibility purposes.
-For "new" style callbacks a BN_GENCB structure should be initialised with a
-call to BN_GENCB_set, where B<gencb> is a B<BN_GENCB *>, B<callback> is of
-type B<int (*callback)(int, int, BN_GENCB *)> and B<cb_arg> is a B<void *>.
-"Old" style callbacks are the same except they are initialised with a call
-to BN_GENCB_set_old and B<callback> is of type
-B<void (*callback)(int, int, void *)>.
-A callback is invoked through a call to B<BN_GENCB_call>. This will check
-the type of the callback and will invoke B<callback(a, b, gencb)> for new
-style callbacks or B<callback(a, b, cb_arg)> for old style.
-BN_generate_prime (deprecated) works in the same way as
-BN_generate_prime_ex but expects an old style callback function
-directly in the B<callback> parameter, and an argument to pass to it in
-the B<cb_arg>. Similarly BN_is_prime and BN_is_prime_fasttest are
-deprecated and can be compared to BN_is_prime_ex and
-BN_is_prime_fasttest_ex respectively.
-=head1 RETURN VALUES
-BN_generate_prime_ex() returns 1 on success or 0 on error.
-BN_is_prime_ex(), BN_is_prime_fasttest_ex(), BN_is_prime() and
-BN_is_prime_fasttest() return 0 if the number is composite, 1 if it is
-prime with an error probability of less than 0.25^B<nchecks>, and
-1 on error.
-BN_generate_prime() returns the prime number on success, B<NULL> otherwise.
-Callback functions should return 1 on success or 0 on error.
-The error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
-=head1 SEE ALSO
-L<bn(3)|bn(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>
-=head1 HISTORY
-The B<cb_arg> arguments to BN_generate_prime() and to BN_is_prime()
-were added in SSLeay 0.9.0. The B<ret> argument to BN_generate_prime()
-was added in SSLeay 0.9.1.
-BN_is_prime_fasttest() was added in OpenSSL 0.9.5.
-=cut
diff --git a/src/lib/libssl/src/doc/crypto/BN_mod_inverse.pod b/src/lib/libssl/src/doc/crypto/BN_mod_inverse.pod
deleted file mode 100644
index aefb1d27dd..0000000000
--- a/src/lib/libssl/src/doc/crypto/BN_mod_inverse.pod
+++ /dev/null
@@ -1,36 +0,0 @@
-=pod
-=head1 NAME
-BN_mod_inverse - compute inverse modulo n
-=head1 SYNOPSIS
- #include <openssl/bn.h>
- BIGNUM *BN_mod_inverse(BIGNUM *r, BIGNUM *a, const BIGNUM *n,
-           BN_CTX *ctx);
-=head1 DESCRIPTION
-BN_mod_inverse() computes the inverse of B<a> modulo B<n>
-places the result in B<r> (C<(a*r)%n==1>). If B<r> is NULL,
-a new B<BIGNUM> is created.
-B<ctx> is a previously allocated B<BN_CTX> used for temporary
-variables. B<r> may be the same B<BIGNUM> as B<a> or B<n>.
-=head1 RETURN VALUES
-BN_mod_inverse() returns the B<BIGNUM> containing the inverse, and NULL on
-error. The error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
-=head1 SEE ALSO
-L<bn(3)|bn(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<BN_add(3)|BN_add(3)>
-=head1 HISTORY
-BN_mod_inverse() is available in all versions of SSLeay and OpenSSL.
-=cut
diff --git a/src/lib/libssl/src/doc/crypto/BN_mod_mul_montgomery.pod b/src/lib/libssl/src/doc/crypto/BN_mod_mul_montgomery.pod
deleted file mode 100644
index 6b16351b92..0000000000
--- a/src/lib/libssl/src/doc/crypto/BN_mod_mul_montgomery.pod
+++ /dev/null
@@ -1,101 +0,0 @@
-=pod
-=head1 NAME
-BN_mod_mul_montgomery, BN_MONT_CTX_new, BN_MONT_CTX_init,
-BN_MONT_CTX_free, BN_MONT_CTX_set, BN_MONT_CTX_copy,
-BN_from_montgomery, BN_to_montgomery - Montgomery multiplication
-=head1 SYNOPSIS
- #include <openssl/bn.h>
- BN_MONT_CTX *BN_MONT_CTX_new(void);
- void BN_MONT_CTX_init(BN_MONT_CTX *ctx);
- void BN_MONT_CTX_free(BN_MONT_CTX *mont);
- int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *m, BN_CTX *ctx);
- BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to, BN_MONT_CTX *from);
- int BN_mod_mul_montgomery(BIGNUM *r, BIGNUM *a, BIGNUM *b,
-         BN_MONT_CTX *mont, BN_CTX *ctx);
- int BN_from_montgomery(BIGNUM *r, BIGNUM *a, BN_MONT_CTX *mont,
-         BN_CTX *ctx);
- int BN_to_montgomery(BIGNUM *r, BIGNUM *a, BN_MONT_CTX *mont,
-         BN_CTX *ctx);
-=head1 DESCRIPTION
-These functions implement Montgomery multiplication. They are used
-automatically when L<BN_mod_exp(3)|BN_mod_exp(3)> is called with suitable input,
-but they may be useful when several operations are to be performed
-using the same modulus.
-BN_MONT_CTX_new() allocates and initializes a B<BN_MONT_CTX> structure.
-BN_MONT_CTX_init() initializes an existing uninitialized B<BN_MONT_CTX>.
-BN_MONT_CTX_set() sets up the I<mont> structure from the modulus I<m>
-by precomputing its inverse and a value R.
-BN_MONT_CTX_copy() copies the B<BN_MONT_CTX> I<from> to I<to>.
-BN_MONT_CTX_free() frees the components of the B<BN_MONT_CTX>, and, if
-it was created by BN_MONT_CTX_new(), also the structure itself.
-BN_mod_mul_montgomery() computes Mont(I<a>,I<b>):=I<a>*I<b>*R^-1 and places
-the result in I<r>.
-BN_from_montgomery() performs the Montgomery reduction I<r> = I<a>*R^-1.
-BN_to_montgomery() computes Mont(I<a>,R^2), i.e. I<a>*R.
-Note that I<a> must be non-negative and smaller than the modulus.
-For all functions, I<ctx> is a previously allocated B<BN_CTX> used for
-temporary variables.
-The B<BN_MONT_CTX> structure is defined as follows:
- typedef struct bn_mont_ctx_st
-        {
-        int ri;         /* number of bits in R */
-        BIGNUM RR;      /* R^2 (used to convert to Montgomery form) */
-        BIGNUM N;       /* The modulus */
-        BIGNUM Ni;      /* R*(1/R mod N) - N*Ni = 1
-                         * (Ni is only stored for bignum algorithm) */
-        BN_ULONG n0;    /* least significant word of Ni */
-        int flags;
-        } BN_MONT_CTX;
-BN_to_montgomery() is a macro.
-=head1 RETURN VALUES
-BN_MONT_CTX_new() returns the newly allocated B<BN_MONT_CTX>, and NULL
-on error.
-BN_MONT_CTX_init() and BN_MONT_CTX_free() have no return values.
-For the other functions, 1 is returned for success, 0 on error.
-The error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
-=head1 WARNING
-The inputs must be reduced modulo B<m>, otherwise the result will be
-outside the expected range.
-=head1 SEE ALSO
-L<bn(3)|bn(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<BN_add(3)|BN_add(3)>,
-L<BN_CTX_new(3)|BN_CTX_new(3)>
-=head1 HISTORY
-BN_MONT_CTX_new(), BN_MONT_CTX_free(), BN_MONT_CTX_set(),
-BN_mod_mul_montgomery(), BN_from_montgomery() and BN_to_montgomery()
-are available in all versions of SSLeay and OpenSSL.
-BN_MONT_CTX_init() and BN_MONT_CTX_copy() were added in SSLeay 0.9.1b.
-=cut
diff --git a/src/lib/libssl/src/doc/crypto/BN_mod_mul_reciprocal.pod b/src/lib/libssl/src/doc/crypto/BN_mod_mul_reciprocal.pod
deleted file mode 100644
index 74a216ddc2..0000000000
--- a/src/lib/libssl/src/doc/crypto/BN_mod_mul_reciprocal.pod
+++ /dev/null
@@ -1,81 +0,0 @@
-=pod
-=head1 NAME
-BN_mod_mul_reciprocal,  BN_div_recp, BN_RECP_CTX_new, BN_RECP_CTX_init,
-BN_RECP_CTX_free, BN_RECP_CTX_set - modular multiplication using
-reciprocal
-=head1 SYNOPSIS
- #include <openssl/bn.h>
- BN_RECP_CTX *BN_RECP_CTX_new(void);
- void BN_RECP_CTX_init(BN_RECP_CTX *recp);
- void BN_RECP_CTX_free(BN_RECP_CTX *recp);
- int BN_RECP_CTX_set(BN_RECP_CTX *recp, const BIGNUM *m, BN_CTX *ctx);
- int BN_div_recp(BIGNUM *dv, BIGNUM *rem, BIGNUM *a, BN_RECP_CTX *recp,
-        BN_CTX *ctx);
- int BN_mod_mul_reciprocal(BIGNUM *r, BIGNUM *a, BIGNUM *b,
-        BN_RECP_CTX *recp, BN_CTX *ctx);
-=head1 DESCRIPTION
-BN_mod_mul_reciprocal() can be used to perform an efficient
-L<BN_mod_mul(3)|BN_mod_mul(3)> operation when the operation will be performed
-repeatedly with the same modulus. It computes B<r>=(B<a>*B<b>)%B<m>
-using B<recp>=1/B<m>, which is set as described below.  B<ctx> is a
-previously allocated B<BN_CTX> used for temporary variables.
-BN_RECP_CTX_new() allocates and initializes a B<BN_RECP> structure.
-BN_RECP_CTX_init() initializes an existing uninitialized B<BN_RECP>.
-BN_RECP_CTX_free() frees the components of the B<BN_RECP>, and, if it
-was created by BN_RECP_CTX_new(), also the structure itself.
-BN_RECP_CTX_set() stores B<m> in B<recp> and sets it up for computing
-1/B<m> and shifting it left by BN_num_bits(B<m>)+1 to make it an
-integer. The result and the number of bits it was shifted left will
-later be stored in B<recp>.
-BN_div_recp() divides B<a> by B<m> using B<recp>. It places the quotient
-in B<dv> and the remainder in B<rem>.
-The B<BN_RECP_CTX> structure is defined as follows:
- typedef struct bn_recp_ctx_st
-        {
-        BIGNUM N;       /* the divisor */
-        BIGNUM Nr;      /* the reciprocal */
-        int num_bits;
-        int shift;
-        int flags;
-        } BN_RECP_CTX;
-It cannot be shared between threads.
-=head1 RETURN VALUES
-BN_RECP_CTX_new() returns the newly allocated B<BN_RECP_CTX>, and NULL
-on error.
-BN_RECP_CTX_init() and BN_RECP_CTX_free() have no return values.
-For the other functions, 1 is returned for success, 0 on error.
-The error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
-=head1 SEE ALSO
-L<bn(3)|bn(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<BN_add(3)|BN_add(3)>,
-L<BN_CTX_new(3)|BN_CTX_new(3)>
-=head1 HISTORY
-B<BN_RECP_CTX> was added in SSLeay 0.9.0. Before that, the function
-BN_reciprocal() was used instead, and the BN_mod_mul_reciprocal()
-arguments were different.
-=cut
diff --git a/src/lib/libssl/src/doc/crypto/BN_new.pod b/src/lib/libssl/src/doc/crypto/BN_new.pod
deleted file mode 100644
index ab7a105e3a..0000000000
--- a/src/lib/libssl/src/doc/crypto/BN_new.pod
+++ /dev/null
@@ -1,53 +0,0 @@
-=pod
-=head1 NAME
-BN_new, BN_init, BN_clear, BN_free, BN_clear_free - allocate and free BIGNUMs
-=head1 SYNOPSIS
- #include <openssl/bn.h>
- BIGNUM *BN_new(void);
- void BN_init(BIGNUM *);
- void BN_clear(BIGNUM *a);
- void BN_free(BIGNUM *a);
- void BN_clear_free(BIGNUM *a);
-=head1 DESCRIPTION
-BN_new() allocates and initializes a B<BIGNUM> structure. BN_init()
-initializes an existing uninitialized B<BIGNUM>.
-BN_clear() is used to destroy sensitive data such as keys when they
-are no longer needed. It erases the memory used by B<a> and sets it
-to the value 0.
-BN_free() frees the components of the B<BIGNUM>, and if it was created
-by BN_new(), also the structure itself. BN_clear_free() additionally
-overwrites the data before the memory is returned to the system.
-=head1 RETURN VALUES
-BN_new() returns a pointer to the B<BIGNUM>. If the allocation fails,
-it returns B<NULL> and sets an error code that can be obtained
-by L<ERR_get_error(3)|ERR_get_error(3)>.
-BN_init(), BN_clear(), BN_free() and BN_clear_free() have no return
-values.
-=head1 SEE ALSO
-L<bn(3)|bn(3)>, L<ERR_get_error(3)|ERR_get_error(3)>
-=head1 HISTORY
-BN_new(), BN_clear(), BN_free() and BN_clear_free() are available in
-all versions on SSLeay and OpenSSL.  BN_init() was added in SSLeay
-0.9.1b.
-=cut
diff --git a/src/lib/libssl/src/doc/crypto/BN_num_bytes.pod b/src/lib/libssl/src/doc/crypto/BN_num_bytes.pod
deleted file mode 100644
index a6a2e3f819..0000000000
--- a/src/lib/libssl/src/doc/crypto/BN_num_bytes.pod
+++ /dev/null
@@ -1,57 +0,0 @@
-=pod
-=head1 NAME
-BN_num_bits, BN_num_bytes, BN_num_bits_word - get BIGNUM size
-=head1 SYNOPSIS
- #include <openssl/bn.h>
- int BN_num_bytes(const BIGNUM *a);
- int BN_num_bits(const BIGNUM *a);
- int BN_num_bits_word(BN_ULONG w);
-=head1 DESCRIPTION
-BN_num_bytes() returns the size of a B<BIGNUM> in bytes.
-BN_num_bits_word() returns the number of significant bits in a word.
-If we take 0x00000432 as an example, it returns 11, not 16, not 32.
-Basically, except for a zero, it returns I<floor(log2(w))+1>.
-BN_num_bits() returns the number of significant bits in a B<BIGNUM>,
-following the same principle as BN_num_bits_word().
-BN_num_bytes() is a macro.
-=head1 RETURN VALUES
-The size.
-=head1 NOTES
-Some have tried using BN_num_bits() on individual numbers in RSA keys,
-DH keys and DSA keys, and found that they don't always come up with
-the number of bits they expected (something like 512, 1024, 2048,
-...).  This is because generating a number with some specific number
-of bits doesn't always set the highest bits, thereby making the number
-of I<significant> bits a little lower.  If you want to know the "key
-size" of such a key, either use functions like RSA_size(), DH_size()
-and DSA_size(), or use BN_num_bytes() and multiply with 8 (although
-there's no real guarantee that will match the "key size", just a lot
-more probability).
-=head1 SEE ALSO
-L<bn(3)|bn(3)>, L<DH_size(3)|DH_size(3)>, L<DSA_size(3)|DSA_size(3)>,
-L<RSA_size(3)|RSA_size(3)>
-=head1 HISTORY
-BN_num_bytes(), BN_num_bits() and BN_num_bits_word() are available in
-all versions of SSLeay and OpenSSL.
-=cut
diff --git a/src/lib/libssl/src/doc/crypto/BN_rand.pod b/src/lib/libssl/src/doc/crypto/BN_rand.pod
deleted file mode 100644
index 856f310077..0000000000
--- a/src/lib/libssl/src/doc/crypto/BN_rand.pod
+++ /dev/null
@@ -1,56 +0,0 @@
-=pod
-=head1 NAME
-BN_rand, BN_pseudo_rand, BN_rand_range, BN_pseudo_rand_range - generate pseudo-random number
-=head1 SYNOPSIS
- #include <openssl/bn.h>
- int BN_rand(BIGNUM *rnd, int bits, int top, int bottom);
- int BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom);
- int BN_rand_range(BIGNUM *rnd, BIGNUM *range);
- int BN_pseudo_rand_range(BIGNUM *rnd, BIGNUM *range);
-=head1 DESCRIPTION
-BN_rand() generates a cryptographically strong pseudo-random number of
-B<bits> bits in length and stores it in B<rnd>. If B<top> is -1, the
-most significant bit of the random number can be zero. If B<top> is 0,
-it is set to 1, and if B<top> is 1, the two most significant bits of
-the number will be set to 1, so that the product of two such random
-numbers will always have 2*B<bits> length.  If B<bottom> is true, the
-number will be odd.
-BN_pseudo_rand() does the same, but pseudo-random numbers generated by
-this function are not necessarily unpredictable. They can be used for
-non-cryptographic purposes and for certain purposes in cryptographic
-protocols, but usually not for key generation etc.
-BN_rand_range() generates a cryptographically strong pseudo-random
-number B<rnd> in the range 0 E<lt>= B<rnd> E<lt> B<range>.
-BN_pseudo_rand_range() does the same, but is based on BN_pseudo_rand(),
-and hence numbers generated by it are not necessarily unpredictable.
-=head1 RETURN VALUES
-The functions return 1 on success, 0 on error.
-The error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
-=head1 SEE ALSO
-L<bn(3)|bn(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>,
-L<RAND_add(3)|RAND_add(3)>, L<RAND_bytes(3)|RAND_bytes(3)>
-=head1 HISTORY
-BN_rand() is available in all versions of SSLeay and OpenSSL.
-BN_pseudo_rand() was added in OpenSSL 0.9.5. The B<top> == -1 case
-and the function BN_rand_range() were added in OpenSSL 0.9.6a.
-BN_pseudo_rand_range() was added in OpenSSL 0.9.6c.
-=cut
diff --git a/src/lib/libssl/src/doc/crypto/BN_set_bit.pod b/src/lib/libssl/src/doc/crypto/BN_set_bit.pod
deleted file mode 100644
index b7c47b9b01..0000000000
--- a/src/lib/libssl/src/doc/crypto/BN_set_bit.pod
+++ /dev/null
@@ -1,66 +0,0 @@
-=pod
-=head1 NAME
-BN_set_bit, BN_clear_bit, BN_is_bit_set, BN_mask_bits, BN_lshift,
-BN_lshift1, BN_rshift, BN_rshift1 - bit operations on BIGNUMs
-=head1 SYNOPSIS
- #include <openssl/bn.h>
- int BN_set_bit(BIGNUM *a, int n);
- int BN_clear_bit(BIGNUM *a, int n);
- int BN_is_bit_set(const BIGNUM *a, int n);
- int BN_mask_bits(BIGNUM *a, int n);
- int BN_lshift(BIGNUM *r, const BIGNUM *a, int n);
- int BN_lshift1(BIGNUM *r, BIGNUM *a);
- int BN_rshift(BIGNUM *r, BIGNUM *a, int n);
- int BN_rshift1(BIGNUM *r, BIGNUM *a);
-=head1 DESCRIPTION
-BN_set_bit() sets bit B<n> in B<a> to 1 (C<a|=(1E<lt>E<lt>n)>). The
-number is expanded if necessary.
-BN_clear_bit() sets bit B<n> in B<a> to 0 (C<a&=~(1E<lt>E<lt>n)>). An
-error occurs if B<a> is shorter than B<n> bits.
-BN_is_bit_set() tests if bit B<n> in B<a> is set.
-BN_mask_bits() truncates B<a> to an B<n> bit number
-(C<a&=~((~0)E<gt>E<gt>n)>).  An error occurs if B<a> already is
-shorter than B<n> bits.
-BN_lshift() shifts B<a> left by B<n> bits and places the result in
-B<r> (C<r=a*2^n>). BN_lshift1() shifts B<a> left by one and places
-the result in B<r> (C<r=2*a>).
-BN_rshift() shifts B<a> right by B<n> bits and places the result in
-B<r> (C<r=a/2^n>). BN_rshift1() shifts B<a> right by one and places
-the result in B<r> (C<r=a/2>).
-For the shift functions, B<r> and B<a> may be the same variable.
-=head1 RETURN VALUES
-BN_is_bit_set() returns 1 if the bit is set, 0 otherwise.
-All other functions return 1 for success, 0 on error. The error codes
-can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
-=head1 SEE ALSO
-L<bn(3)|bn(3)>, L<BN_num_bytes(3)|BN_num_bytes(3)>, L<BN_add(3)|BN_add(3)>
-=head1 HISTORY
-BN_set_bit(), BN_clear_bit(), BN_is_bit_set(), BN_mask_bits(),
-BN_lshift(), BN_lshift1(), BN_rshift(), and BN_rshift1() are available
-in all versions of SSLeay and OpenSSL.
-=cut
diff --git a/src/lib/libssl/src/doc/crypto/BN_swap.pod b/src/lib/libssl/src/doc/crypto/BN_swap.pod
deleted file mode 100644
index 14097ca357..0000000000
--- a/src/lib/libssl/src/doc/crypto/BN_swap.pod
+++ /dev/null
@@ -1,25 +0,0 @@
-=pod
-=head1 NAME
-BN_swap - exchange BIGNUMs
-=head1 SYNOPSIS
- #include <openssl/bn.h>
- void BN_swap(BIGNUM *a, BIGNUM *b);
-=head1 DESCRIPTION
-BN_swap() exchanges the values of I<a> and I<b>.
-=head1 SEE ALSO
-L<bn(3)|bn(3)>
-=head1 HISTORY
-BN_swap was added in OpenSSL 0.9.7.
-=cut
diff --git a/src/lib/libssl/src/doc/crypto/BN_zero.pod b/src/lib/libssl/src/doc/crypto/BN_zero.pod
deleted file mode 100644
index b555ec3988..0000000000
--- a/src/lib/libssl/src/doc/crypto/BN_zero.pod
+++ /dev/null
@@ -1,59 +0,0 @@
-=pod
-=head1 NAME
-BN_zero, BN_one, BN_value_one, BN_set_word, BN_get_word - BIGNUM assignment
-operations
-=head1 SYNOPSIS
- #include <openssl/bn.h>
- int BN_zero(BIGNUM *a);
- int BN_one(BIGNUM *a);
- const BIGNUM *BN_value_one(void);
- int BN_set_word(BIGNUM *a, unsigned long w);
- unsigned long BN_get_word(BIGNUM *a);
-=head1 DESCRIPTION
-BN_zero(), BN_one() and BN_set_word() set B<a> to the values 0, 1 and
-B<w> respectively.  BN_zero() and BN_one() are macros.
-BN_value_one() returns a B<BIGNUM> constant of value 1. This constant
-is useful for use in comparisons and assignment.
-BN_get_word() returns B<a>, if it can be represented as an unsigned
-long.
-=head1 RETURN VALUES
-BN_get_word() returns the value B<a>, and 0xffffffffL if B<a> cannot
-be represented as an unsigned long.
-BN_zero(), BN_one() and BN_set_word() return 1 on success, 0 otherwise.
-BN_value_one() returns the constant.
-=head1 BUGS
-Someone might change the constant.
-If a B<BIGNUM> is equal to 0xffffffffL it can be represented as an
-unsigned long but this value is also returned on error.
-=head1 SEE ALSO
-L<bn(3)|bn(3)>, L<BN_bn2bin(3)|BN_bn2bin(3)>
-=head1 HISTORY
-BN_zero(), BN_one() and BN_set_word() are available in all versions of
-SSLeay and OpenSSL. BN_value_one() and BN_get_word() were added in
-SSLeay 0.8.
-BN_value_one() was changed to return a true const BIGNUM * in OpenSSL
-0.9.7.
-=cut
author	schwarze <>	2015-02-23 17:43:24 +0000
committer	schwarze <>	2015-02-23 17:43:24 +0000
commit	9cb1a51933a1847042ee88e16d560485f682bcad (patch)
tree	5a76fb973ee649bdb33c7731bc1ca457abfcec1e
parent	2820d04ee847cb7bede0b25e49194c3ade7ebdbf (diff)
download	openbsd-9cb1a51933a1847042ee88e16d560485f682bcad.tar.gz openbsd-9cb1a51933a1847042ee88e16d560485f682bcad.tar.bz2 openbsd-9cb1a51933a1847042ee88e16d560485f682bcad.zip