58 files changed, 0 insertions, 3899 deletions
diff --git a/src/lib/libcrypto/doc/DH_generate_key.pod b/src/lib/libcrypto/doc/DH_generate_key.pod
deleted file mode 100644
index 81f09fdf45..0000000000
--- a/src/lib/libcrypto/doc/DH_generate_key.pod
+++ /dev/null
@@ -1,50 +0,0 @@
-=pod
-=head1 NAME
-DH_generate_key, DH_compute_key - perform Diffie-Hellman key exchange
-=head1 SYNOPSIS
- #include <openssl/dh.h>
- int DH_generate_key(DH *dh);
- int DH_compute_key(unsigned char *key, BIGNUM *pub_key, DH *dh);
-=head1 DESCRIPTION
-DH_generate_key() performs the first step of a Diffie-Hellman key
-exchange by generating private and public DH values. By calling
-DH_compute_key(), these are combined with the other party's public
-value to compute the shared key.
-DH_generate_key() expects B<dh> to contain the shared parameters
-B<dh-E<gt>p> and B<dh-E<gt>g>. It generates a random private DH value
-unless B<dh-E<gt>priv_key> is already set, and computes the
-corresponding public value B<dh-E<gt>pub_key>, which can then be
-published.
-DH_compute_key() computes the shared secret from the private DH value
-in B<dh> and the other party's public value in B<pub_key> and stores
-it in B<key>. B<key> must point to B<DH_size(dh)> bytes of memory.
-=head1 RETURN VALUES
-DH_generate_key() returns 1 on success, 0 otherwise.
-DH_compute_key() returns the size of the shared secret on success, -1
-on error.
-The error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
-=head1 SEE ALSO
-L<dh(3)|dh(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>, L<DH_size(3)|DH_size(3)>
-=head1 HISTORY
-DH_generate_key() and DH_compute_key() are available in all versions
-of SSLeay and OpenSSL.
-=cut
diff --git a/src/lib/libcrypto/doc/DH_generate_parameters.pod b/src/lib/libcrypto/doc/DH_generate_parameters.pod
deleted file mode 100644
index 4a2d653758..0000000000
--- a/src/lib/libcrypto/doc/DH_generate_parameters.pod
+++ /dev/null
@@ -1,72 +0,0 @@
-=pod
-=head1 NAME
-DH_generate_parameters, DH_check - generate and check Diffie-Hellman parameters
-=head1 SYNOPSIS
- #include <openssl/dh.h>
- DH *DH_generate_parameters(int prime_len, int generator,
-     void (*callback)(int, int, void *), void *cb_arg);
- int DH_check(DH *dh, int *codes);
-=head1 DESCRIPTION
-DH_generate_parameters() generates Diffie-Hellman parameters that can
-be shared among a group of users, and returns them in a newly
-allocated B<DH> structure. The pseudo-random number generator must be
-seeded prior to calling DH_generate_parameters().
-B<prime_len> is the length in bits of the safe prime to be generated.
-B<generator> is a small number E<gt> 1, typically 2 or 5. 
-A callback function may be used to provide feedback about the progress
-of the key generation. If B<callback> is not B<NULL>, it will be
-called as described in L<BN_generate_prime(3)|BN_generate_prime(3)> while a random prime
-number is generated, and when a prime has been found, B<callback(3,
-0, cb_arg)> is called.
-DH_check() validates Diffie-Hellman parameters. It checks that B<p> is
-a safe prime, and that B<g> is a suitable generator. In the case of an
-error, the bit flags DH_CHECK_P_NOT_SAFE_PRIME or
-DH_NOT_SUITABLE_GENERATOR are set in B<*codes>.
-DH_UNABLE_TO_CHECK_GENERATOR is set if the generator cannot be
-checked, i.e. it does not equal 2 or 5.
-=head1 RETURN VALUES
-DH_generate_parameters() returns a pointer to the DH structure, or
-NULL if the parameter generation fails. The error codes can be
-obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
-DH_check() returns 1 if the check could be performed, 0 otherwise.
-=head1 NOTES
-DH_generate_parameters() may run for several hours before finding a
-suitable prime.
-The parameters generated by DH_generate_parameters() are not to be
-used in signature schemes.
-=head1 BUGS
-If B<generator> is not 2 or 5, B<dh-E<gt>g>=B<generator> is not
-a usable generator.
-=head1 SEE ALSO
-L<dh(3)|dh(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>, L<DH_free(3)|DH_free(3)>
-=head1 HISTORY
-DH_check() is available in all versions of SSLeay and OpenSSL.
-The B<cb_arg> argument to DH_generate_parameters() was added in SSLeay 0.9.0.
-In versions before OpenSSL 0.9.5, DH_CHECK_P_NOT_STRONG_PRIME is used
-instead of DH_CHECK_P_NOT_SAFE_PRIME.
-=cut
diff --git a/src/lib/libcrypto/doc/DH_get_ex_new_index.pod b/src/lib/libcrypto/doc/DH_get_ex_new_index.pod
deleted file mode 100644
index 82e2548bcd..0000000000
--- a/src/lib/libcrypto/doc/DH_get_ex_new_index.pod
+++ /dev/null
@@ -1,36 +0,0 @@
-=pod
-=head1 NAME
-DH_get_ex_new_index, DH_set_ex_data, DH_get_ex_data - add application specific data to DH structures
-=head1 SYNOPSIS
- #include <openssl/dh.h>
- int DH_get_ex_new_index(long argl, void *argp,
-                CRYPTO_EX_new *new_func,
-                CRYPTO_EX_dup *dup_func,
-                CRYPTO_EX_free *free_func);
- int DH_set_ex_data(DH *d, int idx, void *arg);
- char *DH_get_ex_data(DH *d, int idx);
-=head1 DESCRIPTION
-These functions handle application specific data in DH
-structures. Their usage is identical to that of
-RSA_get_ex_new_index(), RSA_set_ex_data() and RSA_get_ex_data()
-as described in L<RSA_get_ex_new_index(3)>.
-=head1 SEE ALSO
-L<RSA_get_ex_new_index()|RSA_get_ex_new_index()>, L<dh(3)|dh(3)>
-=head1 HISTORY
-DH_get_ex_new_index(), DH_set_ex_data() and DH_get_ex_data() are
-available since OpenSSL 0.9.5.
-=cut
diff --git a/src/lib/libcrypto/doc/DH_new.pod b/src/lib/libcrypto/doc/DH_new.pod
deleted file mode 100644
index 60c930093e..0000000000
--- a/src/lib/libcrypto/doc/DH_new.pod
+++ /dev/null
@@ -1,40 +0,0 @@
-=pod
-=head1 NAME
-DH_new, DH_free - allocate and free DH objects
-=head1 SYNOPSIS
- #include <openssl/dh.h>
- DH* DH_new(void);
- void DH_free(DH *dh);
-=head1 DESCRIPTION
-DH_new() allocates and initializes a B<DH> structure.
-DH_free() frees the B<DH> structure and its components. The values are
-erased before the memory is returned to the system.
-=head1 RETURN VALUES
-If the allocation fails, DH_new() returns B<NULL> and sets an error
-code that can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>. Otherwise it returns
-a pointer to the newly allocated structure.
-DH_free() returns no value.
-=head1 SEE ALSO
-L<dh(3)|dh(3)>, L<ERR_get_error(3)|ERR_get_error(3)>,
-L<DH_generate_parameters(3)|DH_generate_parameters(3)>,
-L<DH_generate_key(3)|DH_generate_key(3)>
-=head1 HISTORY
-DH_new() and DH_free() are available in all versions of SSLeay and OpenSSL.
-=cut
diff --git a/src/lib/libcrypto/doc/DH_set_method.pod b/src/lib/libcrypto/doc/DH_set_method.pod
deleted file mode 100644
index a8f75bdd9d..0000000000
--- a/src/lib/libcrypto/doc/DH_set_method.pod
+++ /dev/null
@@ -1,99 +0,0 @@
-=pod
-=head1 NAME
-DH_set_default_method, DH_get_default_method, DH_set_method,
-DH_new_method, DH_OpenSSL - select DH method
-=head1 SYNOPSIS
- #include <openssl/dh.h>
- void DH_set_default_method(DH_METHOD *meth);
- DH_METHOD *DH_get_default_method(void);
- DH_METHOD *DH_set_method(DH *dh, DH_METHOD *meth);
- DH *DH_new_method(DH_METHOD *meth);
- DH_METHOD *DH_OpenSSL(void);
-=head1 DESCRIPTION
-A B<DH_METHOD> specifies the functions that OpenSSL uses for Diffie-Hellman
-operations. By modifying the method, alternative implementations
-such as hardware accelerators may be used.
-Initially, the default is to use the OpenSSL internal implementation.
-DH_OpenSSL() returns a pointer to that method.
-DH_set_default_method() makes B<meth> the default method for all B<DH>
-structures created later.
-DH_get_default_method() returns a pointer to the current default
-method.
-DH_set_method() selects B<meth> for all operations using the structure B<dh>.
-DH_get_method() returns a pointer to the method currently selected
-for B<dh>.
-DH_new_method() allocates and initializes a B<DH> structure so that
-B<method> will be used for the DH operations. If B<method> is B<NULL>,
-the default method is used.
-=head1 THE DH_METHOD STRUCTURE
- typedef struct dh_meth_st
- {
-     /* name of the implementation */
-        const char *name;
-     /* generate private and public DH values for key agreement */
-        int (*generate_key)(DH *dh);
-     /* compute shared secret */
-        int (*compute_key)(unsigned char *key, BIGNUM *pub_key, DH *dh);
-     /* compute r = a ^ p mod m (May be NULL for some implementations) */
-        int (*bn_mod_exp)(DH *dh, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
-                                const BIGNUM *m, BN_CTX *ctx,
-                                BN_MONT_CTX *m_ctx);
-     /* called at DH_new */
-        int (*init)(DH *dh);
-     /* called at DH_free */
-        int (*finish)(DH *dh);
-        int flags;
-        char *app_data; /* ?? */
- } DH_METHOD;
-=head1 RETURN VALUES
-DH_OpenSSL(), DH_get_default_method() and DH_get_method() return
-pointers to the respective B<DH_METHOD>s.
-DH_set_default_method() returns no value.
-DH_set_method() returns a pointer to the B<DH_METHOD> previously
-associated with B<dh>.
-DH_new_method() returns B<NULL> and sets an error code that can be
-obtained by L<ERR_get_error(3)|ERR_get_error(3)> if the allocation fails. Otherwise it
-returns a pointer to the newly allocated structure.
-=head1 SEE ALSO
-L<dh(3)|dh(3)>, L<DH_new(3)|DH_new(3)>
-=head1 HISTORY
-DH_set_default_method(), DH_get_default_method(), DH_set_method(),
-DH_new_method() and DH_OpenSSL() were added in OpenSSL 0.9.4.
-=cut
diff --git a/src/lib/libcrypto/doc/DH_size.pod b/src/lib/libcrypto/doc/DH_size.pod
deleted file mode 100644
index 97f26fda78..0000000000
--- a/src/lib/libcrypto/doc/DH_size.pod
+++ /dev/null
@@ -1,33 +0,0 @@
-=pod
-=head1 NAME
-DH_size - get Diffie-Hellman prime size
-=head1 SYNOPSIS
- #include <openssl/dh.h>
- int DH_size(DH *dh);
-=head1 DESCRIPTION
-This function returns the Diffie-Hellman size in bytes. It can be used
-to determine how much memory must be allocated for the shared secret
-computed by DH_compute_key().
-B<dh-E<gt>p> must not be B<NULL>.
-=head1 RETURN VALUE
-The size in bytes.
-=head1 SEE ALSO
-L<dh(3)|dh(3)>, L<DH_generate_key(3)|DH_generate_key(3)>
-=head1 HISTORY
-DH_size() is available in all versions of SSLeay and OpenSSL.
-=cut
diff --git a/src/lib/libcrypto/doc/DSA_SIG_new.pod b/src/lib/libcrypto/doc/DSA_SIG_new.pod
deleted file mode 100644
index 45df4c0661..0000000000
--- a/src/lib/libcrypto/doc/DSA_SIG_new.pod
+++ /dev/null
@@ -1,39 +0,0 @@
-=pod
-=head1 NAME
-DSA_SIG_new, DSA_SIG_free - allocate and free DSA signature objects
-=head1 SYNOPSIS
- #include <openssl/dsa.h>
- DSA_SIG *DSA_SIG_new(void);
- void   DSA_SIG_free(DSA_SIG *a);
-=head1 DESCRIPTION
-DSA_SIG_new() allocates and initializes a B<DSA_SIG> structure.
-DSA_SIG_free() frees the B<DSA_SIG> structure and its components. The
-values are erased before the memory is returned to the system.
-=head1 RETURN VALUES
-If the allocation fails, DSA_SIG_new() returns B<NULL> and sets an
-error code that can be obtained by
-L<ERR_get_error(3)|ERR_get_error(3)>. Otherwise it returns a pointer
-to the newly allocated structure.
-DSA_SIG_free() returns no value.
-=head1 SEE ALSO
-L<dsa(3)|dsa(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<DSA_do_sign(3)|DSA_do_sign(3)>
-=head1 HISTORY
-DSA_SIG_new() and DSA_SIG_free() were added in OpenSSL 0.9.3.
-=cut
diff --git a/src/lib/libcrypto/doc/DSA_do_sign.pod b/src/lib/libcrypto/doc/DSA_do_sign.pod
deleted file mode 100644
index 5dfc733b20..0000000000
--- a/src/lib/libcrypto/doc/DSA_do_sign.pod
+++ /dev/null
@@ -1,47 +0,0 @@
-=pod
-=head1 NAME
-DSA_do_sign, DSA_do_verify - raw DSA signature operations
-=head1 SYNOPSIS
- #include <openssl/dsa.h>
- DSA_SIG *DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa);
- int DSA_do_verify(const unsigned char *dgst, int dgst_len,
-             DSA_SIG *sig, DSA *dsa);
-=head1 DESCRIPTION
-DSA_do_sign() computes a digital signature on the B<len> byte message
-digest B<dgst> using the private key B<dsa> and returns it in a
-newly allocated B<DSA_SIG> structure.
-L<DSA_sign_setup(3)|DSA_sign_setup(3)> may be used to precompute part
-of the signing operation in case signature generation is
-time-critical.
-DSA_do_verify() verifies that the signature B<sig> matches a given
-message digest B<dgst> of size B<len>.  B<dsa> is the signer's public
-key.
-=head1 RETURN VALUES
-DSA_do_sign() returns the signature, NULL on error.  DSA_do_verify()
-returns 1 for a valid signature, 0 for an incorrect signature and -1
-on error. The error codes can be obtained by
-L<ERR_get_error(3)|ERR_get_error(3)>.
-=head1 SEE ALSO
-L<dsa(3)|dsa(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>,
-L<DSA_SIG_new(3)|DSA_SIG_new(3)>,
-L<DSA_sign(3)|DSA_sign(3)>
-=head1 HISTORY
-DSA_do_sign() and DSA_do_verify() were added in OpenSSL 0.9.3.
-=cut
diff --git a/src/lib/libcrypto/doc/DSA_dup_DH.pod b/src/lib/libcrypto/doc/DSA_dup_DH.pod
deleted file mode 100644
index 695f99a13b..0000000000
--- a/src/lib/libcrypto/doc/DSA_dup_DH.pod
+++ /dev/null
@@ -1,36 +0,0 @@
-=pod
-=head1 NAME
-DSA_dup_DH - create a DH structure out of DSA structure
-=head1 SYNOPSIS
- #include <openssl/dsa.h>
- DH * DSA_dup_DH(DSA *r);
-=head1 DESCRIPTION
-DSA_dup_DH() duplicates DSA parameters/keys as DH parameters/keys. q
-is lost during that conversion, but the resulting DH parameters
-contain its length.
-=head1 RETURN VALUE
-DSA_dup_DH() returns the new B<DH> structure, and NULL on error. The
-error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
-=head1 NOTE
-Be careful to avoid small subgroup attacks when using this.
-=head1 SEE ALSO
-L<dh(3)|dh(3)>, L<dsa(3)|dsa(3)>, L<ERR_get_error(3)|ERR_get_error(3)>
-=head1 HISTORY
-DSA_dup_DH() was added in OpenSSL 0.9.4.
-=cut
diff --git a/src/lib/libcrypto/doc/DSA_generate_key.pod b/src/lib/libcrypto/doc/DSA_generate_key.pod
deleted file mode 100644
index 9906a2d7e0..0000000000
--- a/src/lib/libcrypto/doc/DSA_generate_key.pod
+++ /dev/null
@@ -1,33 +0,0 @@
-=pod
-=head1 NAME
-DSA_generate_key - generate DSA key pair
-=head1 SYNOPSIS
- #include <openssl/dsa.h>
- int DSA_generate_key(DSA *a);
-=head1 DESCRIPTION
-DSA_generate_key() expects B<a> to contain DSA parameters. It generates
-a new key pair and stores it in B<a-E<gt>pub_key> and B<a-E<gt>priv_key>.
-The PRNG must be seeded prior to calling DSA_generate_key().
-=head1 RETURN VALUE
-DSA_generate_key() returns 1 on success, 0 otherwise.
-The error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
-=head1 SEE ALSO
-L<dsa(3)|dsa(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>, L<DSA_generate_parameters(3)|DSA_generate_parameters(3)>
-=head1 HISTORY
-DSA_generate_key() is available since SSLeay 0.8.
-=cut
diff --git a/src/lib/libcrypto/doc/DSA_generate_parameters.pod b/src/lib/libcrypto/doc/DSA_generate_parameters.pod
deleted file mode 100644
index be7c924ff8..0000000000
--- a/src/lib/libcrypto/doc/DSA_generate_parameters.pod
+++ /dev/null
@@ -1,105 +0,0 @@
-=pod
-=head1 NAME
-DSA_generate_parameters - generate DSA parameters
-=head1 SYNOPSIS
- #include <openssl/dsa.h>
- DSA *DSA_generate_parameters(int bits, unsigned char *seed,
-                int seed_len, int *counter_ret, unsigned long *h_ret,
-                void (*callback)(int, int, void *), void *cb_arg);
-=head1 DESCRIPTION
-DSA_generate_parameters() generates primes p and q and a generator g
-for use in the DSA.
-B<bits> is the length of the prime to be generated; the DSS allows a
-maximum of 1024 bits.
-If B<seed> is B<NULL> or B<seed_len> E<lt> 20, the primes will be
-generated at random. Otherwise, the seed is used to generate
-them. If the given seed does not yield a prime q, a new random
-seed is chosen and placed at B<seed>.
-DSA_generate_parameters() places the iteration count in
-*B<counter_ret> and a counter used for finding a generator in
-*B<h_ret>, unless these are B<NULL>.
-A callback function may be used to provide feedback about the progress
-of the key generation. If B<callback> is not B<NULL>, it will be
-called as follows:
-=over 4
-=item *
-When a candidate for q is generated, B<callback(0, m++, cb_arg)> is called
-(m is 0 for the first candidate).
-=item *
-When a candidate for q has passed a test by trial division,
-B<callback(1, -1, cb_arg)> is called.
-While a candidate for q is tested by Miller-Rabin primality tests,
-B<callback(1, i, cb_arg)> is called in the outer loop
-(once for each witness that confirms that the candidate may be prime);
-i is the loop counter (starting at 0).
-=item *
-When a prime q has been found, B<callback(2, 0, cb_arg)> and
-B<callback(3, 0, cb_arg)> are called.
-=item *
-Before a candidate for p (other than the first) is generated and tested,
-B<callback(0, counter, cb_arg)> is called.
-=item *
-When a candidate for p has passed the test by trial division,
-B<callback(1, -1, cb_arg)> is called.
-While it is tested by the Miller-Rabin primality test,
-B<callback(1, i, cb_arg)> is called in the outer loop
-(once for each witness that confirms that the candidate may be prime).
-i is the loop counter (starting at 0).
-=item *
-When p has been found, B<callback(2, 1, cb_arg)> is called.
-=item *
-When the generator has been found, B<callback(3, 1, cb_arg)> is called.
-=back
-=head1 RETURN VALUE
-DSA_generate_parameters() returns a pointer to the DSA structure, or
-B<NULL> if the parameter generation fails. The error codes can be
-obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
-=head1 BUGS
-Seed lengths E<gt> 20 are not supported.
-=head1 SEE ALSO
-L<dsa(3)|dsa(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>,
-L<DSA_free(3)|DSA_free(3)>
-=head1 HISTORY
-DSA_generate_parameters() appeared in SSLeay 0.8. The B<cb_arg>
-argument was added in SSLeay 0.9.0.
-In versions up to OpenSSL 0.9.4, B<callback(1, ...)> was called
-in the inner loop of the Miller-Rabin test whenever it reached the
-squaring step (the parameters to B<callback> did not reveal how many
-witnesses had been tested); since OpenSSL 0.9.5, B<callback(1, ...)>
-is called as in BN_is_prime(3), i.e. once for each witness.
-=cut
diff --git a/src/lib/libcrypto/doc/DSA_get_ex_new_index.pod b/src/lib/libcrypto/doc/DSA_get_ex_new_index.pod
deleted file mode 100644
index 4612e708ec..0000000000
--- a/src/lib/libcrypto/doc/DSA_get_ex_new_index.pod
+++ /dev/null
@@ -1,36 +0,0 @@
-=pod
-=head1 NAME
-DSA_get_ex_new_index, DSA_set_ex_data, DSA_get_ex_data - add application specific data to DSA structures
-=head1 SYNOPSIS
- #include <openssl/DSA.h>
- int DSA_get_ex_new_index(long argl, void *argp,
-                CRYPTO_EX_new *new_func,
-                CRYPTO_EX_dup *dup_func,
-                CRYPTO_EX_free *free_func);
- int DSA_set_ex_data(DSA *d, int idx, void *arg);
- char *DSA_get_ex_data(DSA *d, int idx);
-=head1 DESCRIPTION
-These functions handle application specific data in DSA
-structures. Their usage is identical to that of
-RSA_get_ex_new_index(), RSA_set_ex_data() and RSA_get_ex_data()
-as described in L<RSA_get_ex_new_index(3)>.
-=head1 SEE ALSO
-L<RSA_get_ex_new_index(3)|RSA_get_ex_new_index(3)>, L<dsa(3)|dsa(3)>
-=head1 HISTORY
-DSA_get_ex_new_index(), DSA_set_ex_data() and DSA_get_ex_data() are
-available since OpenSSL 0.9.5.
-=cut
diff --git a/src/lib/libcrypto/doc/DSA_new.pod b/src/lib/libcrypto/doc/DSA_new.pod
deleted file mode 100644
index 301af912dd..0000000000
--- a/src/lib/libcrypto/doc/DSA_new.pod
+++ /dev/null
@@ -1,41 +0,0 @@
-=pod
-=head1 NAME
-DSA_new, DSA_free - allocate and free DSA objects
-=head1 SYNOPSIS
- #include <openssl/dsa.h>
- DSA* DSA_new(void);
- void DSA_free(DSA *dsa);
-=head1 DESCRIPTION
-DSA_new() allocates and initializes a B<DSA> structure.
-DSA_free() frees the B<DSA> structure and its components. The values are
-erased before the memory is returned to the system.
-=head1 RETURN VALUES
-If the allocation fails, DSA_new() returns B<NULL> and sets an error
-code that can be obtained by
-L<ERR_get_error(3)|ERR_get_error(3)>. Otherwise it returns a pointer
-to the newly allocated structure.
-DSA_free() returns no value.
-=head1 SEE ALSO
-L<dsa(3)|dsa(3)>, L<ERR_get_error(3)|ERR_get_error(3)>,
-L<DSA_generate_parameters(3)|DSA_generate_parameters(3)>,
-L<DSA_generate_key(3)|DSA_generate_key(3)>
-=head1 HISTORY
-DSA_new() and DSA_free() are available in all versions of SSLeay and OpenSSL.
-=cut
diff --git a/src/lib/libcrypto/doc/DSA_set_method.pod b/src/lib/libcrypto/doc/DSA_set_method.pod
deleted file mode 100644
index edec46413d..0000000000
--- a/src/lib/libcrypto/doc/DSA_set_method.pod
+++ /dev/null
@@ -1,112 +0,0 @@
-=pod
-=head1 NAME
-DSA_set_default_method, DSA_get_default_method, DSA_set_method,
-DSA_new_method, DSA_OpenSSL - select RSA method
-=head1 SYNOPSIS
- #include <openssl/DSA.h>
- void DSA_set_default_method(DSA_METHOD *meth);
- DSA_METHOD *DSA_get_default_method(void);
- DSA_METHOD *DSA_set_method(DSA *dsa, DSA_METHOD *meth);
- DSA *DSA_new_method(DSA_METHOD *meth);
- DSA_METHOD *DSA_OpenSSL(void);
-=head1 DESCRIPTION
-A B<DSA_METHOD> specifies the functions that OpenSSL uses for DSA
-operations. By modifying the method, alternative implementations
-such as hardware accelerators may be used.
-Initially, the default is to use the OpenSSL internal implementation.
-DSA_OpenSSL() returns a pointer to that method.
-DSA_set_default_method() makes B<meth> the default method for all B<DSA>
-structures created later.
-DSA_get_default_method() returns a pointer to the current default
-method.
-DSA_set_method() selects B<meth> for all operations using the structure B<DSA>.
-DSA_get_method() returns a pointer to the method currently selected
-for B<DSA>.
-DSA_new_method() allocates and initializes a B<DSA> structure so that
-B<method> will be used for the DSA operations. If B<method> is B<NULL>,
-the default method is used.
-=head1 THE DSA_METHOD STRUCTURE
-struct
- {
-     /* name of the implementation */
-        const char *name;
-     /* sign */
-        DSA_SIG *(*dsa_do_sign)(const unsigned char *dgst, int dlen,
-                                 DSA *dsa);
-     /* pre-compute k^-1 and r */
-        int (*dsa_sign_setup)(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp,
-                                 BIGNUM **rp);
-     /* verify */
-        int (*dsa_do_verify)(const unsigned char *dgst, int dgst_len,
-                                 DSA_SIG *sig, DSA *dsa);
-     /* compute rr = a1^p1 * a2^p2 mod m (May be NULL for some
-                                          implementations) */
-        int (*dsa_mod_exp)(DSA *dsa, BIGNUM *rr, BIGNUM *a1, BIGNUM *p1,
-                                 BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
-                                 BN_CTX *ctx, BN_MONT_CTX *in_mont);
-     /* compute r = a ^ p mod m (May be NULL for some implementations) */
-        int (*bn_mod_exp)(DSA *dsa, BIGNUM *r, BIGNUM *a,
-                                 const BIGNUM *p, const BIGNUM *m,
-                                 BN_CTX *ctx, BN_MONT_CTX *m_ctx);
-     /* called at DSA_new */
-        int (*init)(DSA *DSA);
-     /* called at DSA_free */
-        int (*finish)(DSA *DSA);
-        int flags;
-        char *app_data; /* ?? */
- } DSA_METHOD;
-=head1 RETURN VALUES
-DSA_OpenSSL(), DSA_get_default_method() and DSA_get_method() return
-pointers to the respective B<DSA_METHOD>s.
-DSA_set_default_method() returns no value.
-DSA_set_method() returns a pointer to the B<DSA_METHOD> previously
-associated with B<dsa>.
-DSA_new_method() returns B<NULL> and sets an error code that can be
-obtained by L<ERR_get_error(3)|ERR_get_error(3)> if the allocation
-fails. Otherwise it returns a pointer to the newly allocated
-structure.
-=head1 SEE ALSO
-L<dsa(3)|dsa(3)>, L<DSA_new(3)|DSA_new(3)>
-=head1 HISTORY
-DSA_set_default_method(), DSA_get_default_method(), DSA_set_method(),
-DSA_new_method() and DSA_OpenSSL() were added in OpenSSL 0.9.4.
-=cut
diff --git a/src/lib/libcrypto/doc/DSA_sign.pod b/src/lib/libcrypto/doc/DSA_sign.pod
deleted file mode 100644
index 97389e8ec8..0000000000
--- a/src/lib/libcrypto/doc/DSA_sign.pod
+++ /dev/null
@@ -1,66 +0,0 @@
-=pod
-=head1 NAME
-DSA_sign, DSA_sign_setup, DSA_verify - DSA signatures
-=head1 SYNOPSIS
- #include <openssl/dsa.h>
- int    DSA_sign(int type, const unsigned char *dgst, int len,
-                unsigned char *sigret, unsigned int *siglen, DSA *dsa);
- int    DSA_sign_setup(DSA *dsa, BN_CTX *ctx, BIGNUM **kinvp,
-                BIGNUM **rp);
- int    DSA_verify(int type, const unsigned char *dgst, int len,
-                unsigned char *sigbuf, int siglen, DSA *dsa);
-=head1 DESCRIPTION
-DSA_sign() computes a digital signature on the B<len> byte message
-digest B<dgst> using the private key B<dsa> and places its ASN.1 DER
-encoding at B<sigret>. The length of the signature is places in
-*B<siglen>. B<sigret> must point to DSA_size(B<dsa>) bytes of memory.
-DSA_sign_setup() may be used to precompute part of the signing
-operation in case signature generation is time-critical. It expects
-B<dsa> to contain DSA parameters. It places the precomputed values
-in newly allocated B<BIGNUM>s at *B<kinvp> and *B<rp>, after freeing
-the old ones unless *B<kinvp> and *B<rp> are NULL. These values may
-be passed to DSA_sign() in B<dsa-E<gt>kinv> and B<dsa-E<gt>r>.
-B<ctx> is a pre-allocated B<BN_CTX> or NULL.
-DSA_verify() verifies that the signature B<sigbuf> of size B<siglen>
-matches a given message digest B<dgst> of size B<len>.
-B<dsa> is the signer's public key.
-The B<type> parameter is ignored.
-The PRNG must be seeded before DSA_sign() (or DSA_sign_setup())
-is called.
-=head1 RETURN VALUES
-DSA_sign() and DSA_sign_setup() return 1 on success, 0 on error.
-DSA_verify() returns 1 for a valid signature, 0 for an incorrect
-signature and -1 on error. The error codes can be obtained by
-L<ERR_get_error(3)|ERR_get_error(3)>.
-=head1 CONFORMING TO
-US Federal Information Processing Standard FIPS 186 (Digital Signature
-Standard, DSS), ANSI X9.30
-=head1 SEE ALSO
-L<dsa(3)|dsa(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>,
-L<DSA_do_sign(3)|DSA_do_sign(3)>
-=head1 HISTORY
-DSA_sign() and DSA_verify() are available in all versions of SSLeay.
-DSA_sign_setup() was added in SSLeay 0.8.
-=cut
diff --git a/src/lib/libcrypto/doc/DSA_size.pod b/src/lib/libcrypto/doc/DSA_size.pod
deleted file mode 100644
index 23b6320a4d..0000000000
--- a/src/lib/libcrypto/doc/DSA_size.pod
+++ /dev/null
@@ -1,33 +0,0 @@
-=pod
-=head1 NAME
-DSA_size - get DSA signature size
-=head1 SYNOPSIS
- #include <openssl/dsa.h>
- int DSA_size(DSA *dsa);
-=head1 DESCRIPTION
-This function returns the size of an ASN.1 encoded DSA signature in
-bytes. It can be used to determine how much memory must be allocated
-for a DSA signature.
-B<dsa-E<gt>q> must not be B<NULL>.
-=head1 RETURN VALUE
-The size in bytes.
-=head1 SEE ALSO
-L<dsa(3)|dsa(3)>, L<DSA_sign(3)|DSA_sign(3)>
-=head1 HISTORY
-DSA_size() is available in all versions of SSLeay and OpenSSL.
-=cut
diff --git a/src/lib/libcrypto/doc/ERR_GET_LIB.pod b/src/lib/libcrypto/doc/ERR_GET_LIB.pod
deleted file mode 100644
index 2a129da036..0000000000
--- a/src/lib/libcrypto/doc/ERR_GET_LIB.pod
+++ /dev/null
@@ -1,51 +0,0 @@
-=pod
-=head1 NAME
-ERR_GET_LIB, ERR_GET_FUNC, ERR_GET_REASON - get library, function and
-reason code
-=head1 SYNOPSIS
- #include <openssl/err.h>
- int ERR_GET_LIB(unsigned long e);
- int ERR_GET_FUNC(unsigned long e);
- int ERR_GET_REASON(unsigned long e);
-=head1 DESCRIPTION
-The error code returned by ERR_get_error() consists of a library
-number, function code and reason code. ERR_GET_LIB(), ERR_GET_FUNC()
-and ERR_GET_REASON() can be used to extract these.
-The library number and function code describe where the error
-occurred, the reason code is the information about what went wrong.
-Each sub-library of OpenSSL has a unique library number; function and
-reason codes are unique within each sub-library.  Note that different
-libraries may use the same value to signal different functions and
-reasons.
-B<ERR_R_...> reason codes such as B<ERR_R_MALLOC_FAILURE> are globally
-unique. However, when checking for sub-library specific reason codes,
-be sure to also compare the library number.
-ERR_GET_LIB(), ERR_GET_FUNC() and ERR_GET_REASON() are macros.
-=head1 RETURN VALUES
-The library number, function code and reason code respectively.
-=head1 SEE ALSO
-L<err(3)|err(3)>, L<ERR_get_error(3)|ERR_get_error(3)>
-=head1 HISTORY
-ERR_GET_LIB(), ERR_GET_FUNC() and ERR_GET_REASON() are available in
-all versions of SSLeay and OpenSSL.
-=cut
diff --git a/src/lib/libcrypto/doc/ERR_clear_error.pod b/src/lib/libcrypto/doc/ERR_clear_error.pod
deleted file mode 100644
index 566e1f4e31..0000000000
--- a/src/lib/libcrypto/doc/ERR_clear_error.pod
+++ /dev/null
@@ -1,29 +0,0 @@
-=pod
-=head1 NAME
-ERR_clear_error - clear the error queue
-=head1 SYNOPSIS
- #include <openssl/err.h>
- void ERR_clear_error(void);
-=head1 DESCRIPTION
-ERR_clear_error() empties the current thread's error queue.
-=head1 RETURN VALUES
-ERR_clear_error() has no return value.
-=head1 SEE ALSO
-L<err(3)|err(3)>, L<ERR_get_error(3)|ERR_get_error(3)>
-=head1 HISTORY
-ERR_clear_error() is available in all versions of SSLeay and OpenSSL.
-=cut
diff --git a/src/lib/libcrypto/doc/ERR_error_string.pod b/src/lib/libcrypto/doc/ERR_error_string.pod
deleted file mode 100644
index 0d2417599c..0000000000
--- a/src/lib/libcrypto/doc/ERR_error_string.pod
+++ /dev/null
@@ -1,65 +0,0 @@
-=pod
-=head1 NAME
-ERR_error_string - obtain human-readable error message
-=head1 SYNOPSIS
- #include <openssl/err.h>
- char *ERR_error_string(unsigned long e, char *buf);
- const char *ERR_lib_error_string(unsigned long e);
- const char *ERR_func_error_string(unsigned long e);
- const char *ERR_reason_error_string(unsigned long e);
-=head1 DESCRIPTION
-ERR_error_string() generates a human-readable string representing the
-error code B<e>, and places it at B<buf>. B<buf> must be at least 120
-bytes long. If B<buf> is B<NULL>, the error string is placed in a
-static buffer.
-The string will have the following format:
- error:[error code]:[library name]:[function name]:[reason string]
-I<error code> is an 8 digit hexadecimal number, I<library name>,
-I<function name> and I<reason string> are ASCII text.
-ERR_lib_error_string(), ERR_func_error_string() and
-ERR_reason_error_string() return the library name, function
-name and reason string respectively.
-The OpenSSL error strings should be loaded by calling
-L<ERR_load_crypto_strings(3)|ERR_load_crypto_strings(3)> or, for SSL
-applications, L<SSL_load_error_strings(3)|SSL_load_error_strings(3)>
-first.
-If there is no text string registered for the given error code,
-the error string will contain the numeric code.
-L<ERR_print_errors(3)|ERR_print_errors(3)> can be used to print
-all error codes currently in the queue.
-=head1 RETURN VALUES
-ERR_error_string() returns a pointer to a static buffer containing the
-string if B<buf == NULL>, B<buf> otherwise.
-ERR_lib_error_string(), ERR_func_error_string() and
-ERR_reason_error_string() return the strings, and B<NULL> if
-none is registered for the error code.
-=head1 SEE ALSO
-L<err(3)|err(3)>, L<ERR_get_error(3)|ERR_get_error(3)>,
-L<ERR_load_crypto_strings(3)|ERR_load_crypto_strings(3)>,
-L<SSL_load_error_strings(3)|SSL_load_error_strings(3)>
-L<ERR_print_errors(3)|ERR_print_errors(3)>
-=head1 HISTORY
-ERR_error_string() is available in all versions of SSLeay and OpenSSL.
-=cut
diff --git a/src/lib/libcrypto/doc/ERR_get_error.pod b/src/lib/libcrypto/doc/ERR_get_error.pod
deleted file mode 100644
index 75ece00d97..0000000000
--- a/src/lib/libcrypto/doc/ERR_get_error.pod
+++ /dev/null
@@ -1,62 +0,0 @@
-=pod
-=head1 NAME
-ERR_get_error, ERR_peek_error - obtain error code
-=head1 SYNOPSIS
- #include <openssl/err.h>
- unsigned long ERR_get_error(void);
- unsigned long ERR_peek_error(void);
- unsigned long ERR_get_error_line(const char **file, int *line);
- unsigned long ERR_peek_error_line(const char **file, int *line);
- unsigned long ERR_get_error_line_data(const char **file, int *line,
-         const char **data, int *flags);
- unsigned long ERR_peek_error_line_data(const char **file, int *line,
-         const char **data, int *flags);
-=head1 DESCRIPTION
-ERR_get_error() returns the last error code from the thread's error
-queue and removes the entry. This function can be called repeatedly
-until there are no more error codes to return.
-ERR_peek_error() returns the last error code from the thread's
-error queue without modifying it.
-See L<ERR_GET_LIB(3)|ERR_GET_LIB(3)> for obtaining information about
-location and reason of the error, and
-L<ERR_error_string(3)|ERR_error_string(3)> for human-readable error
-messages.
-ERR_get_error_line() and ERR_peek_error_line() are the same as the
-above, but they additionally store the file name and line number where
-the error occurred in *B<file> and *B<line>, unless these are B<NULL>.
-ERR_get_error_line_data() and ERR_peek_error_line_data() store
-additional data and flags associated with the error code in *B<data>
-and *B<flags>, unless these are B<NULL>. *B<data> contains a string
-if *B<flags>&B<ERR_TXT_STRING>. If it has been allocated by Malloc(),
-*B<flags>&B<ERR_TXT_MALLOCED> is true.
-=head1 RETURN VALUES
-The error code, or 0 if there is no error in the queue.
-=head1 SEE ALSO
-L<err(3)|err(3)>, L<ERR_error_string(3)|ERR_error_string(3)>,
-L<ERR_GET_LIB(3)|ERR_GET_LIB(3)>
-=head1 HISTORY
-ERR_get_error(), ERR_peek_error(), ERR_get_error_line() and
-ERR_peek_error_line() are available in all versions of SSLeay and
-OpenSSL. ERR_get_error_line_data() and ERR_peek_error_line_data()
-were added in SSLeay 0.9.0.
-=cut
diff --git a/src/lib/libcrypto/doc/ERR_load_crypto_strings.pod b/src/lib/libcrypto/doc/ERR_load_crypto_strings.pod
deleted file mode 100644
index 9bdec75a46..0000000000
--- a/src/lib/libcrypto/doc/ERR_load_crypto_strings.pod
+++ /dev/null
@@ -1,46 +0,0 @@
-=pod
-=head1 NAME
-ERR_load_crypto_strings, SSL_load_error_strings, ERR_free_strings -
-load and free error strings
-=head1 SYNOPSIS
- #include <openssl/err.h>
- void ERR_load_crypto_strings(void);
- void ERR_free_strings(void);
- #include <openssl/ssl.h>
- void SSL_load_error_strings(void);
-=head1 DESCRIPTION
-ERR_load_crypto_strings() registers the error strings for all
-B<libcrypto> functions. SSL_load_error_strings() does the same,
-but also registers the B<libssl> error strings.
-One of these functions should be called before generating
-textual error messages. However, this is not required when memory
-usage is an issue.
-ERR_free_strings() frees all previously loaded error strings.
-=head1 RETURN VALUES
-ERR_load_crypto_strings(), SSL_load_error_strings() and
-ERR_free_strings() return no values.
-=head1 SEE ALSO
-L<err(3)|err(3)>, L<ERR_error_string(3)|ERR_error_string(3)>
-=head1 HISTORY
-ERR_load_error_strings(), SSL_load_error_strings() and
-ERR_free_strings() are available in all versions of SSLeay and
-OpenSSL.
-=cut
diff --git a/src/lib/libcrypto/doc/ERR_load_strings.pod b/src/lib/libcrypto/doc/ERR_load_strings.pod
deleted file mode 100644
index 5acdd0edbc..0000000000
--- a/src/lib/libcrypto/doc/ERR_load_strings.pod
+++ /dev/null
@@ -1,54 +0,0 @@
-=pod
-=head1 NAME
-ERR_load_strings, ERR_PACK, ERR_get_next_error_library - load
-arbitrary error strings
-=head1 SYNOPSIS
- #include <openssl/err.h>
- void ERR_load_strings(int lib, ERR_STRING_DATA str[]);
- int ERR_get_next_error_library(void);
- unsigned long ERR_PACK(int lib, int func, int reason);
-=head1 DESCRIPTION
-ERR_load_strings() registers error strings for library number B<lib>.
-B<str> is an array of error string data:
- typedef struct ERR_string_data_st
- {
-        unsigned long error;
-        char *string;
- } ERR_STRING_DATA;
-The error code is generated from the library number and a function and
-reason code: B<error> = ERR_PACK(B<lib>, B<func>, B<reason>).
-ERR_PACK() is a macro.
-The last entry in the array is {0,0}.
-ERR_get_next_error_library() can be used to assign library numbers
-to user libraries at runtime.
-=head1 RETURN VALUE
-ERR_load_strings() returns no value. ERR_PACK() return the error code.
-ERR_get_next_error_library() returns a new library number.
-=head1 SEE ALSO
-L<err(3)|err(3)>, L<ERR_load_strings(3)|ERR_load_strings(3)>
-=head1 HISTORY
-ERR_load_error_strings() and ERR_PACK() are available in all versions
-of SSLeay and OpenSSL. ERR_get_next_error_library() was added in
-SSLeay 0.9.0.
-=cut
diff --git a/src/lib/libcrypto/doc/ERR_print_errors.pod b/src/lib/libcrypto/doc/ERR_print_errors.pod
deleted file mode 100644
index b100a5fa2b..0000000000
--- a/src/lib/libcrypto/doc/ERR_print_errors.pod
+++ /dev/null
@@ -1,51 +0,0 @@
-=pod
-=head1 NAME
-ERR_print_errors, ERR_print_errors_fp - print error messages
-=head1 SYNOPSIS
- #include <openssl/err.h>
- void ERR_print_errors(BIO *bp);
- void ERR_print_errors_fp(FILE *fp);
-=head1 DESCRIPTION
-ERR_print_errors() is a convenience function that prints the error
-strings for all errors that OpenSSL has recorded to B<bp>, thus
-emptying the error queue.
-ERR_print_errors_fp() is the same, except that the output goes to a
-B<FILE>.
-The error strings will have the following format:
- [pid]:error:[error code]:[library name]:[function name]:[reason string]:[file name]:[line]:[optional text message]
-I<error code> is an 8 digit hexadecimal number. I<library name>,
-I<function name> and I<reason string> are ASCII text, as is I<optional
-text message> if one was set for the respective error code.
-If there is no text string registered for the given error code,
-the error string will contain the numeric code.
-=head1 RETURN VALUES
-ERR_print_errors() and ERR_print_errors_fp() return no values.
-=head1 SEE ALSO
-L<err(3)|err(3)>, L<ERR_error_string(3)|ERR_error_string(3)>,
-L<ERR_get_error(3)|ERR_get_error(3)>,
-L<ERR_load_crypto_strings(3)|ERR_load_crypto_strings(3)>,
-L<SSL_load_error_strings(3)|SSL_load_error_strings(3)>
-=head1 HISTORY
-ERR_print_errors() and ERR_print_errors_fp()
-are available in all versions of SSLeay and OpenSSL.
-=cut
diff --git a/src/lib/libcrypto/doc/ERR_put_error.pod b/src/lib/libcrypto/doc/ERR_put_error.pod
deleted file mode 100644
index acd241fbe4..0000000000
--- a/src/lib/libcrypto/doc/ERR_put_error.pod
+++ /dev/null
@@ -1,44 +0,0 @@
-=pod
-=head1 NAME
-ERR_put_error, ERR_add_error_data - record an error
-=head1 SYNOPSIS
- #include <openssl/err.h>
- void ERR_put_error(int lib, int func, int reason, const char *file,
-         int line);
- void ERR_add_error_data(int num, ...);
-=head1 DESCRIPTION
-ERR_put_error() adds an error code to the thread's error queue. It
-signals that the error of reason code B<reason> occurred in function
-B<func> of library B<lib>, in line number B<line> of B<file>.
-This function is usually called by a macro.
-ERR_add_error_data() associates the concatenation of its B<num> string
-arguments with the error code added last.
-L<ERR_load_strings(3)|ERR_load_strings(3)> can be used to register
-error strings so that the application can a generate human-readable
-error messages for the error code.
-=head1 RETURN VALUES
-ERR_put_error() and ERR_add_error_data() return
-no values.
-=head1 SEE ALSO
-L<err(3)|err(3)>, L<ERR_load_strings(3)|ERR_load_strings(3)>
-=head1 HISTORY
-ERR_put_error() is available in all versions of SSLeay and OpenSSL.
-ERR_add_error_data() was added in SSLeay 0.9.0.
-=cut
diff --git a/src/lib/libcrypto/doc/ERR_remove_state.pod b/src/lib/libcrypto/doc/ERR_remove_state.pod
deleted file mode 100644
index ebcdc0f5a5..0000000000
--- a/src/lib/libcrypto/doc/ERR_remove_state.pod
+++ /dev/null
@@ -1,34 +0,0 @@
-=pod
-=head1 NAME
-ERR_remove_state - free a thread's error queue
-=head1 SYNOPSIS
- #include <openssl/err.h>
- void ERR_remove_state(unsigned long pid);
-=head1 DESCRIPTION
-ERR_remove_state() frees the error queue associated with thread B<pid>.
-If B<pid> == 0, the current thread will have its error queue removed.
-Since error queue data structures are allocated automatically for new
-threads, they must be freed when threads are terminated in oder to
-avoid memory leaks.
-=head1 RETURN VALUE
-ERR_remove_state() returns no value.
-=head1 SEE ALSO
-L<err(3)|err(3)>
-=head1 HISTORY
-ERR_remove_state() is available in all versions of SSLeay and OpenSSL.
-=cut
diff --git a/src/lib/libcrypto/doc/EVP_DigestInit.pod b/src/lib/libcrypto/doc/EVP_DigestInit.pod
deleted file mode 100644
index 6d4e156ae3..0000000000
--- a/src/lib/libcrypto/doc/EVP_DigestInit.pod
+++ /dev/null
@@ -1,197 +0,0 @@
-=pod
-=head1 NAME
-EVP_DigestInit, EVP_DigestUpdate, EVP_DigestFinal - EVP digest routines
-=head1 SYNOPSIS
- #include <openssl/evp.h>
- void EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type);
- void EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt);
- void EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md,
-        unsigned int *s);
- #define EVP_MAX_MD_SIZE (16+20) /* The SSLv3 md5+sha1 type */
- int EVP_MD_CTX_copy(EVP_MD_CTX *out,EVP_MD_CTX *in);  
- #define EVP_MD_type(e)                 ((e)->type)
- #define EVP_MD_pkey_type(e)            ((e)->pkey_type)
- #define EVP_MD_size(e)                 ((e)->md_size)
- #define EVP_MD_block_size(e)           ((e)->block_size)
- #define EVP_MD_CTX_md(e)               (e)->digest)
- #define EVP_MD_CTX_size(e)             EVP_MD_size((e)->digest)
- #define EVP_MD_CTX_block_size(e)       EVP_MD_block_size((e)->digest)
- #define EVP_MD_CTX_type(e)             EVP_MD_type((e)->digest)
- EVP_MD *EVP_md_null(void);
- EVP_MD *EVP_md2(void);
- EVP_MD *EVP_md5(void);
- EVP_MD *EVP_sha(void);
- EVP_MD *EVP_sha1(void);
- EVP_MD *EVP_dss(void);
- EVP_MD *EVP_dss1(void);
- EVP_MD *EVP_mdc2(void);
- EVP_MD *EVP_ripemd160(void);
- const EVP_MD *EVP_get_digestbyname(const char *name);
- #define EVP_get_digestbynid(a) EVP_get_digestbyname(OBJ_nid2sn(a))
- #define EVP_get_digestbyobj(a) EVP_get_digestbynid(OBJ_obj2nid(a))
-=head1 DESCRIPTION
-The EVP digest routines are a high level interface to message digests.
-EVP_DigestInit() initialises a digest context B<ctx> to use a digest
-B<type>: this will typically be supplied by a function such as
-EVP_sha1().
-EVP_DigestUpdate() hashes B<cnt> bytes of data at B<d> into the
-digest context B<ctx>. This funtion can be called several times on the
-same B<ctx> to hash additional data.
-EVP_DigestFinal() retrieves the digest value from B<ctx> and places
-it in B<md>. If the B<s> parameter is not NULL then the number of
-bytes of data written (i.e. the length of the digest) will be written
-to the integer at B<s>, at most B<EVP_MAX_MD_SIZE> bytes will be written.
-After calling EVP_DigestFinal() no additional calls to EVP_DigestUpdate()
-can be made, but EVP_DigestInit() can be called to initialiase a new
-digest operation.
-EVP_MD_CTX_copy() can be used to copy the message digest state from
-B<in> to B<out>. This is useful if large amounts of data are to be
-hashed which only differ in the last few bytes.
-EVP_MD_size() and EVP_MD_CTX_size() return the size of the message digest
-when passed an B<EVP_MD> or an B<EVP_MD_CTX> structure, i.e. the size of the
-hash.
-EVP_MD_block_size() and EVP_MD_CTX_block_size() return the block size of the
-message digest when passed an B<EVP_MD> or an B<EVP_MD_CTX> structure.
-EVP_MD_type() and EVP_MD_CTX_type() return the NID of the OBJECT IDENTIFIER
-representing the given message digest when passed an B<EVP_MD> structure.
-For example EVP_MD_type(EVP_sha1()) returns B<NID_sha1>. This function is
-normally used when setting ASN1 OIDs.
-EVP_MD_CTX_md() returns the B<EVP_MD> structure corresponding to the passed
-B<EVP_MD_CTX>.
-EVP_MD_pkey_type() returns the NID of the public key signing algorithm associated
-with this digest. For example EVP_sha1() is associated with RSA so this will
-return B<NID_sha1WithRSAEncryption>. This "link" between digests and signature
-algorithms may not be retained in future versions of OpenSSL.
-EVP_md2(), EVP_md5(), EVP_sha(), EVP_sha1(), EVP_mdc2() and EVP_ripemd160()
-return B<EVP_MD> structures for the MD2, MD5, SHA, SHA1, MDC2 and RIPEMD160 digest
-algorithms respectively. The associated signature algorithm is RSA in each case.
-EVP_dss() and EVP_dss1() return B<EVP_MD> structures for SHA and SHA1 digest
-algorithms but using DSS (DSA) for the signature algorithm.
-EVP_md_null() is a "null" message digest that does nothing: i.e. the hash it
-returns is of zero length.
-EVP_get_digestbyname(), EVP_get_digestbynid() and EVP_get_digestbyobj()
-return an B<EVP_MD> structure when passed a digest name, a digest NID or
-an ASN1_OBJECT structure respectively. The digest table must be initialised
-using, for example, OpenSSL_add_all_digests() for these functions to work.
-=head1 RETURN VALUES
-EVP_DigestInit(), EVP_DigestUpdate() and EVP_DigestFinal() do not return values.
-EVP_MD_CTX_copy() returns 1 if successful or 0 for failure.
-EVP_MD_type(), EVP_MD_pkey_type() and EVP_MD_type() return the NID of the
-corresponding OBJECT IDENTIFIER or NID_undef if none exists.
-EVP_MD_size(), EVP_MD_block_size(), EVP_MD_CTX_size(e), EVP_MD_size(),
-EVP_MD_CTX_block_size() and EVP_MD_block_size() return the digest or block
-size in bytes.
-EVP_md_null(), EVP_md2(), EVP_md5(), EVP_sha(), EVP_sha1(), EVP_dss(),
-EVP_dss1(), EVP_mdc2() and EVP_ripemd160() return pointers to the
-corresponding EVP_MD structures.
-EVP_get_digestbyname(), EVP_get_digestbynid() and EVP_get_digestbyobj()
-return either an B<EVP_MD> structure or NULL if an error occurs.
-=head1 NOTES
-The B<EVP> interface to message digests should almost always be used in
-preference to the low level interfaces. This is because the code then becomes
-transparent to the digest used and much more flexible.
-SHA1 is the digest of choice for new applications. The other digest algorithms
-are still in common use.
-=head1 EXAMPLE
-This example digests the data "Test Message\n" and "Hello World\n", using the
-digest name passed on the command line.
- #include <stdio.h>
- #include <openssl/evp.h>
- main(int argc, char *argv[])
- {
- EVP_MD_CTX mdctx;
- const EVP_MD *md;
- char mess1[] = "Test Message\n";
- char mess2[] = "Hello World\n";
- unsigned char md_value[EVP_MAX_MD_SIZE];
- int md_len, i;
- OpenSSL_add_all_digests();
- if(!argv[1]) {
-        printf("Usage: mdtest digestname\n");
-        exit(1);
- }
- md = EVP_get_digestbyname(argv[1]);
- if(!md) {
-        printf("Unknown message digest %s\n", argv[1]);
-        exit(1);
- }
- EVP_DigestInit(&mdctx, md);
- EVP_DigestUpdate(&mdctx, mess1, strlen(mess1));
- EVP_DigestUpdate(&mdctx, mess2, strlen(mess2));
- EVP_DigestFinal(&mdctx, md_value, &md_len);
- printf("Digest is: ");
- for(i = 0; i < md_len; i++) printf("%02x", md_value[i]);
- printf("\n");
- }
-=head1 BUGS
-Several of the functions do not return values: maybe they should. Although the
-internal digest operations will never fail some future hardware based operations
-might.
-The link between digests and signing algorithms results in a situation where
-EVP_sha1() must be used with RSA and EVP_dss1() must be used with DSS
-even though they are identical digests.
-The size of an B<EVP_MD_CTX> structure is determined at compile time: this results
-in code that must be recompiled if the size of B<EVP_MD_CTX> increases.
-=head1 SEE ALSO
-L<evp(3)|evp(3)>, L<HMAC(3)|HMAC(3)>, L<MD2(3)|MD2(3)>,
-L<MD5(3)|MD5(3)>, L<MDC2(3)|MDC2(3)>, L<RIPEMD160(3)|RIPEMD160(3)>,
-L<SHA1(3)|SHA1(3)>
-=head1 HISTORY
-EVP_DigestInit(), EVP_DigestUpdate() and EVP_DigestFinal() are
-available in all versions of SSLeay and OpenSSL.
-=cut
diff --git a/src/lib/libcrypto/doc/EVP_EncryptInit.pod b/src/lib/libcrypto/doc/EVP_EncryptInit.pod
deleted file mode 100644
index 77ed4ccdba..0000000000
--- a/src/lib/libcrypto/doc/EVP_EncryptInit.pod
+++ /dev/null
@@ -1,224 +0,0 @@
-=pod
-=head1 NAME
-EVP_EncryptInit, EVP_EncryptUpdate, EVP_EncryptFinal - EVP cipher routines
-=head1 SYNOPSIS
- #include <openssl/evp.h>
- void EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
-         unsigned char *key, unsigned char *iv);
- void EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
-         int *outl, unsigned char *in, int inl);
- void EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out,
-         int *outl);
- void EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
-         unsigned char *key, unsigned char *iv);
- void EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
-         int *outl, unsigned char *in, int inl);
- int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm,
-         int *outl);
- void EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
-         unsigned char *key, unsigned char *iv, int enc);
- void EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
-         int *outl, unsigned char *in, int inl);
- int EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm,
-         int *outl);
- void EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *a);
- const EVP_CIPHER *EVP_get_cipherbyname(const char *name);
- #define EVP_get_cipherbynid(a) EVP_get_cipherbyname(OBJ_nid2sn(a))
- #define EVP_get_cipherbyobj(a) EVP_get_cipherbynid(OBJ_obj2nid(a))
- #define EVP_CIPHER_nid(e)              ((e)->nid)
- #define EVP_CIPHER_block_size(e)       ((e)->block_size)
- #define EVP_CIPHER_key_length(e)       ((e)->key_len)
- #define EVP_CIPHER_iv_length(e)        ((e)->iv_len)
- int EVP_CIPHER_type(const EVP_CIPHER *ctx);
- #define EVP_CIPHER_CTX_cipher(e)       ((e)->cipher)
- #define EVP_CIPHER_CTX_nid(e)          ((e)->cipher->nid)
- #define EVP_CIPHER_CTX_block_size(e)   ((e)->cipher->block_size)
- #define EVP_CIPHER_CTX_key_length(e)   ((e)->cipher->key_len)
- #define EVP_CIPHER_CTX_iv_length(e)    ((e)->cipher->iv_len)
- #define EVP_CIPHER_CTX_type(c)         EVP_CIPHER_type(EVP_CIPHER_CTX_cipher(c))
- int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type);
- int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type);
-=head1 DESCRIPTION
-The EVP cipher routines are a high level interface to certain
-symmetric ciphers.
-EVP_EncryptInit() initialises a cipher context B<ctx> for encryption
-with cipher B<type>. B<type> is normally supplied by a function such
-as EVP_des_cbc() . B<key> is the symmetric key to use and B<iv> is the
-IV to use (if necessary), the actual number of bytes used for the
-key and IV depends on the cipher. It is possible to set all parameters
-to NULL except B<type> in an initial call and supply the remaining
-parameters in subsequent calls. This is normally done when the 
-EVP_CIPHER_asn1_to_param() function is called to set the cipher
-parameters from an ASN1 AlgorithmIdentifier and the key from a
-different source.
-EVP_EncryptUpdate() encrypts B<inl> bytes from the buffer B<in> and
-writes the encrypted version to B<out>. This function can be called
-multiple times to encrypt successive blocks of data. The amount
-of data written depends on the block alignment of the encrypted data:
-as a result the amount of data written may be anything from zero bytes
-to (inl + cipher_block_size - 1) so B<outl> should contain sufficient
-room.  The actual number of bytes written is placed in B<outl>.
-EVP_EncryptFinal() encrypts the "final" data, that is any data that
-remains in a partial block. It uses L<standard block padding|/NOTES> (aka PKCS
-padding). The encrypted final data is written to B<out> which should
-have sufficient space for one cipher block. The number of bytes written
-is placed in B<outl>. After this function is called the encryption operation
-is finished and no further calls to EVP_EncryptUpdate() should be made.
-EVP_DecryptInit(), EVP_DecryptUpdate() and EVP_DecryptFinal() are the
-corresponding decryption operations. EVP_DecryptFinal() will return an
-error code if the final block is not correctly formatted. The parameters
-and restrictions are identical to the encryption operations except that
-the decrypted data buffer B<out> passed to EVP_DecryptUpdate() should
-have sufficient room for (B<inl> + cipher_block_size) bytes unless the
-cipher block size is 1 in which case B<inl> bytes is sufficient.
-EVP_CipherInit(), EVP_CipherUpdate() and EVP_CipherFinal() are functions
-that can be used for decryption or encryption. The operation performed
-depends on the value of the B<enc> parameter. It should be set to 1 for
-encryption and 0 for decryption.
-EVP_CIPHER_CTX_cleanup() clears all information from a cipher context.
-It should be called after all operations using a cipher are complete
-so sensitive information does not remain in memory.
-EVP_get_cipherbyname(), EVP_get_cipherbynid() and EVP_get_cipherbyobj()
-return an EVP_CIPHER structure when passed a cipher name, a NID or an
-ASN1_OBJECT structure.
-EVP_CIPHER_nid() and EVP_CIPHER_CTX_nid() return the NID of a cipher when
-passed an B<EVP_CIPHER> or B<EVP_CIPHER_CTX> structure.  The actual NID
-value is an internal value which may not have a corresponding OBJECT
-IDENTIFIER.
-EVP_CIPHER_key_length() and EVP_CIPHER_CTX_key_length() return the key
-length of a cipher when passed an B<EVP_CIPHER> or B<EVP_CIPHER_CTX>
-structure. The constant B<EVP_MAX_KEY_LENGTH> is the maximum key length
-for all ciphers.
-EVP_CIPHER_iv_length() and EVP_CIPHER_CTX_iv_length() return the IV
-length of a cipher when passed an B<EVP_CIPHER> or B<EVP_CIPHER_CTX>.
-It will return zero if the cipher does not use an IV.  The constant
-B<EVP_MAX_IV_LENGTH> is the maximum IV length for all ciphers.
-EVP_CIPHER_block_size() and EVP_CIPHER_CTX_block_size() return the block
-size of a cipher when passed an B<EVP_CIPHER> or B<EVP_CIPHER_CTX>
-structure. The constant B<EVP_MAX_IV_LENGTH> is also the maximum block
-length for all ciphers.
-EVP_CIPHER_type() and EVP_CIPHER_CTX_type() return the type of the passed
-cipher or context. This "type" is the actual NID of the cipher OBJECT
-IDENTIFIER as such it ignores the cipher parameters and 40 bit RC2 and
-128 bit RC2 have the same NID. If the cipher does not have an object
-identifier or does not have ASN1 support this function will return
-B<NID_undef>.
-EVP_CIPHER_CTX_cipher() returns the B<EVP_CIPHER> structure when passed
-an B<EVP_CIPHER_CTX> structure.
-EVP_CIPHER_param_to_asn1() sets the AlgorithmIdentifier "parameter" based
-on the passed cipher. This will typically include any parameters and an
-IV. The cipher IV (if any) must be set when this call is made. This call
-should be made before the cipher is actually "used" (before any
-EVP_EncryptUpdate(), EVP_DecryptUpdate() calls for example). This function
-may fail if the cipher does not have any ASN1 support.
-EVP_CIPHER_asn1_to_param() sets the cipher parameters based on an ASN1
-AlgorithmIdentifier "parameter". The precise effect depends on the cipher
-In the case of RC2, for example, it will set the IV and effective key length.
-This function should be called after the base cipher type is set but before
-the key is set. For example EVP_CipherInit() will be called with the IV and
-key set to NULL, EVP_CIPHER_asn1_to_param() will be called and finally
-EVP_CipherInit() again with all parameters except the key set to NULL. It is
-possible for this function to fail if the cipher does not have any ASN1 support
-or the parameters cannot be set (for example the RC2 effective key length
-does not have an B<EVP_CIPHER> structure).
-=head1 RETURN VALUES
-EVP_EncryptInit(), EVP_EncryptUpdate() and EVP_EncryptFinal() do not return
-values.
-EVP_DecryptInit() and EVP_DecryptUpdate() do not return values.
-EVP_DecryptFinal() returns 0 if the decrypt failed or 1 for success.
-EVP_CipherInit() and EVP_CipherUpdate() do not return values.
-EVP_CipherFinal() returns 1 for a decryption failure or 1 for success, if
-the operation is encryption then it always returns 1.
-EVP_CIPHER_CTX_cleanup() does not return a value.
-EVP_get_cipherbyname(), EVP_get_cipherbynid() and EVP_get_cipherbyobj()
-return an B<EVP_CIPHER> structure or NULL on error.
-EVP_CIPHER_nid() and EVP_CIPHER_CTX_nid() return a NID.
-EVP_CIPHER_block_size() and EVP_CIPHER_CTX_block_size() return the block
-size.
-EVP_CIPHER_key_length() and EVP_CIPHER_CTX_key_length() return the key
-length.
-EVP_CIPHER_iv_length() and EVP_CIPHER_CTX_iv_length() return the IV
-length or zero if the cipher does not use an IV.
-EVP_CIPHER_type() and EVP_CIPHER_CTX_type() return the NID of the cipher's
-OBJECT IDENTIFIER or NID_undef if it has no defined OBJECT IDENTIFIER.
-EVP_CIPHER_CTX_cipher() returns an B<EVP_CIPHER> structure.
-EVP_CIPHER_param_to_asn1() and EVP_CIPHER_asn1_to_param() return 1 for 
-success or zero for failure.
-=head1 NOTES
-Where possible the B<EVP> interface to symmetric ciphers should be used in
-preference to the low level interfaces. This is because the code then becomes
-transparent to the cipher used and much more flexible.
-PKCS padding works by adding B<n> padding bytes of value B<n> to make the total 
-length of the encrypted data a multiple of the block size. Padding is always
-added so if the data is already a multiple of the block size B<n> will equal
-the block size. For example if the block size is 8 and 11 bytes are to be
-encrypted then 5 padding bytes of value 5 will be added.
-When decrypting the final block is checked to see if it has the correct form.
-Although the decryption operation can produce an error, it is not a strong
-test that the input data or key is correct. A random block has better than
-1 in 256 chance of being of the correct format and problems with the
-input data earlier on will not produce a final decrypt error.
-=head1 BUGS
-The current B<EVP> cipher interface is not as flexible as it should be. Only
-certain "spot" encryption algorithms can be used for ciphers which have various
-parameters associated with them (RC2, RC5 for example) this is inadequate.
-Several of the functions do not return error codes because the software versions
-can never fail. This is not true of hardware versions.
-=head1 SEE ALSO
-L<evp(3)|evp(3)>
-=head1 HISTORY
-=cut
diff --git a/src/lib/libcrypto/doc/EVP_OpenInit.pod b/src/lib/libcrypto/doc/EVP_OpenInit.pod
deleted file mode 100644
index 50edb124e4..0000000000
--- a/src/lib/libcrypto/doc/EVP_OpenInit.pod
+++ /dev/null
@@ -1,51 +0,0 @@
-=pod
-=head1 NAME
-EVP_OpenInit, EVP_OpenUpdate, EVP_OpenFinal - EVP envelope decryption
-=head1 SYNOPSIS
- #include <openssl/evp.h>
- int EVP_OpenInit(EVP_CIPHER_CTX *ctx,EVP_CIPHER *type,unsigned char *ek,
-                int ekl,unsigned char *iv,EVP_PKEY *priv);
- void EVP_OpenUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
-         int *outl, unsigned char *in, int inl);
- void EVP_OpenFinal(EVP_CIPHER_CTX *ctx, unsigned char *out,
-         int *outl);
-=head1 DESCRIPTION
-The EVP envelope routines are a high level interface to envelope
-decryption. They decrypt a public key encrypted symmetric key and
-then decrypt data using it.
-EVP_OpenInit() initialises a cipher context B<ctx> for decryption
-with cipher B<type>. It decrypts the encrypted symmetric key of length
-B<ekl> bytes passed in the B<ek> parameter using the private key B<priv>.
-The IV is supplied in the B<iv> parameter.
-EVP_OpenUpdate() and EVP_OpenFinal() have exactly the same properties
-as the EVP_DecryptUpdate() and EVP_DecryptFinal() routines, as 
-documented on the L<EVP_EncryptInit(3)|EVP_EncryptInit(3)> manual
-page. 
-=head1 RETURN VALUES
-EVP_OpenInit() returns -1 on error or an non zero integer (actually the
-recovered secret key size) if successful.
-EVP_SealUpdate() does not return a value.
-EVP_SealFinal() returns 0 if the decrypt failed or 1 for success.
-=head1 SEE ALSO
-L<evp(3)|evp(3)>,
-L<EVP_EncryptInit(3)|EVP_EncryptInit(3)>,
-L<EVP_SealInit(3)|EVP_SealInit(3)>
-=head1 HISTORY
-=cut
diff --git a/src/lib/libcrypto/doc/EVP_SealInit.pod b/src/lib/libcrypto/doc/EVP_SealInit.pod
deleted file mode 100644
index 42beed33bd..0000000000
--- a/src/lib/libcrypto/doc/EVP_SealInit.pod
+++ /dev/null
@@ -1,70 +0,0 @@
-=pod
-=head1 NAME
-EVP_SealInit, EVP_SealUpdate, EVP_SealFinal - EVP envelope encryption
-=head1 SYNOPSIS
- #include <openssl/evp.h>
- int EVP_SealInit(EVP_CIPHER_CTX *ctx, EVP_CIPHER *type, unsigned char **ek,
-                int *ekl, unsigned char *iv,EVP_PKEY **pubk, int npubk);
- void EVP_SealUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
-         int *outl, unsigned char *in, int inl);
- void EVP_SealFinal(EVP_CIPHER_CTX *ctx, unsigned char *out,
-         int *outl);
-=head1 DESCRIPTION
-The EVP envelope routines are a high level interface to envelope
-encryption. They generate a random key and then "envelope" it by
-using public key encryption. Data can then be encrypted using this
-key.
-EVP_SealInit() initialises a cipher context B<ctx> for encryption
-with cipher B<type> using a random secret key and IV supplied in
-the B<iv> parameter. B<type> is normally supplied by a function such
-as EVP_des_cbc(). The secret key is encrypted using one or more public
-keys, this allows the same encrypted data to be decrypted using any
-of the corresponding private keys. B<ek> is an array of buffers where
-the public key encrypted secret key will be written, each buffer must
-contain enough room for the corresponding encrypted key: that is
-B<ek[i]> must have room for B<EVP_PKEY_size(pubk[i])> bytes. The actual
-size of each encrypted secret key is written to the array B<ekl>. B<pubk> is
-an array of B<npubk> public keys.
-EVP_SealUpdate() and EVP_SealFinal() have exactly the same properties
-as the EVP_EncryptUpdate() and EVP_EncryptFinal() routines, as 
-documented on the L<EVP_EncryptInit(3)|EVP_EncryptInit(3)> manual
-page. 
-=head1 RETURN VALUES
-EVP_SealInit() returns -1 on error or B<npubk> if successful.
-EVP_SealUpdate() and EVP_SealFinal() do not return values.
-=head1 NOTES
-Because a random secret key is generated the random number generator
-must be seeded before calling EVP_SealInit().
-The public key must be RSA because it is the only OpenSSL public key
-algorithm that supports key transport.
-Envelope encryption is the usual method of using public key encryption
-on large amounts of data, this is because public key encryption is slow
-but symmetric encryption is fast. So symmetric encryption is used for
-bulk encryption and the small random symmetric key used is transferred
-using public key encryption.
-=head1 SEE ALSO
-L<evp(3)|evp(3)>,
-L<EVP_EncryptInit(3)|EVP_EncryptInit(3)>,
-L<EVP_OpenInit(3)|EVP_OpenInit(3)>
-=head1 HISTORY
-=cut
diff --git a/src/lib/libcrypto/doc/EVP_SignInit.pod b/src/lib/libcrypto/doc/EVP_SignInit.pod
deleted file mode 100644
index 1167cefb45..0000000000
--- a/src/lib/libcrypto/doc/EVP_SignInit.pod
+++ /dev/null
@@ -1,85 +0,0 @@
-=pod
-=head1 NAME
-EVP_SignInit, EVP_SignUpdate, EVP_SignFinal - EVP signing functions
-=head1 SYNOPSIS
- #include <openssl/evp.h>
- void EVP_SignInit(EVP_MD_CTX *ctx, const EVP_MD *type);
- void EVP_SignUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt);
- int EVP_SignFinal(EVP_MD_CTX *ctx,unsigned char *sig,unsigned int *s, EVP_PKEY *pkey);
- int EVP_PKEY_size(EVP_PKEY *pkey);
-=head1 DESCRIPTION
-The EVP signature routines are a high level interface to digital
-signatures.
-EVP_SignInit() initialises a signing context B<ctx> to using digest
-B<type>: this will typically be supplied by a function such as
-EVP_sha1().
-EVP_SignUpdate() hashes B<cnt> bytes of data at B<d> into the
-signature context B<ctx>. This funtion can be called several times on the
-same B<ctx> to include additional data.
-EVP_SignFinal() signs the data in B<ctx> using the private key B<pkey>
-and places the signature in B<sig>. If the B<s> parameter is not NULL
-then the number of bytes of data written (i.e. the length of the signature)
-will be written to the integer at B<s>, at most EVP_PKEY_size(pkey) bytes
-will be written.  After calling EVP_SignFinal() no additional calls to
-EVP_SignUpdate() can be made, but EVP_SignInit() can be called to initialiase
-a new signature operation.
-EVP_PKEY_size() returns the maximum size of a signature in bytes. The actual
-signature returned by EVP_SignFinal() may be smaller.
-=head1 RETURN VALUES
-EVP_SignInit() and EVP_SignUpdate() do not return values.
-EVP_SignFinal() returns 1 for success and 0 for failure.
-EVP_PKEY_size() returns the maximum size of a signature in bytes.
-The error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
-=head1 NOTES
-The B<EVP> interface to digital signatures should almost always be used in
-preference to the low level interfaces. This is because the code then becomes
-transparent to the algorithm used and much more flexible.
-Due to the link between message digests and public key algorithms the correct
-digest algorithm must be used with the correct public key type. A list of
-algorithms and associated public key algorithms appears in 
-L<EVP_DigestInit(3)|EVP_DigestInit(3)>.
-When signing with DSA private keys the random number generator must be seeded
-or the operation will fail. The random number generator does not need to be
-seeded for RSA signatures.
-=head1 BUGS
-Several of the functions do not return values: maybe they should. Although the
-internal digest operations will never fail some future hardware based operations
-might.
-=head1 SEE ALSO
-L<EVP_VerifyInit(3)|EVP_VerifyInit(3)>,
-L<EVP_DigestInit(3)|EVP_DigestInit(3)>, L<ERR_get_error(3)|ERR_get_error(3)>,
-L<evp(3)|evp(3)>, L<HMAC(3)|HMAC(3)>, L<MD2(3)|MD2(3)>,
-L<MD5(3)|MD5(3)>, L<MDC2(3)|MDC2(3)>, L<RIPEMD(3)|RIPEMD(3)>,
-L<SHA1(3)|SHA1(3)>, L<digest(1)|digest(1)>
-=head1 HISTORY
-EVP_SignInit(), EVP_SignUpdate() and EVP_SignFinal() are
-available in all versions of SSLeay and OpenSSL.
-=cut
diff --git a/src/lib/libcrypto/doc/EVP_VerifyInit.pod b/src/lib/libcrypto/doc/EVP_VerifyInit.pod
deleted file mode 100644
index 5e74c5dcf9..0000000000
--- a/src/lib/libcrypto/doc/EVP_VerifyInit.pod
+++ /dev/null
@@ -1,71 +0,0 @@
-=pod
-=head1 NAME
-EVP_VerifyInit, EVP_VerifyUpdate, EVP_VerifyFinal - EVP signature verification functions
-=head1 SYNOPSIS
- #include <openssl/evp.h>
- void EVP_VerifyInit(EVP_MD_CTX *ctx, const EVP_MD *type);
- void EVP_VerifyUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt);
- int EVP_VerifyFinal(EVP_MD_CTX *ctx,unsigned char *sigbuf, unsigned int siglen,EVP_PKEY *pkey);
-=head1 DESCRIPTION
-The EVP signature verification routines are a high level interface to digital
-signatures.
-EVP_VerifyInit() initialises a verification context B<ctx> to using digest
-B<type>: this will typically be supplied by a function such as EVP_sha1().
-EVP_VerifyUpdate() hashes B<cnt> bytes of data at B<d> into the
-verification context B<ctx>. This funtion can be called several times on the
-same B<ctx> to include additional data.
-EVP_VerifyFinal() verifies the data in B<ctx> using the public key B<pkey>
-and against the B<siglen> bytes at B<sigbuf>. After calling EVP_VerifyFinal()
-no additional calls to EVP_VerifyUpdate() can be made, but EVP_VerifyInit()
-can be called to initialiase a new verification operation.
-=head1 RETURN VALUES
-EVP_VerifyInit() and EVP_VerifyUpdate() do not return values.
-EVP_VerifyFinal() returns 1 for a correct signature, 0 for failure and -1 if some
-other error occurred.
-The error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
-=head1 NOTES
-The B<EVP> interface to digital signatures should almost always be used in
-preference to the low level interfaces. This is because the code then becomes
-transparent to the algorithm used and much more flexible.
-Due to the link between message digests and public key algorithms the correct
-digest algorithm must be used with the correct public key type. A list of
-algorithms and associated public key algorithms appears in 
-L<EVP_DigestInit(3)|EVP_DigestInit(3)>.
-=head1 BUGS
-Several of the functions do not return values: maybe they should. Although the
-internal digest operations will never fail some future hardware based operations
-might.
-=head1 SEE ALSO
-L<EVP_SignInit(3)|EVP_SignInit(3)>,
-L<EVP_DigestInit(3)|EVP_DigestInit(3)>, L<ERR_get_error(3)|ERR_get_error(3)>,
-L<evp(3)|evp(3)>, L<HMAC(3)|HMAC(3)>, L<MD2(3)|MD2(3)>,
-L<MD5(3)|MD5(3)>, L<MDC2(3)|MDC2(3)>, L<RIPEMD(3)|RIPEMD(3)>,
-L<SHA1(3)|SHA1(3)>, L<digest(1)|digest(1)>
-=head1 HISTORY
-EVP_VerifyInit(), EVP_VerifyUpdate() and EVP_VerifyFinal() are
-available in all versions of SSLeay and OpenSSL.
-=cut
diff --git a/src/lib/libcrypto/doc/OPENSSL_VERSION_NUMBER.pod b/src/lib/libcrypto/doc/OPENSSL_VERSION_NUMBER.pod
deleted file mode 100644
index b0b1058d19..0000000000
--- a/src/lib/libcrypto/doc/OPENSSL_VERSION_NUMBER.pod
+++ /dev/null
@@ -1,46 +0,0 @@
-=pod
-=head1 NAME
-OPENSSL_VERSION_NUMBER, SSLeay - get OpenSSL version number
-=head1 SYNOPSIS
- #include <openssl/opensslv.h>
- #define OPENSSL_VERSION_NUMBER 0xnnnnnnnnnL
- #include <openssl/crypto.h>
- long SSLeay(void);
-=head1 DESCRIPTION
-OPENSSL_VERSION_NUMBER is a numeric release version identifier:
- MMNNFFRBB major minor fix final beta/patch
-for example
- 0x000904100 == 0.9.4 release
- 0x000905000 == 0.9.5 dev
-Versions prior to 0.9.3 have identifiers E<lt> 0x0930.
-For backward compatibility, SSLEAY_VERSION_NUMBER is also defined.
-SSLeay() returns this number. The return value can be compared to the
-macro to make sure that the correct version of the library has been
-loaded, especially when using DLLs on Windows systems.
-=head1 RETURN VALUE
-The version number.
-=head1 SEE ALSO
-L<crypto(3)|crypto(3)>
-=head1 HISTORY
-SSLeay() and SSLEAY_VERSION_NUMBER are available in all versions of SSLeay and OpenSSL.
-OPENSSL_VERSION_NUMBER is available in all versions of OpenSSL.
-=cut
diff --git a/src/lib/libcrypto/doc/OpenSSL_add_all_algorithms.pod b/src/lib/libcrypto/doc/OpenSSL_add_all_algorithms.pod
deleted file mode 100644
index 015d4eaf36..0000000000
--- a/src/lib/libcrypto/doc/OpenSSL_add_all_algorithms.pod
+++ /dev/null
@@ -1,65 +0,0 @@
-=pod
-=head1 NAME
-OpenSSL_add_all_algorithms() - add algorithms to internal table
-=head1 SYNOPSIS
- #include <openssl/evp.h>
- void OpenSSL_add_all_algorithms(void);
- void OpenSSL_add_all_ciphers(void);
- void OpenSSL_add_all_digests(void);
- void EVP_cleanup(void);
-=head1 DESCRIPTION
-OpenSSL keeps an internal table of digest algorithms and ciphers. It uses
-this table to lookup ciphers via functions such as EVP_get_cipher_byname().
-OpenSSL_add_all_digests() adds all digest algorithms to the table.
-OpenSSL_add_all_algorithms() adds all algorithms to the table (digests and
-ciphers).
-OpenSSL_add_all_ciphers() adds all encryption algorithms to the table including
-password based encryption algorithms.
-EVP_cleanup() removes all ciphers and digests from the table.
-=head1 RETURN VALUES
-None of the functions return a value.
-=head1 NOTES
-A typical application will call OpenSSL_add_all_algorithms() initially and
-EVP_cleanup() before exiting.
-An application does not need to add algorithms to use them explicitly, for example
-by EVP_sha1(). It just needs to add them if it (or any of the functions it calls)
-needs to lookup algorithms.
-The cipher and digest lookup functions are used in many parts of the library. If
-the table is not initialised several functions will misbehave and complain they
-cannot find algorithms. This includes the PEM, PKCS#12, SSL and S/MIME libraries.
-This is a common query in the OpenSSL mailing lists.
-Calling OpenSSL_add_all_algorithms() links in all algorithms: as a result a
-statically linked executable can be quite large. If this is important it is possible
-to just add the required ciphers and digests.
-=head1 BUGS
-Although the functions do not return error codes it is possible for them to fail.
-This will only happen as a result of a memory allocation failure so this is not
-too much of a problem in practice.
-=head1 SEE ALSO
-L<evp(3)|evp(3)>, L<EVP_DigestInit(3)|EVP_DigestInit(3)>,
-L<EVP_EncryptInit(3)|EVP_EncryptInit(3)>
-=cut
diff --git a/src/lib/libcrypto/doc/RAND_add.pod b/src/lib/libcrypto/doc/RAND_add.pod
deleted file mode 100644
index 67c66f3e0c..0000000000
--- a/src/lib/libcrypto/doc/RAND_add.pod
+++ /dev/null
@@ -1,77 +0,0 @@
-=pod
-=head1 NAME
-RAND_add, RAND_seed, RAND_status, RAND_event, RAND_screen - add
-entropy to the PRNG
-=head1 SYNOPSIS
- #include <openssl/rand.h>
- void RAND_seed(const void *buf, int num);
- void RAND_add(const void *buf, int num, double entropy);
- int  RAND_status(void);
- int  RAND_event(UINT iMsg, WPARAM wParam, LPARAM lParam);
- void RAND_screen(void);
-=head1 DESCRIPTION
-RAND_add() mixes the B<num> bytes at B<buf> into the PRNG state. Thus,
-if the data at B<buf> are unpredictable to an adversary, this
-increases the uncertainty about the state and makes the PRNG output
-less predictable. Suitable input comes from user interaction (random
-key presses, mouse movements) and certain hardware events. The
-B<entropy> argument is (the lower bound of) an estimate of how much
-randomness is contained in B<buf>, measured in bytes. Details about
-sources of randomness and how to estimate their entropy can be found
-in the literature, e.g. RFC 1750.
-RAND_add() may be called with sensitive data such as user entered
-passwords. The seed values cannot be recovered from the PRNG output.
-OpenSSL makes sure that the PRNG state is unique for each thread. On
-systems that provide C</dev/urandom>, the randomness device is used
-to seed the PRNG transparently. However, on all other systems, the
-application is responsible for seeding the PRNG by calling RAND_add(),
-L<RAND_egd(3)|RAND_egd(3)>
-or L<RAND_load_file(3)|RAND_load_file(3)>.
-RAND_seed() is equivalent to RAND_add() when B<num == entropy>.
-RAND_event() collects the entropy from Windows events such as mouse
-movements and other user interaction. It should be called with the
-B<iMsg>, B<wParam> and B<lParam> arguments of I<all> messages sent to
-the window procedure. It will estimate the entropy contained in the
-event message (if any), and add it to the PRNG. The program can then
-process the messages as usual.
-The RAND_screen() function is available for the convenience of Windows
-programmers. It adds the current contents of the screen to the PRNG.
-For applications that can catch Windows events, seeding the PRNG by
-calling RAND_event() is a significantly better source of
-randomness. It should be noted that both methods cannot be used on
-servers that run without user interaction.
-=head1 RETURN VALUES
-RAND_status() and RAND_event() return 1 if the PRNG has been seeded
-with enough data, 0 otherwise.
-The other functions do not return values.
-=head1 SEE ALSO
-L<rand(3)|rand(3)>, L<RAND_egd(3)|RAND_egd(3)>,
-L<RAND_load_file(3)|RAND_load_file(3)>, L<RAND_cleanup(3)|RAND_cleanup(3)>
-=head1 HISTORY
-RAND_seed() and RAND_screen() are available in all versions of SSLeay
-and OpenSSL. RAND_add() and RAND_status() have been added in OpenSSL
-0.9.5, RAND_event() in OpenSSL 0.9.5a.
-=cut
diff --git a/src/lib/libcrypto/doc/RAND_bytes.pod b/src/lib/libcrypto/doc/RAND_bytes.pod
deleted file mode 100644
index b03748b918..0000000000
--- a/src/lib/libcrypto/doc/RAND_bytes.pod
+++ /dev/null
@@ -1,46 +0,0 @@
-=pod
-=head1 NAME
-RAND_bytes, RAND_pseudo_bytes - generate random data
-=head1 SYNOPSIS
- #include <openssl/rand.h>
- int RAND_bytes(unsigned char *buf, int num);
- int RAND_pseudo_bytes(unsigned char *buf, int num);
-=head1 DESCRIPTION
-RAND_bytes() puts B<num> cryptographically strong pseudo-random bytes
-into B<buf>. An error occurs if the PRNG has not been seeded with
-enough randomness to ensure an unpredictable byte sequence.
-RAND_pseudo_bytes() puts B<num> pseudo-random bytes into B<buf>.
-Pseudo-random byte sequences generated by RAND_pseudo_bytes() will be
-unique if they are of sufficient length, but are not necessarily
-unpredictable. They can be used for non-cryptographic purposes and for
-certain purposes in cryptographic protocols, but usually not for key
-generation etc.
-=head1 RETURN VALUES
-RAND_bytes() returns 1 on success, 0 otherwise. The error code can be
-obtained by L<ERR_get_error(3)|ERR_get_error(3)>. RAND_pseudo_bytes() returns 1 if the
-bytes generated are cryptographically strong, 0 otherwise. Both
-functions return -1 if they are not supported by the current RAND
-method.
-=head1 SEE ALSO
-L<rand(3)|rand(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<RAND_add(3)|RAND_add(3)>
-=head1 HISTORY
-RAND_bytes() is available in all versions of SSLeay and OpenSSL.  It
-has a return value since OpenSSL 0.9.5. RAND_pseudo_bytes() was added
-in OpenSSL 0.9.5.
-=cut
diff --git a/src/lib/libcrypto/doc/RAND_cleanup.pod b/src/lib/libcrypto/doc/RAND_cleanup.pod
deleted file mode 100644
index 3a8f0749a8..0000000000
--- a/src/lib/libcrypto/doc/RAND_cleanup.pod
+++ /dev/null
@@ -1,29 +0,0 @@
-=pod
-=head1 NAME
-RAND_cleanup - erase the PRNG state
-=head1 SYNOPSIS
- #include <openssl/rand.h>
- void RAND_cleanup(void);
-=head1 DESCRIPTION
-RAND_cleanup() erases the memory used by the PRNG.
-=head1 RETURN VALUE
-RAND_cleanup() returns no value.
-=head1 SEE ALSO
-L<rand(3)|rand(3)>
-=head1 HISTORY
-RAND_cleanup() is available in all versions of SSLeay and OpenSSL.
-=cut
diff --git a/src/lib/libcrypto/doc/RAND_load_file.pod b/src/lib/libcrypto/doc/RAND_load_file.pod
deleted file mode 100644
index 8dd700ca3d..0000000000
--- a/src/lib/libcrypto/doc/RAND_load_file.pod
+++ /dev/null
@@ -1,53 +0,0 @@
-=pod
-=head1 NAME
-RAND_load_file, RAND_write_file, RAND_file_name - PRNG seed file
-=head1 SYNOPSIS
- #include <openssl/rand.h>
- const char *RAND_file_name(char *buf, int num);
- int RAND_load_file(const char *filename, long max_bytes);
- int RAND_write_file(const char *filename);
-=head1 DESCRIPTION
-RAND_file_name() generates a default path for the random seed
-file. B<buf> points to a buffer of size B<num> in which to store the
-filename. The seed file is $RANDFILE if that environment variable is
-set, $HOME/.rnd otherwise. If $HOME is not set either, or B<num> is
-too small for the path name, an error occurs.
-RAND_load_file() reads a number of bytes from file B<filename> and
-adds them to the PRNG. If B<max_bytes> is non-negative,
-up to to B<max_bytes> are read; starting with OpenSSL 0.9.5,
-if B<max_bytes> is -1, the complete file is read.
-RAND_write_file() writes a number of random bytes (currently 1024) to
-file B<filename> which can be used to initialize the PRNG by calling
-RAND_load_file() in a later session.
-=head1 RETURN VALUES
-RAND_load_file() returns the number of bytes read.
-RAND_write_file() returns the number of bytes written, and -1 if the
-bytes written were generated without appropriate seed.
-RAND_file_name() returns a pointer to B<buf> on success, and NULL on
-error.
-=head1 SEE ALSO
-L<rand(3)|rand(3)>, L<RAND_add(3)|RAND_add(3)>, L<RAND_cleanup(3)|RAND_cleanup(3)>
-=head1 HISTORY
-RAND_load_file(), RAND_write_file() and RAND_file_name() are available in
-all versions of SSLeay and OpenSSL.
-=cut
diff --git a/src/lib/libcrypto/doc/RAND_set_rand_method.pod b/src/lib/libcrypto/doc/RAND_set_rand_method.pod
deleted file mode 100644
index 464eba416d..0000000000
--- a/src/lib/libcrypto/doc/RAND_set_rand_method.pod
+++ /dev/null
@@ -1,59 +0,0 @@
-=pod
-=head1 NAME
-RAND_set_rand_method, RAND_get_rand_method, RAND_SSLeay - select RAND method
-=head1 SYNOPSIS
- #include <openssl/rand.h>
- void RAND_set_rand_method(RAND_METHOD *meth);
- RAND_METHOD *RAND_get_rand_method(void);
- RAND_METHOD *RAND_SSLeay(void);
-=head1 DESCRIPTION
-A B<RAND_METHOD> specifies the functions that OpenSSL uses for random
-number generation. By modifying the method, alternative
-implementations such as hardware RNGs may be used.  Initially, the
-default is to use the OpenSSL internal implementation. RAND_SSLeay()
-returns a pointer to that method.
-RAND_set_rand_method() sets the RAND method to B<meth>.
-RAND_get_rand_method() returns a pointer to the current method.
-=head1 THE RAND_METHOD STRUCTURE
- typedef struct rand_meth_st
- {
-        void (*seed)(const void *buf, int num);
-        int (*bytes)(unsigned char *buf, int num);
-        void (*cleanup)(void);
-        void (*add)(const void *buf, int num, int entropy);
-        int (*pseudorand)(unsigned char *buf, int num);
-        int (*status)(void);
- } RAND_METHOD;
-The components point to the implementation of RAND_seed(),
-RAND_bytes(), RAND_cleanup(), RAND_add(), RAND_pseudo_rand()
-and RAND_status().
-Each component may be NULL if the function is not implemented.
-=head1 RETURN VALUES
-RAND_set_rand_method() returns no value. RAND_get_rand_method() and
-RAND_SSLeay() return pointers to the respective methods.
-=head1 SEE ALSO
-L<rand(3)|rand(3)>
-=head1 HISTORY
-RAND_set_rand_method(), RAND_get_rand_method() and RAND_SSLeay() are
-available in all versions of OpenSSL.
-=cut
diff --git a/src/lib/libcrypto/doc/RSA_blinding_on.pod b/src/lib/libcrypto/doc/RSA_blinding_on.pod
deleted file mode 100644
index fd2c69abd8..0000000000
--- a/src/lib/libcrypto/doc/RSA_blinding_on.pod
+++ /dev/null
@@ -1,43 +0,0 @@
-=pod
-=head1 NAME
-RSA_blinding_on, RSA_blinding_off - protect the RSA operation from timing attacks
-=head1 SYNOPSIS
- #include <openssl/rsa.h>
- int RSA_blinding_on(RSA *rsa, BN_CTX *ctx);
- void RSA_blinding_off(RSA *rsa);
-=head1 DESCRIPTION
-RSA is vulnerable to timing attacks. In a setup where attackers can
-measure the time of RSA decryption or signature operations, blinding
-must be used to protect the RSA operation from that attack.
-RSA_blinding_on() turns blinding on for key B<rsa> and generates a
-random blinding factor. B<ctx> is B<NULL> or a pre-allocated and
-initialized B<BN_CTX>. The random number generator must be seeded
-prior to calling RSA_blinding_on().
-RSA_blinding_off() turns blinding off and frees the memory used for
-the blinding factor.
-=head1 RETURN VALUES
-RSA_blinding_on() returns 1 on success, and 0 if an error occurred.
-RSA_blinding_off() returns no value.
-=head1 SEE ALSO
-L<rsa(3)|rsa(3)>, L<rand(3)|rand(3)>
-=head1 HISTORY
-RSA_blinding_on() and RSA_blinding_off() appeared in SSLeay 0.9.0.
-=cut
diff --git a/src/lib/libcrypto/doc/RSA_check_key.pod b/src/lib/libcrypto/doc/RSA_check_key.pod
deleted file mode 100644
index 1db6d736ab..0000000000
--- a/src/lib/libcrypto/doc/RSA_check_key.pod
+++ /dev/null
@@ -1,39 +0,0 @@
-=pod
-=head1 NAME
-RSA_check_key - validate private RSA keys
-=head1 SYNOPSIS
- #include <openssl/rsa.h>
- int RSA_check_key(RSA *rsa);
-=head1 DESCRIPTION
-This function validates RSA keys. It checks that B<p> and B<q> are
-in fact prime, and that B<n = p*q>.
-It also checks that B<d*e = 1 mod (p-1*q-1)>,
-and that B<dmp1>, B<dmq1> and B<iqmp> are set correctly or are B<NULL>.
-The key's public components may not be B<NULL>.
-=head1 RETURN VALUE
-RSA_check_key() returns 1 if B<rsa> is a valid RSA key, and 0 otherwise.
-1 is returned if an error occurs while checking the key.
-If the key is invalid or an error occurred, the reason code can be
-obtained using L<ERR_get_error(3)|ERR_get_error(3)>.
-=head1 SEE ALSO
-L<rsa(3)|rsa(3)>, L<ERR_get_error(3)|ERR_get_error(3)>
-=head1 HISTORY
-RSA_check() appeared in OpenSSL 0.9.4.
-=cut
diff --git a/src/lib/libcrypto/doc/RSA_generate_key.pod b/src/lib/libcrypto/doc/RSA_generate_key.pod
deleted file mode 100644
index 0e0f0a764c..0000000000
--- a/src/lib/libcrypto/doc/RSA_generate_key.pod
+++ /dev/null
@@ -1,68 +0,0 @@
-=pod
-=head1 NAME
-RSA_generate_key - generate RSA key pair
-=head1 SYNOPSIS
- #include <openssl/rsa.h>
- RSA *RSA_generate_key(int num, unsigned long e,
-    void (*callback)(int,int,void *), void *cb_arg);
-=head1 DESCRIPTION
-RSA_generate_key() generates a key pair and returns it in a newly
-allocated B<RSA> structure. The pseudo-random number generator must
-be seeded prior to calling RSA_generate_key().
-The modulus size will be B<num> bits, and the public exponent will be
-B<e>. Key sizes with B<num> E<lt> 1024 should be considered insecure.
-The exponent is an odd number, typically 3 or 65535.
-A callback function may be used to provide feedback about the
-progress of the key generation. If B<callback> is not B<NULL>, it
-will be called as follows:
-=over 4
-=item *
-While a random prime number is generated, it is called as
-described in L<BN_generate_prime(3)|BN_generate_prime(3)>.
-=item *
-When the n-th randomly generated prime is rejected as not
-suitable for the key, B<callback(2, n, cb_arg)> is called.
-=item *
-When a random p has been found with p-1 relatively prime to B<e>,
-it is called as B<callback(3, 0, cb_arg)>.
-=back
-The process is then repeated for prime q with B<callback(3, 1, cb_arg)>.
-=head1 RETURN VALUE
-If key generation fails, RSA_generate_key() returns B<NULL>; the
-error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
-=head1 BUGS
-B<callback(2, x, cb_arg)> is used with two different meanings.
-RSA_generate_key() goes into an infinite loop for illegal input values.
-=head1 SEE ALSO
-L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>, L<rsa(3)|rsa(3)>, L<RSA_free(3)|RSA_free(3)>
-=head1 HISTORY
-The B<cb_arg> argument was added in SSLeay 0.9.0.
-=cut
diff --git a/src/lib/libcrypto/doc/RSA_get_ex_new_index.pod b/src/lib/libcrypto/doc/RSA_get_ex_new_index.pod
deleted file mode 100644
index 920dc76325..0000000000
--- a/src/lib/libcrypto/doc/RSA_get_ex_new_index.pod
+++ /dev/null
@@ -1,122 +0,0 @@
-=pod
-=head1 NAME
-RSA_get_ex_new_index, RSA_set_ex_data, RSA_get_ex_data - add application specific data to RSA structures
-=head1 SYNOPSIS
- #include <openssl/rsa.h>
- int RSA_get_ex_new_index(long argl, void *argp,
-                CRYPTO_EX_new *new_func,
-                CRYPTO_EX_dup *dup_func,
-                CRYPTO_EX_free *free_func);
- int RSA_set_ex_data(RSA *r, int idx, void *arg);
- void *RSA_get_ex_data(RSA *r, int idx);
- int new_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad,
-                                        int idx, long argl, void *argp);
- void free_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad,
-                                        int idx, long argl, void *argp);
- int dup_func(CRYPTO_EX_DATA *to, CRYPTO_EX_DATA *from, void *from_d, 
-                                        int idx, long argl, void *argp);
-=head1 DESCRIPTION
-Several OpenSSL structures can have application specific data attached to them.
-This has several potential uses, it can be used to cache data associated with
-a structure (for example the hash of some part of the structure) or some
-additional data (for example a handle to the data in an external library).
-Since the application data can be anything at all it is passed and retrieved
-as a B<void *> type.
-The B<RSA_get_ex_new_index()> function is initially called to "register" some
-new application specific data. It takes three optional function pointers which
-are called when the parent structure (in this case an RSA structure) is
-initially created, when it is copied and when it is freed up. If any or all of
-these function pointer arguments are not used they should be set to NULL. The
-precise manner in which these function pointers are called is described in more
-detail below. B<RSA_get_ex_new_index()> also takes additional long and pointer
-parameters which will be passed to the supplied functions but which otherwise
-have no special meaning. It returns an B<index> which should be stored
-(typically in a static variable) and passed used in the B<idx> parameter in
-the remaining functions. Each successful call to B<RSA_get_ex_new_index()>
-will return an index greater than any previously returned, this is important
-because the optional functions are called in order of increasing index value.
-B<RSA_set_ex_data()> is used to set application specific data, the data is
-supplied in the B<arg> parameter and its precise meaning is up to the
-application.
-B<RSA_get_ex_data()> is used to retrieve application specific data. The data
-is returned to the application, this will be the same value as supplied to
-a previous B<RSA_set_ex_data()> call.
-B<new_func()> is called when a structure is initially allocated (for example
-with B<RSA_new()>. The parent structure members will not have any meaningful
-values at this point. This function will typically be used to allocate any
-application specific structure.
-B<free_func()> is called when a structure is being freed up. The dynamic parent
-structure members should not be accessed because they will be freed up when
-this function is called.
-B<new_func()> and B<free_func()> take the same parameters. B<parent> is a
-pointer to the parent RSA structure. B<ptr> is a the application specific data
-(this wont be of much use in B<new_func()>. B<ad> is a pointer to the
-B<CRYPTO_EX_DATA> structure from the parent RSA structure: the functions
-B<CRYPTO_get_ex_data()> and B<CRYPTO_set_ex_data()> can be called to manipulate
-it. The B<idx> parameter is the index: this will be the same value returned by
-B<RSA_get_ex_new_index()> when the functions were initially registered. Finally
-the B<argl> and B<argp> parameters are the values originally passed to the same
-corresponding parameters when B<RSA_get_ex_new_index()> was called.
-B<dup_func()> is called when a structure is being copied. Pointers to the
-destination and source B<CRYPTO_EX_DATA> structures are passed in the B<to> and
-B<from> parameters respectively. The B<from_d> parameter is passed a pointer to
-the source application data when the function is called, when the function returns
-the value is copied to the destination: the application can thus modify the data
-pointed to by B<from_d> and have different values in the source and destination.
-The B<idx>, B<argl> and B<argp> parameters are the same as those in B<new_func()>
-and B<free_func()>.
-=head1 RETURN VALUES
-B<RSA_get_ex_new_index()> returns a new index or -1 on failure (note 0 is a valid
-index value).
-B<RSA_set_ex_data()> returns 1 on success or 0 on failure.
-B<RSA_get_ex_data()> returns the application data or 0 on failure. 0 may also
-be valid application data but currently it can only fail if given an invalid B<idx>
-parameter.
-B<new_func()> and B<dup_func()> should return 0 for failure and 1 for success.
-On failure an error code can be obtained from L<ERR_get_error(3)|ERR_get_error(3)>.
-=head1 BUGS
-B<dup_func()> is currently never called.
-The return value of B<new_func()> is ignored.
-The B<new_func()> function isn't very useful because no meaningful values are
-present in the parent RSA structure when it is called.
-=head1 SEE ALSO
-L<rsa(3)|rsa(3)>, L<CRYPTO_set_ex_data(3)|CRYPTO_set_ex_data(3)>
-=head1 HISTORY
-RSA_get_ex_new_index(), RSA_set_ex_data() and RSA_get_ex_data() are
-available since SSLeay 0.9.0.
-=cut
diff --git a/src/lib/libcrypto/doc/RSA_new.pod b/src/lib/libcrypto/doc/RSA_new.pod
deleted file mode 100644
index 299047f31f..0000000000
--- a/src/lib/libcrypto/doc/RSA_new.pod
+++ /dev/null
@@ -1,39 +0,0 @@
-=pod
-=head1 NAME
-RSA_new, RSA_free - allocate and free RSA objects
-=head1 SYNOPSIS
- #include <openssl/rsa.h>
- RSA * RSA_new(void);
- void RSA_free(RSA *rsa);
-=head1 DESCRIPTION
-RSA_new() allocates and initializes an B<RSA> structure.
-RSA_free() frees the B<RSA> structure and its components. The key is
-erased before the memory is returned to the system.
-=head1 RETURN VALUES
-If the allocation fails, RSA_new() returns B<NULL> and sets an error
-code that can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>. Otherwise it returns
-a pointer to the newly allocated structure.
-RSA_free() returns no value.
-=head1 SEE ALSO
-L<ERR_get_error(3)|ERR_get_error(3)>, L<rsa(3)|rsa(3)>,
-L<RSA_generate_key(3)|RSA_generate_key(3)>
-=head1 HISTORY
-RSA_new() and RSA_free() are available in all versions of SSLeay and OpenSSL.
-=cut
diff --git a/src/lib/libcrypto/doc/RSA_padding_add_PKCS1_type_1.pod b/src/lib/libcrypto/doc/RSA_padding_add_PKCS1_type_1.pod
deleted file mode 100644
index b8f678fe72..0000000000
--- a/src/lib/libcrypto/doc/RSA_padding_add_PKCS1_type_1.pod
+++ /dev/null
@@ -1,124 +0,0 @@
-=pod
-=head1 NAME
-RSA_padding_add_PKCS1_type_1, RSA_padding_check_PKCS1_type_1,
-RSA_padding_add_PKCS1_type_2, RSA_padding_check_PKCS1_type_2,
-RSA_padding_add_PKCS1_OAEP, RSA_padding_check_PKCS1_OAEP,
-RSA_padding_add_SSLv23, RSA_padding_check_SSLv23,
-RSA_padding_add_none, RSA_padding_check_none - asymmetric encryption
-padding
-=head1 SYNOPSIS
- #include <openssl/rsa.h>
- int RSA_padding_add_PKCS1_type_1(unsigned char *to, int tlen,
-    unsigned char *f, int fl);
- int RSA_padding_check_PKCS1_type_1(unsigned char *to, int tlen,
-    unsigned char *f, int fl, int rsa_len);
- int RSA_padding_add_PKCS1_type_2(unsigned char *to, int tlen,
-    unsigned char *f, int fl);
- int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen,
-    unsigned char *f, int fl, int rsa_len);
- int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen,
-    unsigned char *f, int fl, unsigned char *p, int pl);
- int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen,
-    unsigned char *f, int fl, int rsa_len, unsigned char *p, int pl);
- int RSA_padding_add_SSLv23(unsigned char *to, int tlen,
-    unsigned char *f, int fl);
- int RSA_padding_check_SSLv23(unsigned char *to, int tlen,
-    unsigned char *f, int fl, int rsa_len);
- int RSA_padding_add_none(unsigned char *to, int tlen,
-    unsigned char *f, int fl);
- int RSA_padding_check_none(unsigned char *to, int tlen,
-    unsigned char *f, int fl, int rsa_len);
-=head1 DESCRIPTION
-The RSA_padding_xxx_xxx() functions are called from the RSA encrypt,
-decrypt, sign and verify functions. Normally they should not be called
-from application programs.
-However, they can also be called directly to implement padding for other
-asymmetric ciphers. RSA_padding_add_PKCS1_OAEP() and
-RSA_padding_check_PKCS1_OAEP() may be used in an application combined
-with B<RSA_NO_PADDING> in order to implement OAEP with an encoding
-parameter.
-RSA_padding_add_xxx() encodes B<fl> bytes from B<f> so as to fit into
-B<tlen> bytes and stores the result at B<to>. An error occurs if B<fl>
-does not meet the size requirements of the encoding method.
-The following encoding methods are implemented:
-=over 4
-=item PKCS1_type_1
-PKCS #1 v2.0 EMSA-PKCS1-v1_5 (PKCS #1 v1.5 block type 1); used for signatures
-=item PKCS1_type_2
-PKCS #1 v2.0 EME-PKCS1-v1_5 (PKCS #1 v1.5 block type 2)
-=item PKCS1_OAEP
-PKCS #1 v2.0 EME-OAEP
-=item SSLv23
-PKCS #1 EME-PKCS1-v1_5 with SSL-specific modification
-=item none
-simply copy the data
-=back
-The random number generator must be seeded prior to calling
-RSA_padding_add_xxx().
-RSA_padding_check_xxx() verifies that the B<fl> bytes at B<f> contain
-a valid encoding for a B<rsa_len> byte RSA key in the respective
-encoding method and stores the recovered data of at most B<tlen> bytes
-(for B<RSA_NO_PADDING>: of size B<tlen>)
-at B<to>.
-For RSA_padding_xxx_OAEP(), B<p> points to the encoding parameter
-of length B<pl>. B<p> may be B<NULL> if B<pl> is 0.
-=head1 RETURN VALUES
-The RSA_padding_add_xxx() functions return 1 on success, 0 on error.
-The RSA_padding_check_xxx() functions return the length of the
-recovered data, -1 on error. Error codes can be obtained by calling
-L<ERR_get_error(3)|ERR_get_error(3)>.
-=head1 SEE ALSO
-L<RSA_public_encrypt(3)|RSA_public_encrypt(3)>,
-L<RSA_private_decrypt(3)|RSA_private_decrypt(3)>,
-L<RSA_sign(3)|RSA_sign(3)>, L<RSA_verify(3)|RSA_verify(3)>
-=head1 HISTORY
-RSA_padding_add_PKCS1_type_1(), RSA_padding_check_PKCS1_type_1(),
-RSA_padding_add_PKCS1_type_2(), RSA_padding_check_PKCS1_type_2(),
-RSA_padding_add_SSLv23(), RSA_padding_check_SSLv23(),
-RSA_padding_add_none() and RSA_padding_check_none() appeared in
-SSLeay 0.9.0.
-RSA_padding_add_PKCS1_OAEP() and RSA_padding_check_PKCS1_OAEP() were
-added in OpenSSL 0.9.2b.
-=cut
diff --git a/src/lib/libcrypto/doc/RSA_print.pod b/src/lib/libcrypto/doc/RSA_print.pod
deleted file mode 100644
index dd968a5274..0000000000
--- a/src/lib/libcrypto/doc/RSA_print.pod
+++ /dev/null
@@ -1,48 +0,0 @@
-=pod
-=head1 NAME
-RSA_print, RSA_print_fp, DHparams_print, DHparams_print_fp - print
-cryptographic parameters
-=head1 SYNOPSIS
- #include <openssl/rsa.h>
- int RSA_print(BIO *bp, RSA *x, int offset);
- int RSA_print_fp(FILE *fp, RSA *x, int offset);
- #include <openssl/dsa.h>
- int DSAparams_print(BIO *bp, DSA *x);
- int DSAparams_print_fp(FILE *fp, DSA *x);
- int DSA_print(BIO *bp, DSA *x, int offset);
- int DSA_print_fp(FILE *fp, DSA *x, int offset);
- #include <openssl/dh.h>
- int DHparams_print(BIO *bp, DH *x);
- int DHparams_print_fp(FILE *fp, DH *x);
-=head1 DESCRIPTION
-A human-readable hexadecimal output of the components of the RSA
-key, DSA parameters or key or DH parameters is printed to B<bp> or B<fp>.
-The output lines are indented by B<offset> spaces.
-=head1 RETURN VALUES
-These functions return 1 on success, 0 on error.
-=head1 SEE ALSO
-L<dh(3)|dh(3)>, L<dsa(3)|dsa(3)>, L<rsa(3)|rsa(3)>, L<BN_bn2bin(3)|BN_bn2bin(3)>
-=head1 HISTORY
-RSA_print(), RSA_print_fp(), DSA_print(), DSA_print_fp(), DH_print(),
-DH_print_fp() are available in all versions of SSLeay and OpenSSL.
-DSAparams_print() and DSAparams_print_pf() were added in SSLeay 0.8.
-=cut
diff --git a/src/lib/libcrypto/doc/RSA_private_encrypt.pod b/src/lib/libcrypto/doc/RSA_private_encrypt.pod
deleted file mode 100644
index 0d1b2bd541..0000000000
--- a/src/lib/libcrypto/doc/RSA_private_encrypt.pod
+++ /dev/null
@@ -1,70 +0,0 @@
-=pod
-=head1 NAME
-RSA_private_encrypt, RSA_public_decrypt - low level signature operations
-=head1 SYNOPSIS
- #include <openssl/rsa.h>
- int RSA_private_encrypt(int flen, unsigned char *from,
-    unsigned char *to, RSA *rsa, int padding);
- int RSA_public_decrypt(int flen, unsigned char *from, 
-    unsigned char *to, RSA *rsa, int padding);
-=head1 DESCRIPTION
-These functions handle RSA signatures at a low level.
-RSA_private_encrypt() signs the B<flen> bytes at B<from> (usually a
-message digest with an algorithm identifier) using the private key
-B<rsa> and stores the signature in B<to>. B<to> must point to
-B<RSA_size(rsa)> bytes of memory.
-B<padding> denotes one of the following modes:
-=over 4
-=item RSA_PKCS1_PADDING
-PKCS #1 v1.5 padding. This function does not handle the
-B<algorithmIdentifier> specified in PKCS #1. When generating or
-verifying PKCS #1 signatures, L<RSA_sign(3)|RSA_sign(3)> and L<RSA_verify(3)|RSA_verify(3)> should be
-used.
-=item RSA_NO_PADDING
-Raw RSA signature. This mode should I<only> be used to implement
-cryptographically sound padding modes in the application code.
-Signing user data directly with RSA is insecure.
-=back
-RSA_public_decrypt() recovers the message digest from the B<flen>
-bytes long signature at B<from> using the signer's public key
-B<rsa>. B<to> must point to a memory section large enough to hold the
-message digest (which is smaller than B<RSA_size(rsa) -
-11>). B<padding> is the padding mode that was used to sign the data.
-=head1 RETURN VALUES
-RSA_private_encrypt() returns the size of the signature (i.e.,
-RSA_size(rsa)). RSA_public_decrypt() returns the size of the
-recovered message digest.
-On error, -1 is returned; the error codes can be
-obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
-=head1 SEE ALSO
-L<ERR_get_error(3)|ERR_get_error(3)>, L<rsa(3)|rsa(3)>, L<RSA_sign(3)|RSA_sign(3)>,
-L<RSA_verify(3)|RSA_verify(3)>
-=head1 HISTORY
-The B<padding> argument was added in SSLeay 0.8. RSA_NO_PADDING is
-available since SSLeay 0.9.0.
-=cut
diff --git a/src/lib/libcrypto/doc/RSA_public_encrypt.pod b/src/lib/libcrypto/doc/RSA_public_encrypt.pod
deleted file mode 100644
index 13b7df62be..0000000000
--- a/src/lib/libcrypto/doc/RSA_public_encrypt.pod
+++ /dev/null
@@ -1,86 +0,0 @@
-=pod
-=head1 NAME
-RSA_public_encrypt, RSA_private_decrypt - RSA public key cryptography
-=head1 SYNOPSIS
- #include <openssl/rsa.h>
- int RSA_public_encrypt(int flen, unsigned char *from,
-    unsigned char *to, RSA *rsa, int padding);
- int RSA_private_decrypt(int flen, unsigned char *from,
-     unsigned char *to, RSA *rsa, int padding);
-=head1 DESCRIPTION
-RSA_public_encrypt() encrypts the B<flen> bytes at B<from> (usually a
-session key) using the public key B<rsa> and stores the ciphertext in
-B<to>. B<to> must point to RSA_size(B<rsa>) bytes of memory.
-B<padding> denotes one of the following modes:
-=over 4
-=item RSA_PKCS1_PADDING
-PKCS #1 v1.5 padding. This currently is the most widely used mode.
-=item RSA_PKCS1_OAEP_PADDING
-EME-OAEP as defined in PKCS #1 v2.0 with SHA-1, MGF1 and an empty
-encoding parameter. This mode is recommended for all new applications.
-=item RSA_SSLV23_PADDING
-PKCS #1 v1.5 padding with an SSL-specific modification that denotes
-that the server is SSL3 capable.
-=item RSA_NO_PADDING
-Raw RSA encryption. This mode should I<only> be used to implement
-cryptographically sound padding modes in the application code.
-Encrypting user data directly with RSA is insecure.
-=back
-B<flen> must be less than RSA_size(B<rsa>) - 11 for the PKCS #1 v1.5
-based padding modes, and less than RSA_size(B<rsa>) - 21 for
-RSA_PKCS1_OAEP_PADDING. The random number generator must be seeded
-prior to calling RSA_public_encrypt().
-RSA_private_decrypt() decrypts the B<flen> bytes at B<from> using the
-private key B<rsa> and stores the plaintext in B<to>. B<to> must point
-to a memory section large enough to hold the decrypted data (which is
-smaller than RSA_size(B<rsa>)). B<padding> is the padding mode that
-was used to encrypt the data.
-=head1 RETURN VALUES
-RSA_public_encrypt() returns the size of the encrypted data (i.e.,
-RSA_size(B<rsa>)). RSA_private_decrypt() returns the size of the
-recovered plaintext.
-On error, -1 is returned; the error codes can be
-obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
-=head1 CONFORMING TO
-SSL, PKCS #1 v2.0
-=head1 SEE ALSO
-L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>, L<rsa(3)|rsa(3)>, L<RSA_size(3)|RSA_size(3)>
-=head1 NOTES
-The L<RSA_PKCS1_RSAref(3)|RSA_PKCS1_RSAref(3)> method supports only the RSA_PKCS1_PADDING mode.
-=head1 HISTORY
-The B<padding> argument was added in SSLeay 0.8. RSA_NO_PADDING is
-available since SSLeay 0.9.0, OAEP was added in OpenSSL 0.9.2b.
-=cut
diff --git a/src/lib/libcrypto/doc/RSA_set_method.pod b/src/lib/libcrypto/doc/RSA_set_method.pod
deleted file mode 100644
index 14b0b4cf35..0000000000
--- a/src/lib/libcrypto/doc/RSA_set_method.pod
+++ /dev/null
@@ -1,154 +0,0 @@
-=pod
-=head1 NAME
-RSA_set_default_method, RSA_get_default_method, RSA_set_method,
-RSA_get_method, RSA_PKCS1_SSLeay, RSA_PKCS1_RSAref,
-RSA_PKCS1_null_method, RSA_flags, RSA_new_method - select RSA method
-=head1 SYNOPSIS
- #include <openssl/rsa.h>
- void RSA_set_default_method(RSA_METHOD *meth);
- RSA_METHOD *RSA_get_default_method(void);
- RSA_METHOD *RSA_set_method(RSA *rsa, RSA_METHOD *meth);
- RSA_METHOD *RSA_get_method(RSA *rsa);
- RSA_METHOD *RSA_PKCS1_SSLeay(void);
- RSA_METHOD *RSA_PKCS1_RSAref(void);
- RSA_METHOD *RSA_null_method(void);
- int RSA_flags(RSA *rsa);
- RSA *RSA_new_method(RSA_METHOD *method);
-=head1 DESCRIPTION
-An B<RSA_METHOD> specifies the functions that OpenSSL uses for RSA
-operations. By modifying the method, alternative implementations
-such as hardware accelerators may be used.
-Initially, the default is to use the OpenSSL internal implementation,
-unless OpenSSL was configured with the C<rsaref> or C<-DRSA_NULL>
-options. RSA_PKCS1_SSLeay() returns a pointer to that method.
-RSA_PKCS1_RSAref() returns a pointer to a method that uses the RSAref
-library. This is the default method in the C<rsaref> configuration;
-the function is not available in other configurations.
-RSA_null_method() returns a pointer to a method that does not support
-the RSA transformation. It is the default if OpenSSL is compiled with
-C<-DRSA_NULL>. These methods may be useful in the USA because of a
-patent on the RSA cryptosystem.
-RSA_set_default_method() makes B<meth> the default method for all B<RSA>
-structures created later.
-RSA_get_default_method() returns a pointer to the current default
-method.
-RSA_set_method() selects B<meth> for all operations using the key
-B<rsa>.
-RSA_get_method() returns a pointer to the method currently selected
-for B<rsa>.
-RSA_flags() returns the B<flags> that are set for B<rsa>'s current method.
-RSA_new_method() allocates and initializes an B<RSA> structure so that
-B<method> will be used for the RSA operations. If B<method> is B<NULL>,
-the default method is used.
-=head1 THE RSA_METHOD STRUCTURE
- typedef struct rsa_meth_st
- {
-     /* name of the implementation */
-        const char *name;
-     /* encrypt */
-        int (*rsa_pub_enc)(int flen, unsigned char *from,
-          unsigned char *to, RSA *rsa, int padding);
-     /* verify arbitrary data */
-        int (*rsa_pub_dec)(int flen, unsigned char *from,
-          unsigned char *to, RSA *rsa, int padding);
-     /* sign arbitrary data */
-        int (*rsa_priv_enc)(int flen, unsigned char *from,
-          unsigned char *to, RSA *rsa, int padding);
-     /* decrypt */
-        int (*rsa_priv_dec)(int flen, unsigned char *from,
-          unsigned char *to, RSA *rsa, int padding);
-     /* compute r0 = r0 ^ I mod rsa->n (May be NULL for some
-                                        implementations) */
-        int (*rsa_mod_exp)(BIGNUM *r0, BIGNUM *I, RSA *rsa);
-     /* compute r = a ^ p mod m (May be NULL for some implementations) */
-        int (*bn_mod_exp)(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
-          const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
-     /* called at RSA_new */
-        int (*init)(RSA *rsa);
-     /* called at RSA_free */
-        int (*finish)(RSA *rsa);
-     /* RSA_FLAG_EXT_PKEY        - rsa_mod_exp is called for private key
-      *                            operations, even if p,q,dmp1,dmq1,iqmp
-      *                            are NULL
-      * RSA_FLAG_SIGN_VER        - enable rsa_sign and rsa_verify
-      * RSA_METHOD_FLAG_NO_CHECK - don't check pub/private match
-      */
-        int flags;
-        char *app_data; /* ?? */
-     /* sign. For backward compatibility, this is used only
-      * if (flags & RSA_FLAG_SIGN_VER)
-      */
-        int (*rsa_sign)(int type, unsigned char *m, unsigned int m_len,
-           unsigned char *sigret, unsigned int *siglen, RSA *rsa);
-     /* verify. For backward compatibility, this is used only
-      * if (flags & RSA_FLAG_SIGN_VER)
-      */
-        int (*rsa_verify)(int type, unsigned char *m, unsigned int m_len,
-           unsigned char *sigbuf, unsigned int siglen, RSA *rsa);
- } RSA_METHOD;
-=head1 RETURN VALUES
-RSA_PKCS1_SSLeay(), RSA_PKCS1_RSAref(), RSA_PKCS1_null_method(),
-RSA_get_default_method() and RSA_get_method() return pointers to the
-respective B<RSA_METHOD>s.
-RSA_set_default_method() returns no value.
-RSA_set_method() returns a pointer to the B<RSA_METHOD> previously
-associated with B<rsa>.
-RSA_new_method() returns B<NULL> and sets an error code that can be
-obtained by L<ERR_get_error(3)|ERR_get_error(3)> if the allocation fails. Otherwise it
-returns a pointer to the newly allocated structure.
-=head1 SEE ALSO
-L<rsa(3)|rsa(3)>, L<RSA_new(3)|RSA_new(3)>
-=head1 HISTORY
-RSA_new_method() and RSA_set_default_method() appeared in SSLeay 0.8.
-RSA_get_default_method(), RSA_set_method() and RSA_get_method() as
-well as the rsa_sign and rsa_verify components of RSA_METHOD were
-added in OpenSSL 0.9.4.
-=cut
diff --git a/src/lib/libcrypto/doc/RSA_sign.pod b/src/lib/libcrypto/doc/RSA_sign.pod
deleted file mode 100644
index 71688a665e..0000000000
--- a/src/lib/libcrypto/doc/RSA_sign.pod
+++ /dev/null
@@ -1,62 +0,0 @@
-=pod
-=head1 NAME
-RSA_sign, RSA_verify - RSA signatures
-=head1 SYNOPSIS
- #include <openssl/rsa.h>
- int RSA_sign(int type, unsigned char *m, unsigned int m_len,
-    unsigned char *sigret, unsigned int *siglen, RSA *rsa);
- int RSA_verify(int type, unsigned char *m, unsigned int m_len,
-    unsigned char *sigbuf, unsigned int siglen, RSA *rsa);
-=head1 DESCRIPTION
-RSA_sign() signs the message digest B<m> of size B<m_len> using the
-private key B<rsa> as specified in PKCS #1 v2.0. It stores the
-signature in B<sigret> and the signature size in B<siglen>. B<sigret>
-must point to RSA_size(B<rsa>) bytes of memory.
-B<type> denotes the message digest algorithm that was used to generate
-B<m>. It usually is one of B<NID_sha1>, B<NID_ripemd160> and B<NID_md5>;
-see L<objects(3)|objects(3)> for details. If B<type> is B<NID_md5_sha1>,
-an SSL signature (MD5 and SHA1 message digests with PKCS #1 padding
-and no algorithm identifier) is created.
-RSA_verify() verifies that the signature B<sigbuf> of size B<siglen>
-matches a given message digest B<m> of size B<m_len>. B<type> denotes
-the message digest algorithm that was used to generate the signature.
-B<rsa> is the signer's public key.
-=head1 RETURN VALUES
-RSA_sign() returns 1 on success, 0 otherwise.  RSA_verify() returns 1
-on successful verification, 0 otherwise.
-The error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
-=head1 BUGS
-Certain signatures with an improper algorithm identifier are accepted
-for compatibility with SSLeay 0.4.5 :-)
-=head1 CONFORMING TO
-SSL, PKCS #1 v2.0
-=head1 SEE ALSO
-L<ERR_get_error(3)|ERR_get_error(3)>, L<objects(3)|objects(3)>,
-L<rsa(3)|rsa(3)>, L<RSA_private_encrypt(3)|RSA_private_encrypt(3)>,
-L<RSA_public_decrypt(3)|RSA_public_decrypt(3)> 
-=head1 HISTORY
-RSA_sign() and RSA_verify() are available in all versions of SSLeay
-and OpenSSL.
-=cut
diff --git a/src/lib/libcrypto/doc/RSA_sign_ASN1_OCTET_STRING.pod b/src/lib/libcrypto/doc/RSA_sign_ASN1_OCTET_STRING.pod
deleted file mode 100644
index b8c7bbb7e3..0000000000
--- a/src/lib/libcrypto/doc/RSA_sign_ASN1_OCTET_STRING.pod
+++ /dev/null
@@ -1,59 +0,0 @@
-=pod
-=head1 NAME
-RSA_sign_ASN1_OCTET_STRING, RSA_verify_ASN1_OCTET_STRING - RSA signatures
-=head1 SYNOPSIS
- #include <openssl/rsa.h>
- int RSA_sign_ASN1_OCTET_STRING(int dummy, unsigned char *m,
-    unsigned int m_len, unsigned char *sigret, unsigned int *siglen,
-    RSA *rsa);
- int RSA_verify_ASN1_OCTET_STRING(int dummy, unsigned char *m,
-    unsigned int m_len, unsigned char *sigbuf, unsigned int siglen,
-    RSA *rsa);
-=head1 DESCRIPTION
-RSA_sign_ASN1_OCTET_STRING() signs the octet string B<m> of size
-B<m_len> using the private key B<rsa> represented in DER using PKCS #1
-padding. It stores the signature in B<sigret> and the signature size
-in B<siglen>. B<sigret> must point to B<RSA_size(rsa)> bytes of
-memory.
-B<dummy> is ignored.
-The random number generator must be seeded prior to calling RSA_sign_ASN1_OCTET_STRING().
-RSA_verify_ASN1_OCTET_STRING() verifies that the signature B<sigbuf>
-of size B<siglen> is the DER representation of a given octet string
-B<m> of size B<m_len>. B<dummy> is ignored. B<rsa> is the signer's
-public key.
-=head1 RETURN VALUES
-RSA_sign_ASN1_OCTET_STRING() returns 1 on success, 0 otherwise.
-RSA_verify_ASN1_OCTET_STRING() returns 1 on successful verification, 0
-otherwise.
-The error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
-=head1 BUGS
-These functions serve no recognizable purpose.
-=head1 SEE ALSO
-L<ERR_get_error(3)|ERR_get_error(3)>, L<objects(3)|objects(3)>, L<rand(3)|rand(3)>,
-L<rsa(3)|rsa(3)>, L<RSA_sign(3)|RSA_sign(3)>,
-L<RSA_verify(3)|RSA_verify(3)>
-=head1 HISTORY
-RSA_sign_ASN1_OCTET_STRING() and RSA_verify_ASN1_OCTET_STRING() were
-added in SSLeay 0.8.
-=cut
diff --git a/src/lib/libcrypto/doc/RSA_size.pod b/src/lib/libcrypto/doc/RSA_size.pod
deleted file mode 100644
index b36b4d58d5..0000000000
--- a/src/lib/libcrypto/doc/RSA_size.pod
+++ /dev/null
@@ -1,33 +0,0 @@
-=pod
-=head1 NAME
-RSA_size - get RSA modulus size
-=head1 SYNOPSIS
- #include <openssl/rsa.h>
- int RSA_size(RSA *rsa);
-=head1 DESCRIPTION
-This function returns the RSA modulus size in bytes. It can be used to
-determine how much memory must be allocated for an RSA encrypted
-value.
-B<rsa-E<gt>n> must not be B<NULL>.
-=head1 RETURN VALUE
-The size in bytes.
-=head1 SEE ALSO
-L<rsa(3)|rsa(3)>
-=head1 HISTORY
-RSA_size() is available in all versions of SSLeay and OpenSSL.
-=cut
diff --git a/src/lib/libcrypto/doc/bn.pod b/src/lib/libcrypto/doc/bn.pod
deleted file mode 100644
index 1504a1c92d..0000000000
--- a/src/lib/libcrypto/doc/bn.pod
+++ /dev/null
@@ -1,148 +0,0 @@
-=pod
-=head1 NAME
-bn - multiprecision integer arithmetics
-=head1 SYNOPSIS
- #include <openssl/bn.h>
- BIGNUM *BN_new(void);
- void BN_free(BIGNUM *a);
- void BN_init(BIGNUM *);
- void BN_clear(BIGNUM *a);
- void BN_clear_free(BIGNUM *a);
- BN_CTX *BN_CTX_new(void);
- void BN_CTX_init(BN_CTX *c);
- void BN_CTX_free(BN_CTX *c);
- BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b);
- BIGNUM *BN_dup(const BIGNUM *a);
- int BN_num_bytes(const BIGNUM *a);
- int BN_num_bits(const BIGNUM *a);
- int BN_num_bits_word(BN_ULONG w);
- int BN_add(BIGNUM *r, BIGNUM *a, BIGNUM *b);
- int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
- int BN_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b, BN_CTX *ctx);
- int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *a, const BIGNUM *d,
-         BN_CTX *ctx);
- int BN_sqr(BIGNUM *r, BIGNUM *a, BN_CTX *ctx);
- int BN_mod(BIGNUM *rem, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx);
- int BN_mod_mul(BIGNUM *ret, BIGNUM *a, BIGNUM *b, const BIGNUM *m,
-         BN_CTX *ctx);
- int BN_exp(BIGNUM *r, BIGNUM *a, BIGNUM *p, BN_CTX *ctx);
- int BN_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
-         const BIGNUM *m, BN_CTX *ctx);
- int BN_gcd(BIGNUM *r, BIGNUM *a, BIGNUM *b, BN_CTX *ctx);
- int BN_add_word(BIGNUM *a, BN_ULONG w);
- int BN_sub_word(BIGNUM *a, BN_ULONG w);
- int BN_mul_word(BIGNUM *a, BN_ULONG w);
- BN_ULONG BN_div_word(BIGNUM *a, BN_ULONG w);
- BN_ULONG BN_mod_word(const BIGNUM *a, BN_ULONG w);
- int BN_cmp(BIGNUM *a, BIGNUM *b);
- int BN_ucmp(BIGNUM *a, BIGNUM *b);
- int BN_is_zero(BIGNUM *a);
- int BN_is_one(BIGNUM *a);
- int BN_is_word(BIGNUM *a, BN_ULONG w);
- int BN_is_odd(BIGNUM *a);
- int BN_zero(BIGNUM *a);
- int BN_one(BIGNUM *a);
- BIGNUM *BN_value_one(void);
- int BN_set_word(BIGNUM *a, unsigned long w);
- unsigned long BN_get_word(BIGNUM *a);
- int BN_rand(BIGNUM *rnd, int bits, int top, int bottom);
- int BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom);
- BIGNUM *BN_generate_prime(BIGNUM *ret, int bits,int safe, BIGNUM *add,
-         BIGNUM *rem, void (*callback)(int, int, void *), void *cb_arg);
- int BN_is_prime(const BIGNUM *p, int nchecks,
-         void (*callback)(int, int, void *), BN_CTX *ctx, void *cb_arg);
- int BN_set_bit(BIGNUM *a, int n);
- int BN_clear_bit(BIGNUM *a, int n);
- int BN_is_bit_set(const BIGNUM *a, int n);
- int BN_mask_bits(BIGNUM *a, int n);
- int BN_lshift(BIGNUM *r, const BIGNUM *a, int n);
- int BN_lshift1(BIGNUM *r, BIGNUM *a);
- int BN_rshift(BIGNUM *r, BIGNUM *a, int n);
- int BN_rshift1(BIGNUM *r, BIGNUM *a);
- int BN_bn2bin(const BIGNUM *a, unsigned char *to);
- BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret);
- char *BN_bn2hex(const BIGNUM *a);
- char *BN_bn2dec(const BIGNUM *a);
- int BN_hex2bn(BIGNUM **a, const char *str);
- int BN_dec2bn(BIGNUM **a, const char *str);
- int BN_print(BIO *fp, const BIGNUM *a);
- int BN_print_fp(FILE *fp, const BIGNUM *a);
- int BN_bn2mpi(const BIGNUM *a, unsigned char *to);
- BIGNUM *BN_mpi2bn(unsigned char *s, int len, BIGNUM *ret);
- BIGNUM *BN_mod_inverse(BIGNUM *r, BIGNUM *a, const BIGNUM *n,
-     BN_CTX *ctx);
- BN_RECP_CTX *BN_RECP_CTX_new(void);
- void BN_RECP_CTX_init(BN_RECP_CTX *recp);
- void BN_RECP_CTX_free(BN_RECP_CTX *recp);
- int BN_RECP_CTX_set(BN_RECP_CTX *recp, const BIGNUM *m, BN_CTX *ctx);
- int BN_mod_mul_reciprocal(BIGNUM *r, BIGNUM *a, BIGNUM *b,
-        BN_RECP_CTX *recp, BN_CTX *ctx);
- BN_MONT_CTX *BN_MONT_CTX_new(void);
- void BN_MONT_CTX_init(BN_MONT_CTX *ctx);
- void BN_MONT_CTX_free(BN_MONT_CTX *mont);
- int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *m, BN_CTX *ctx);
- BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to, BN_MONT_CTX *from);
- int BN_mod_mul_montgomery(BIGNUM *r, BIGNUM *a, BIGNUM *b,
-         BN_MONT_CTX *mont, BN_CTX *ctx);
- int BN_from_montgomery(BIGNUM *r, BIGNUM *a, BN_MONT_CTX *mont,
-         BN_CTX *ctx);
- int BN_to_montgomery(BIGNUM *r, BIGNUM *a, BN_MONT_CTX *mont,
-         BN_CTX *ctx);
-=head1 DESCRIPTION
-This library performs arithmetic operations on integers of arbitrary
-size. It was written for use in public key cryptography, such as RSA
-and Diffie-Hellman.
-It uses dynamic memory allocation for storing its data structures.
-That means that there is no limit on the size of the numbers
-manipulated by these functions, but return values must always be
-checked in case a memory allocation error has occurred.
-The basic object in this library is a B<BIGNUM>. It is used to hold a
-single large integer. This type should be considered opaque and fields
-should not be modified or accessed directly.
-The creation of B<BIGNUM> objects is described in L<BN_new(3)|BN_new(3)>;
-L<BN_add(3)|BN_add(3)> describes most of the arithmetic operations.
-Comparison is described in L<BN_cmp(3)|BN_cmp(3)>; L<BN_zero(3)|BN_zero(3)>
-describes certain assignments, L<BN_rand(3)|BN_rand(3)> the generation of
-random numbers, L<BN_generate_prime(3)|BN_generate_prime(3)> deals with prime
-numbers and L<BN_set_bit(3)|BN_set_bit(3)> with bit operations. The conversion
-of B<BIGNUM>s to external formats is described in L<BN_bn2bin(3)|BN_bn2bin(3)>.
-=head1 SEE ALSO
-L<bn_internal(3)|bn_internal(3)>,
-L<dh(3)|dh(3)>, L<err(3)|err(3)>, L<rand(3)|rand(3)>, L<rsa(3)|rsa(3)>,
-L<BN_new(3)|BN_new(3)>, L<BN_CTX_new(3)|BN_CTX_new(3)>,
-L<BN_copy(3)|BN_copy(3)>, L<BN_num_bytes(3)|BN_num_bytes(3)>,
-L<BN_add(3)|BN_add(3)>, L<BN_add_word(3)|BN_add_word(3)>,
-L<BN_cmp(3)|BN_cmp(3)>, L<BN_zero(3)|BN_zero(3)>, L<BN_rand(3)|BN_rand(3)>,
-L<BN_generate_prime(3)|BN_generate_prime(3)>, L<BN_set_bit(3)|BN_set_bit(3)>,
-L<BN_bn2bin(3)|BN_bn2bin(3)>, L<BN_mod_inverse(3)|BN_mod_inverse(3)>,
-L<BN_mod_mul_reciprocal(3)|BN_mod_mul_reciprocal(3)>,
-L<BN_mod_mul_montgomery(3)|BN_mod_mul_montgomery(3)> 
-=cut
diff --git a/src/lib/libcrypto/doc/d2i_DHparams.pod b/src/lib/libcrypto/doc/d2i_DHparams.pod
deleted file mode 100644
index a6d1743d39..0000000000
--- a/src/lib/libcrypto/doc/d2i_DHparams.pod
+++ /dev/null
@@ -1,30 +0,0 @@
-=pod
-=head1 NAME
-d2i_DHparams, i2d_DHparams - ...
-=head1 SYNOPSIS
- #include <openssl/dh.h>
- DH *d2i_DHparams(DH **a, unsigned char **pp, long length);
- int i2d_DHparams(DH *a, unsigned char **pp);
-=head1 DESCRIPTION
-...
-=head1 RETURN VALUES
-...
-=head1 SEE ALSO
-...
-=head1 HISTORY
-...
-=cut
diff --git a/src/lib/libcrypto/doc/d2i_RSAPublicKey.pod b/src/lib/libcrypto/doc/d2i_RSAPublicKey.pod
deleted file mode 100644
index ff4d0d57db..0000000000
--- a/src/lib/libcrypto/doc/d2i_RSAPublicKey.pod
+++ /dev/null
@@ -1,39 +0,0 @@
-=pod
-=head1 NAME
-d2i_RSAPublicKey, i2d_RSAPublicKey, d2i_RSAPrivateKey, i2d_RSAPrivateKey, i2d_Netscape_RSA, d2i_Netscape_RSA - ...
-=head1 SYNOPSIS
- #include <openssl/rsa.h>
- RSA * d2i_RSAPublicKey(RSA **a, unsigned char **pp, long length);
- int i2d_RSAPublicKey(RSA *a, unsigned char **pp);
- RSA * d2i_RSAPrivateKey(RSA **a, unsigned char **pp, long length);
- int i2d_RSAPrivateKey(RSA *a, unsigned char **pp);
- int i2d_Netscape_RSA(RSA *a, unsigned char **pp, int (*cb)());
- RSA * d2i_Netscape_RSA(RSA **a, unsigned char **pp, long length, int (*cb)());
-=head1 DESCRIPTION
-...
-=head1 RETURN VALUES
-...
-=head1 SEE ALSO
-...
-=head1 HISTORY
-...
-=cut
diff --git a/src/lib/libcrypto/doc/dh.pod b/src/lib/libcrypto/doc/dh.pod
deleted file mode 100644
index 0a9b7c03a2..0000000000
--- a/src/lib/libcrypto/doc/dh.pod
+++ /dev/null
@@ -1,68 +0,0 @@
-=pod
-=head1 NAME
-dh - Diffie-Hellman key agreement
-=head1 SYNOPSIS
- #include <openssl/dh.h>
- DH *   DH_new(void);
- void   DH_free(DH *dh);
- int    DH_size(DH *dh);
- DH *   DH_generate_parameters(int prime_len, int generator,
-                void (*callback)(int, int, void *), void *cb_arg);
- int    DH_check(DH *dh, int *codes);
- int    DH_generate_key(DH *dh);
- int    DH_compute_key(unsigned char *key, BIGNUM *pub_key, DH *dh);
- void DH_set_default_method(DH_METHOD *meth);
- DH_METHOD *DH_get_default_method(void);
- DH_METHOD *DH_set_method(DH *dh, DH_METHOD *meth);
- DH *DH_new_method(DH_METHOD *meth);
- DH_METHOD *DH_OpenSSL(void);
- int DH_get_ex_new_index(long argl, char *argp, int (*new_func)(),
-             int (*dup_func)(), void (*free_func)());
- int DH_set_ex_data(DH *d, int idx, char *arg);
- char *DH_get_ex_data(DH *d, int idx);
- DH *   d2i_DHparams(DH **a, unsigned char **pp, long length);
- int    i2d_DHparams(DH *a, unsigned char **pp);
- int    DHparams_print_fp(FILE *fp, DH *x);
- int    DHparams_print(BIO *bp, DH *x);
-=head1 DESCRIPTION
-These functions implement the Diffie-Hellman key agreement protocol.
-The generation of shared DH parameters is described in
-L<DH_generate_parameters(3)|DH_generate_parameters(3)>; L<DH_generate_key(3)|DH_generate_key(3)> describes how
-to perform a key agreement.
-The B<DH> structure consists of several BIGNUM components.
- struct
-        {
-        BIGNUM *p;              // prime number (shared)
-        BIGNUM *g;              // generator of Z_p (shared)
-        BIGNUM *priv_key;       // private DH value x
-        BIGNUM *pub_key;        // public DH value g^x
-        // ...
-        };
- DH
-=head1 SEE ALSO
-L<dhparam(1)|dhparam(1)>, L<bn(3)|bn(3)>, L<dsa(3)|dsa(3)>, L<err(3)|err(3)>,
-L<rand(3)|rand(3)>, L<rsa(3)|rsa(3)>, L<DH_set_method(3)|DH_set_method(3)>,
-L<DH_new(3)|DH_new(3)>, L<DH_get_ex_new_index(3)|DH_get_ex_new_index(3)>,
-L<DH_generate_parameters(3)|DH_generate_parameters(3)>,
-L<DH_compute_key(3)|DH_compute_key(3)>, L<d2i_DHparams(3)|d2i_DHparams(3)>,
-L<RSA_print(3)|RSA_print(3)> 
-=cut
diff --git a/src/lib/libcrypto/doc/dsa.pod b/src/lib/libcrypto/doc/dsa.pod
deleted file mode 100644
index 80ecf38178..0000000000
--- a/src/lib/libcrypto/doc/dsa.pod
+++ /dev/null
@@ -1,104 +0,0 @@
-=pod
-=head1 NAME
-dsa - Digital Signature Algorithm
-=head1 SYNOPSIS
- #include <openssl/dsa.h>
- DSA *  DSA_new(void);
- void   DSA_free(DSA *dsa);
- int    DSA_size(DSA *dsa);
- DSA *  DSA_generate_parameters(int bits, unsigned char *seed,
-                int seed_len, int *counter_ret, unsigned long *h_ret,
-                void (*callback)(int, int, void *), void *cb_arg);
- DH *   DSA_dup_DH(DSA *r);
- int    DSA_generate_key(DSA *dsa);
- int    DSA_sign(int dummy, const unsigned char *dgst, int len,
-                unsigned char *sigret, unsigned int *siglen, DSA *dsa);
- int    DSA_sign_setup(DSA *dsa, BN_CTX *ctx, BIGNUM **kinvp,
-                BIGNUM **rp);
- int    DSA_verify(int dummy, const unsigned char *dgst, int len,
-                unsigned char *sigbuf, int siglen, DSA *dsa);
- void DSA_set_default_method(DSA_METHOD *meth);
- DSA_METHOD *DSA_get_default_method(void);
- DSA_METHOD *DSA_set_method(DSA *dsa, DSA_METHOD *meth);
- DSA *DSA_new_method(DSA_METHOD *meth);
- DSA_METHOD *DSA_OpenSSL(void);
- int DSA_get_ex_new_index(long argl, char *argp, int (*new_func)(),
-             int (*dup_func)(), void (*free_func)());
- int DSA_set_ex_data(DSA *d, int idx, char *arg);
- char *DSA_get_ex_data(DSA *d, int idx);
- DSA_SIG *DSA_SIG_new(void);
- void   DSA_SIG_free(DSA_SIG *a);
- int    i2d_DSA_SIG(DSA_SIG *a, unsigned char **pp);
- DSA_SIG *d2i_DSA_SIG(DSA_SIG **v, unsigned char **pp, long length);
- DSA_SIG *DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa);
- int    DSA_do_verify(const unsigned char *dgst, int dgst_len,
-             DSA_SIG *sig, DSA *dsa);
- DSA *  d2i_DSAPublicKey(DSA **a, unsigned char **pp, long length);
- DSA *  d2i_DSAPrivateKey(DSA **a, unsigned char **pp, long length);
- DSA *  d2i_DSAparams(DSA **a, unsigned char **pp, long length);
- int    i2d_DSAPublicKey(DSA *a, unsigned char **pp);
- int    i2d_DSAPrivateKey(DSA *a, unsigned char **pp);
- int    i2d_DSAparams(DSA *a,unsigned char **pp);
- int    DSAparams_print(BIO *bp, DSA *x);
- int    DSAparams_print_fp(FILE *fp, DSA *x);
- int    DSA_print(BIO *bp, DSA *x, int off);
- int    DSA_print_fp(FILE *bp, DSA *x, int off);
-=head1 DESCRIPTION
-These functions implement the Digital Signature Algorithm (DSA).  The
-generation of shared DSA parameters is described in
-L<DSA_generate_parameters(3)|DSA_generate_parameters(3)>;
-L<DSA_generate_key(3)|DSA_generate_key(3)> describes how to
-generate a signature key. Signature generation and verification are
-described in L<DSA_sign(3)|DSA_sign(3)>.
-The B<DSA> structure consists of several BIGNUM components.
- struct
-        {
-        BIGNUM *p;              // prime number (public)
-        BIGNUM *q;              // 160-bit subprime, q | p-1 (public)
-        BIGNUM *g;              // generator of subgroup (public)
-        BIGNUM *priv_key;       // private key x
-        BIGNUM *pub_key;        // public key y = g^x
-        // ...
-        }
- DSA;
-In public keys, B<priv_key> is NULL.
-=head1 CONFORMING TO
-US Federal Information Processing Standard FIPS 186 (Digital Signature
-Standard, DSS), ANSI X9.30
-=head1 SEE ALSO
-L<bn(3)|bn(3)>, L<dh(3)|dh(3)>, L<err(3)|err(3)>, L<rand(3)|rand(3)>,
-L<rsa(3)|rsa(3)>, L<SHA1(3)|SHA1(3)>, L<DSA_new(3)|DSA_new(3)>,
-L<DSA_size(3)|DSA_size(3)>,
-L<DSA_generate_parameters(3)|DSA_generate_parameters(3)>,
-L<DSA_dup_DH(3)|DSA_dup_DH(3)>,
-L<DSA_generate_key(3)|DSA_generate_key(3)>,
-L<DSA_sign(3)|DSA_sign(3)>, L<DSA_set_method(3)|DSA_set_method(3)>,
-L<DSA_get_ex_new_index(3)|DSA_get_ex_new_index(3)>,
-L<RSA_print(3)|RSA_print(3)>
-=cut
diff --git a/src/lib/libcrypto/doc/lh_stats.pod b/src/lib/libcrypto/doc/lh_stats.pod
deleted file mode 100644
index 3eeaa72e52..0000000000
--- a/src/lib/libcrypto/doc/lh_stats.pod
+++ /dev/null
@@ -1,60 +0,0 @@
-=pod
-=head1 NAME
-lh_stats, lh_node_stats, lh_node_usage_stats, lh_stats_bio,
-lh_node_stats_bio, lh_node_usage_stats_bio - LHASH statistics
-=head1 SYNOPSIS
- #include <openssl/lhash.h>
- void lh_stats(LHASH *table, FILE *out);
- void lh_node_stats(LHASH *table, FILE *out);
- void lh_node_usage_stats(LHASH *table, FILE *out);
- void lh_stats_bio(LHASH *table, BIO *out);
- void lh_node_stats_bio(LHASH *table, BIO *out);
- void lh_node_usage_stats_bio(LHASH *table, BIO *out);
-=head1 DESCRIPTION
-The B<LHASH> structure records statistics about most aspects of
-accessing the hash table.  This is mostly a legacy of Eric Young
-writing this library for the reasons of implementing what looked like
-a nice algorithm rather than for a particular software product.
-lh_stats() prints out statistics on the size of the hash table, how
-many entries are in it, and the number and result of calls to the
-routines in this library.
-lh_node_stats() prints the number of entries for each 'bucket' in the
-hash table.
-lh_node_usage_stats() prints out a short summary of the state of the
-hash table.  It prints the 'load' and the 'actual load'.  The load is
-the average number of data items per 'bucket' in the hash table.  The
-'actual load' is the average number of items per 'bucket', but only
-for buckets which contain entries.  So the 'actual load' is the
-average number of searches that will need to find an item in the hash
-table, while the 'load' is the average number that will be done to
-record a miss.
-lh_stats_bio(), lh_node_stats_bio() and lh_node_usage_stats_bio()
-are the same as the above, except that the output goes to a B<BIO>.
-=head1 RETURN VALUES
-These functions do not return values.
-=head1 SEE ALSO
-L<bio(3)|bio(3)>, L<lhash(3)|lhash(3)>
-=head1 HISTORY
-These functions are available in all versions of SSLeay and OpenSSL.
-This manpage is derived from the SSLeay documentation.
-=cut
diff --git a/src/lib/libcrypto/doc/rsa.pod b/src/lib/libcrypto/doc/rsa.pod
deleted file mode 100644
index eb8ba612c4..0000000000
--- a/src/lib/libcrypto/doc/rsa.pod
+++ /dev/null
@@ -1,116 +0,0 @@
-=pod
-=head1 NAME
-rsa - RSA public key cryptosystem
-=head1 SYNOPSIS
- #include <openssl/rsa.h>
- RSA * RSA_new(void);
- void RSA_free(RSA *rsa);
- int RSA_public_encrypt(int flen, unsigned char *from,
-    unsigned char *to, RSA *rsa, int padding);
- int RSA_private_decrypt(int flen, unsigned char *from,
-    unsigned char *to, RSA *rsa, int padding);
- int RSA_sign(int type, unsigned char *m, unsigned int m_len,
-    unsigned char *sigret, unsigned int *siglen, RSA *rsa);
- int RSA_verify(int type, unsigned char *m, unsigned int m_len,
-    unsigned char *sigbuf, unsigned int siglen, RSA *rsa);
- int RSA_size(RSA *rsa);
- RSA *RSA_generate_key(int num, unsigned long e,
-    void (*callback)(int,int,void *), void *cb_arg);
- int RSA_check_key(RSA *rsa);
- int RSA_blinding_on(RSA *rsa, BN_CTX *ctx);
- void RSA_blinding_off(RSA *rsa);
- void RSA_set_default_method(RSA_METHOD *meth);
- RSA_METHOD *RSA_get_default_method(void);
- RSA_METHOD *RSA_set_method(RSA *rsa, RSA_METHOD *meth);
- RSA_METHOD *RSA_get_method(RSA *rsa);
- RSA_METHOD *RSA_PKCS1_SSLeay(void);
- RSA_METHOD *RSA_PKCS1_RSAref(void);
- RSA_METHOD *RSA_null_method(void);
- int RSA_flags(RSA *rsa);
- RSA *RSA_new_method(RSA_METHOD *method);
- int RSA_print(BIO *bp, RSA *x, int offset);
- int RSA_print_fp(FILE *fp, RSA *x, int offset);
- int RSA_get_ex_new_index(long argl, char *argp, int (*new_func)(),
-    int (*dup_func)(), void (*free_func)());
- int RSA_set_ex_data(RSA *r,int idx,char *arg);
- char *RSA_get_ex_data(RSA *r, int idx);
- int RSA_private_encrypt(int flen, unsigned char *from,
-    unsigned char *to, RSA *rsa,int padding);
- int RSA_public_decrypt(int flen, unsigned char *from, 
-    unsigned char *to, RSA *rsa,int padding);
- int RSA_sign_ASN1_OCTET_STRING(int dummy, unsigned char *m,
-    unsigned int m_len, unsigned char *sigret, unsigned int *siglen,
-    RSA *rsa);
- int RSA_verify_ASN1_OCTET_STRING(int dummy, unsigned char *m,
-    unsigned int m_len, unsigned char *sigbuf, unsigned int siglen,
-    RSA *rsa);
-=head1 DESCRIPTION
-These functions implement RSA public key encryption and signatures
-as defined in PKCS #1 v2.0 [RFC 2437].
-The B<RSA> structure consists of several BIGNUM components. It can
-contain public as well as private RSA keys:
- struct
-        {
-        BIGNUM *n;              // public modulus
-        BIGNUM *e;              // public exponent
-        BIGNUM *d;              // private exponent
-        BIGNUM *p;              // secret prime factor
-        BIGNUM *q;              // secret prime factor
-        BIGNUM *dmp1;           // d mod (p-1)
-        BIGNUM *dmq1;           // d mod (q-1)
-        BIGNUM *iqmp;           // q^-1 mod p
-        // ...
-        };
- RSA
-In public keys, the private exponent and the related secret values are
-B<NULL>.
-B<p>, B<q>, B<dmp1>, B<dmq1> and B<iqmp> may be B<NULL> in private
-keys, but the RSA operations are much faster when these values are
-available.
-=head1 CONFORMING TO
-SSL, PKCS #1 v2.0
-=head1 PATENTS
-RSA is covered by a US patent which expires in September 2000.
-=head1 SEE ALSO
-L<rsa(1)|rsa(1)>, L<bn(3)|bn(3)>, L<dsa(3)|dsa(3)>, L<dh(3)|dh(3)>,
-L<rand(3)|rand(3)>, L<RSA_new(3)|RSA_new(3)>,
-L<RSA_public_encrypt(3)|RSA_public_encrypt(3)>,
-L<RSA_sign(3)|RSA_sign(3)>, L<RSA_size(3)|RSA_size(3)>,
-L<RSA_generate_key(3)|RSA_generate_key(3)>,
-L<RSA_check_key(3)|RSA_check_key(3)>,
-L<RSA_blinding_on(3)|RSA_blinding_on(3)>,
-L<RSA_set_method(3)|RSA_set_method(3)>, L<RSA_print(3)|RSA_print(3)>,
-L<RSA_get_ex_new_index(3)|RSA_get_ex_new_index(3)>,
-L<RSA_private_encrypt(3)|RSA_private_encrypt(3)>,
-L<RSA_sign_ASN_OCTET_STRING(3)|RSA_sign_ASN_OCTET_STRING(3)>,
-L<RSA_padding_add_PKCS1_type_1(3)|RSA_padding_add_PKCS1_type_1(3)> 
-=cut