116 files changed, 9901 insertions, 0 deletions
diff --git a/src/lib/libcrypto/doc/DH_generate_key.pod b/src/lib/libcrypto/doc/DH_generate_key.pod
new file mode 100644
index 0000000000..81f09fdf45
--- /dev/null
+++ b/src/lib/libcrypto/doc/DH_generate_key.pod
@@ -0,0 +1,50 @@
+=pod
+=head1 NAME
+DH_generate_key, DH_compute_key - perform Diffie-Hellman key exchange
+=head1 SYNOPSIS
+ #include <openssl/dh.h>
+ int DH_generate_key(DH *dh);
+ int DH_compute_key(unsigned char *key, BIGNUM *pub_key, DH *dh);
+=head1 DESCRIPTION
+DH_generate_key() performs the first step of a Diffie-Hellman key
+exchange by generating private and public DH values. By calling
+DH_compute_key(), these are combined with the other party's public
+value to compute the shared key.
+DH_generate_key() expects B<dh> to contain the shared parameters
+B<dh-E<gt>p> and B<dh-E<gt>g>. It generates a random private DH value
+unless B<dh-E<gt>priv_key> is already set, and computes the
+corresponding public value B<dh-E<gt>pub_key>, which can then be
+published.
+DH_compute_key() computes the shared secret from the private DH value
+in B<dh> and the other party's public value in B<pub_key> and stores
+it in B<key>. B<key> must point to B<DH_size(dh)> bytes of memory.
+=head1 RETURN VALUES
+DH_generate_key() returns 1 on success, 0 otherwise.
+DH_compute_key() returns the size of the shared secret on success, -1
+on error.
+The error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
+=head1 SEE ALSO
+L<dh(3)|dh(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>, L<DH_size(3)|DH_size(3)>
+=head1 HISTORY
+DH_generate_key() and DH_compute_key() are available in all versions
+of SSLeay and OpenSSL.
+=cut
diff --git a/src/lib/libcrypto/doc/DH_generate_parameters.pod b/src/lib/libcrypto/doc/DH_generate_parameters.pod
new file mode 100644
index 0000000000..9081e9ea7c
--- /dev/null
+++ b/src/lib/libcrypto/doc/DH_generate_parameters.pod
@@ -0,0 +1,73 @@
+=pod
+=head1 NAME
+DH_generate_parameters, DH_check - generate and check Diffie-Hellman parameters
+=head1 SYNOPSIS
+ #include <openssl/dh.h>
+ DH *DH_generate_parameters(int prime_len, int generator,
+     void (*callback)(int, int, void *), void *cb_arg);
+ int DH_check(DH *dh, int *codes);
+=head1 DESCRIPTION
+DH_generate_parameters() generates Diffie-Hellman parameters that can
+be shared among a group of users, and returns them in a newly
+allocated B<DH> structure. The pseudo-random number generator must be
+seeded prior to calling DH_generate_parameters().
+B<prime_len> is the length in bits of the safe prime to be generated.
+B<generator> is a small number E<gt> 1, typically 2 or 5. 
+A callback function may be used to provide feedback about the progress
+of the key generation. If B<callback> is not B<NULL>, it will be
+called as described in L<BN_generate_prime(3)|BN_generate_prime(3)> while a random prime
+number is generated, and when a prime has been found, B<callback(3,
+0, cb_arg)> is called.
+DH_check() validates Diffie-Hellman parameters. It checks that B<p> is
+a safe prime, and that B<g> is a suitable generator. In the case of an
+error, the bit flags DH_CHECK_P_NOT_SAFE_PRIME or
+DH_NOT_SUITABLE_GENERATOR are set in B<*codes>.
+DH_UNABLE_TO_CHECK_GENERATOR is set if the generator cannot be
+checked, i.e. it does not equal 2 or 5.
+=head1 RETURN VALUES
+DH_generate_parameters() returns a pointer to the DH structure, or
+NULL if the parameter generation fails. The error codes can be
+obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
+DH_check() returns 1 if the check could be performed, 0 otherwise.
+=head1 NOTES
+DH_generate_parameters() may run for several hours before finding a
+suitable prime.
+The parameters generated by DH_generate_parameters() are not to be
+used in signature schemes.
+=head1 BUGS
+If B<generator> is not 2 or 5, B<dh-E<gt>g>=B<generator> is not
+a usable generator.
+=head1 SEE ALSO
+L<dh(3)|dh(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>,
+L<DH_free(3)|DH_free(3)>
+=head1 HISTORY
+DH_check() is available in all versions of SSLeay and OpenSSL.
+The B<cb_arg> argument to DH_generate_parameters() was added in SSLeay 0.9.0.
+In versions before OpenSSL 0.9.5, DH_CHECK_P_NOT_STRONG_PRIME is used
+instead of DH_CHECK_P_NOT_SAFE_PRIME.
+=cut
diff --git a/src/lib/libcrypto/doc/DH_get_ex_new_index.pod b/src/lib/libcrypto/doc/DH_get_ex_new_index.pod
new file mode 100644
index 0000000000..fa5eab2650
--- /dev/null
+++ b/src/lib/libcrypto/doc/DH_get_ex_new_index.pod
@@ -0,0 +1,36 @@
+=pod
+=head1 NAME
+DH_get_ex_new_index, DH_set_ex_data, DH_get_ex_data - add application specific data to DH structures
+=head1 SYNOPSIS
+ #include <openssl/dh.h>
+ int DH_get_ex_new_index(long argl, void *argp,
+                CRYPTO_EX_new *new_func,
+                CRYPTO_EX_dup *dup_func,
+                CRYPTO_EX_free *free_func);
+ int DH_set_ex_data(DH *d, int idx, void *arg);
+ char *DH_get_ex_data(DH *d, int idx);
+=head1 DESCRIPTION
+These functions handle application specific data in DH
+structures. Their usage is identical to that of
+RSA_get_ex_new_index(), RSA_set_ex_data() and RSA_get_ex_data()
+as described in L<RSA_get_ex_new_index(3)>.
+=head1 SEE ALSO
+L<RSA_get_ex_new_index(3)|RSA_get_ex_new_index(3)>, L<dh(3)|dh(3)>
+=head1 HISTORY
+DH_get_ex_new_index(), DH_set_ex_data() and DH_get_ex_data() are
+available since OpenSSL 0.9.5.
+=cut
diff --git a/src/lib/libcrypto/doc/DH_new.pod b/src/lib/libcrypto/doc/DH_new.pod
new file mode 100644
index 0000000000..60c930093e
--- /dev/null
+++ b/src/lib/libcrypto/doc/DH_new.pod
@@ -0,0 +1,40 @@
+=pod
+=head1 NAME
+DH_new, DH_free - allocate and free DH objects
+=head1 SYNOPSIS
+ #include <openssl/dh.h>
+ DH* DH_new(void);
+ void DH_free(DH *dh);
+=head1 DESCRIPTION
+DH_new() allocates and initializes a B<DH> structure.
+DH_free() frees the B<DH> structure and its components. The values are
+erased before the memory is returned to the system.
+=head1 RETURN VALUES
+If the allocation fails, DH_new() returns B<NULL> and sets an error
+code that can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>. Otherwise it returns
+a pointer to the newly allocated structure.
+DH_free() returns no value.
+=head1 SEE ALSO
+L<dh(3)|dh(3)>, L<ERR_get_error(3)|ERR_get_error(3)>,
+L<DH_generate_parameters(3)|DH_generate_parameters(3)>,
+L<DH_generate_key(3)|DH_generate_key(3)>
+=head1 HISTORY
+DH_new() and DH_free() are available in all versions of SSLeay and OpenSSL.
+=cut
diff --git a/src/lib/libcrypto/doc/DH_set_method.pod b/src/lib/libcrypto/doc/DH_set_method.pod
new file mode 100644
index 0000000000..d5cdc3be0c
--- /dev/null
+++ b/src/lib/libcrypto/doc/DH_set_method.pod
@@ -0,0 +1,129 @@
+=pod
+=head1 NAME
+DH_set_default_method, DH_get_default_method,
+DH_set_method, DH_new_method, DH_OpenSSL - select DH method
+=head1 SYNOPSIS
+ #include <openssl/dh.h>
+ #include <openssl/engine.h>
+ void DH_set_default_method(const DH_METHOD *meth);
+ const DH_METHOD *DH_get_default_method(void);
+ int DH_set_method(DH *dh, const DH_METHOD *meth);
+ DH *DH_new_method(ENGINE *engine);
+ const DH_METHOD *DH_OpenSSL(void);
+=head1 DESCRIPTION
+A B<DH_METHOD> specifies the functions that OpenSSL uses for Diffie-Hellman
+operations. By modifying the method, alternative implementations
+such as hardware accelerators may be used. IMPORTANT: See the NOTES section for
+important information about how these DH API functions are affected by the use
+of B<ENGINE> API calls.
+Initially, the default DH_METHOD is the OpenSSL internal implementation, as
+returned by DH_OpenSSL().
+DH_set_default_method() makes B<meth> the default method for all DH
+structures created later. B<NB>: This is true only whilst no ENGINE has been set
+as a default for DH, so this function is no longer recommended.
+DH_get_default_method() returns a pointer to the current default DH_METHOD.
+However, the meaningfulness of this result is dependent on whether the ENGINE
+API is being used, so this function is no longer recommended.
+DH_set_method() selects B<meth> to perform all operations using the key B<dh>.
+This will replace the DH_METHOD used by the DH key and if the previous method
+was supplied by an ENGINE, the handle to that ENGINE will be released during the
+change. It is possible to have DH keys that only work with certain DH_METHOD
+implementations (eg. from an ENGINE module that supports embedded
+hardware-protected keys), and in such cases attempting to change the DH_METHOD
+for the key can have unexpected results.
+DH_new_method() allocates and initializes a DH structure so that B<engine> will
+be used for the DH operations. If B<engine> is NULL, the default ENGINE for DH
+operations is used, and if no default ENGINE is set, the DH_METHOD controlled by
+DH_set_default_method() is used.
+=head1 THE DH_METHOD STRUCTURE
+ typedef struct dh_meth_st
+ {
+     /* name of the implementation */
+        const char *name;
+     /* generate private and public DH values for key agreement */
+        int (*generate_key)(DH *dh);
+     /* compute shared secret */
+        int (*compute_key)(unsigned char *key, BIGNUM *pub_key, DH *dh);
+     /* compute r = a ^ p mod m (May be NULL for some implementations) */
+        int (*bn_mod_exp)(DH *dh, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
+                                const BIGNUM *m, BN_CTX *ctx,
+                                BN_MONT_CTX *m_ctx);
+     /* called at DH_new */
+        int (*init)(DH *dh);
+     /* called at DH_free */
+        int (*finish)(DH *dh);
+        int flags;
+        char *app_data; /* ?? */
+ } DH_METHOD;
+=head1 RETURN VALUES
+DH_OpenSSL() and DH_get_default_method() return pointers to the respective
+B<DH_METHOD>s.
+DH_set_default_method() returns no value.
+DH_set_method() returns non-zero if the provided B<meth> was successfully set as
+the method for B<dh> (including unloading the ENGINE handle if the previous
+method was supplied by an ENGINE).
+DH_new_method() returns NULL and sets an error code that can be obtained by
+L<ERR_get_error(3)|ERR_get_error(3)> if the allocation fails. Otherwise it
+returns a pointer to the newly allocated structure.
+=head1 NOTES
+As of version 0.9.7, DH_METHOD implementations are grouped together with other
+algorithmic APIs (eg. RSA_METHOD, EVP_CIPHER, etc) in B<ENGINE> modules. If a
+default ENGINE is specified for DH functionality using an ENGINE API function,
+that will override any DH defaults set using the DH API (ie.
+DH_set_default_method()). For this reason, the ENGINE API is the recommended way
+to control default implementations for use in DH and other cryptographic
+algorithms.
+=head1 SEE ALSO
+L<dh(3)|dh(3)>, L<DH_new(3)|DH_new(3)>
+=head1 HISTORY
+DH_set_default_method(), DH_get_default_method(), DH_set_method(),
+DH_new_method() and DH_OpenSSL() were added in OpenSSL 0.9.4.
+DH_set_default_openssl_method() and DH_get_default_openssl_method() replaced
+DH_set_default_method() and DH_get_default_method() respectively, and
+DH_set_method() and DH_new_method() were altered to use B<ENGINE>s rather than
+B<DH_METHOD>s during development of the engine version of OpenSSL 0.9.6. For
+0.9.7, the handling of defaults in the ENGINE API was restructured so that this
+change was reversed, and behaviour of the other functions resembled more closely
+the previous behaviour. The behaviour of defaults in the ENGINE API now
+transparently overrides the behaviour of defaults in the DH API without
+requiring changing these function prototypes.
+=cut
diff --git a/src/lib/libcrypto/doc/DH_size.pod b/src/lib/libcrypto/doc/DH_size.pod
new file mode 100644
index 0000000000..97f26fda78
--- /dev/null
+++ b/src/lib/libcrypto/doc/DH_size.pod
@@ -0,0 +1,33 @@
+=pod
+=head1 NAME
+DH_size - get Diffie-Hellman prime size
+=head1 SYNOPSIS
+ #include <openssl/dh.h>
+ int DH_size(DH *dh);
+=head1 DESCRIPTION
+This function returns the Diffie-Hellman size in bytes. It can be used
+to determine how much memory must be allocated for the shared secret
+computed by DH_compute_key().
+B<dh-E<gt>p> must not be B<NULL>.
+=head1 RETURN VALUE
+The size in bytes.
+=head1 SEE ALSO
+L<dh(3)|dh(3)>, L<DH_generate_key(3)|DH_generate_key(3)>
+=head1 HISTORY
+DH_size() is available in all versions of SSLeay and OpenSSL.
+=cut
diff --git a/src/lib/libcrypto/doc/DSA_SIG_new.pod b/src/lib/libcrypto/doc/DSA_SIG_new.pod
new file mode 100644
index 0000000000..3ac6140038
--- /dev/null
+++ b/src/lib/libcrypto/doc/DSA_SIG_new.pod
@@ -0,0 +1,40 @@
+=pod
+=head1 NAME
+DSA_SIG_new, DSA_SIG_free - allocate and free DSA signature objects
+=head1 SYNOPSIS
+ #include <openssl/dsa.h>
+ DSA_SIG *DSA_SIG_new(void);
+ void   DSA_SIG_free(DSA_SIG *a);
+=head1 DESCRIPTION
+DSA_SIG_new() allocates and initializes a B<DSA_SIG> structure.
+DSA_SIG_free() frees the B<DSA_SIG> structure and its components. The
+values are erased before the memory is returned to the system.
+=head1 RETURN VALUES
+If the allocation fails, DSA_SIG_new() returns B<NULL> and sets an
+error code that can be obtained by
+L<ERR_get_error(3)|ERR_get_error(3)>. Otherwise it returns a pointer
+to the newly allocated structure.
+DSA_SIG_free() returns no value.
+=head1 SEE ALSO
+L<dsa(3)|dsa(3)>, L<ERR_get_error(3)|ERR_get_error(3)>,
+L<DSA_do_sign(3)|DSA_do_sign(3)>
+=head1 HISTORY
+DSA_SIG_new() and DSA_SIG_free() were added in OpenSSL 0.9.3.
+=cut
diff --git a/src/lib/libcrypto/doc/DSA_do_sign.pod b/src/lib/libcrypto/doc/DSA_do_sign.pod
new file mode 100644
index 0000000000..5dfc733b20
--- /dev/null
+++ b/src/lib/libcrypto/doc/DSA_do_sign.pod
@@ -0,0 +1,47 @@
+=pod
+=head1 NAME
+DSA_do_sign, DSA_do_verify - raw DSA signature operations
+=head1 SYNOPSIS
+ #include <openssl/dsa.h>
+ DSA_SIG *DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa);
+ int DSA_do_verify(const unsigned char *dgst, int dgst_len,
+             DSA_SIG *sig, DSA *dsa);
+=head1 DESCRIPTION
+DSA_do_sign() computes a digital signature on the B<len> byte message
+digest B<dgst> using the private key B<dsa> and returns it in a
+newly allocated B<DSA_SIG> structure.
+L<DSA_sign_setup(3)|DSA_sign_setup(3)> may be used to precompute part
+of the signing operation in case signature generation is
+time-critical.
+DSA_do_verify() verifies that the signature B<sig> matches a given
+message digest B<dgst> of size B<len>.  B<dsa> is the signer's public
+key.
+=head1 RETURN VALUES
+DSA_do_sign() returns the signature, NULL on error.  DSA_do_verify()
+returns 1 for a valid signature, 0 for an incorrect signature and -1
+on error. The error codes can be obtained by
+L<ERR_get_error(3)|ERR_get_error(3)>.
+=head1 SEE ALSO
+L<dsa(3)|dsa(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>,
+L<DSA_SIG_new(3)|DSA_SIG_new(3)>,
+L<DSA_sign(3)|DSA_sign(3)>
+=head1 HISTORY
+DSA_do_sign() and DSA_do_verify() were added in OpenSSL 0.9.3.
+=cut
diff --git a/src/lib/libcrypto/doc/DSA_dup_DH.pod b/src/lib/libcrypto/doc/DSA_dup_DH.pod
new file mode 100644
index 0000000000..7f6f0d1115
--- /dev/null
+++ b/src/lib/libcrypto/doc/DSA_dup_DH.pod
@@ -0,0 +1,36 @@
+=pod
+=head1 NAME
+DSA_dup_DH - create a DH structure out of DSA structure
+=head1 SYNOPSIS
+ #include <openssl/dsa.h>
+ DH * DSA_dup_DH(const DSA *r);
+=head1 DESCRIPTION
+DSA_dup_DH() duplicates DSA parameters/keys as DH parameters/keys. q
+is lost during that conversion, but the resulting DH parameters
+contain its length.
+=head1 RETURN VALUE
+DSA_dup_DH() returns the new B<DH> structure, and NULL on error. The
+error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
+=head1 NOTE
+Be careful to avoid small subgroup attacks when using this.
+=head1 SEE ALSO
+L<dh(3)|dh(3)>, L<dsa(3)|dsa(3)>, L<ERR_get_error(3)|ERR_get_error(3)>
+=head1 HISTORY
+DSA_dup_DH() was added in OpenSSL 0.9.4.
+=cut
diff --git a/src/lib/libcrypto/doc/DSA_generate_key.pod b/src/lib/libcrypto/doc/DSA_generate_key.pod
new file mode 100644
index 0000000000..af83ccfaa1
--- /dev/null
+++ b/src/lib/libcrypto/doc/DSA_generate_key.pod
@@ -0,0 +1,34 @@
+=pod
+=head1 NAME
+DSA_generate_key - generate DSA key pair
+=head1 SYNOPSIS
+ #include <openssl/dsa.h>
+ int DSA_generate_key(DSA *a);
+=head1 DESCRIPTION
+DSA_generate_key() expects B<a> to contain DSA parameters. It generates
+a new key pair and stores it in B<a-E<gt>pub_key> and B<a-E<gt>priv_key>.
+The PRNG must be seeded prior to calling DSA_generate_key().
+=head1 RETURN VALUE
+DSA_generate_key() returns 1 on success, 0 otherwise.
+The error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
+=head1 SEE ALSO
+L<dsa(3)|dsa(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>,
+L<DSA_generate_parameters(3)|DSA_generate_parameters(3)>
+=head1 HISTORY
+DSA_generate_key() is available since SSLeay 0.8.
+=cut
diff --git a/src/lib/libcrypto/doc/DSA_generate_parameters.pod b/src/lib/libcrypto/doc/DSA_generate_parameters.pod
new file mode 100644
index 0000000000..be7c924ff8
--- /dev/null
+++ b/src/lib/libcrypto/doc/DSA_generate_parameters.pod
@@ -0,0 +1,105 @@
+=pod
+=head1 NAME
+DSA_generate_parameters - generate DSA parameters
+=head1 SYNOPSIS
+ #include <openssl/dsa.h>
+ DSA *DSA_generate_parameters(int bits, unsigned char *seed,
+                int seed_len, int *counter_ret, unsigned long *h_ret,
+                void (*callback)(int, int, void *), void *cb_arg);
+=head1 DESCRIPTION
+DSA_generate_parameters() generates primes p and q and a generator g
+for use in the DSA.
+B<bits> is the length of the prime to be generated; the DSS allows a
+maximum of 1024 bits.
+If B<seed> is B<NULL> or B<seed_len> E<lt> 20, the primes will be
+generated at random. Otherwise, the seed is used to generate
+them. If the given seed does not yield a prime q, a new random
+seed is chosen and placed at B<seed>.
+DSA_generate_parameters() places the iteration count in
+*B<counter_ret> and a counter used for finding a generator in
+*B<h_ret>, unless these are B<NULL>.
+A callback function may be used to provide feedback about the progress
+of the key generation. If B<callback> is not B<NULL>, it will be
+called as follows:
+=over 4
+=item *
+When a candidate for q is generated, B<callback(0, m++, cb_arg)> is called
+(m is 0 for the first candidate).
+=item *
+When a candidate for q has passed a test by trial division,
+B<callback(1, -1, cb_arg)> is called.
+While a candidate for q is tested by Miller-Rabin primality tests,
+B<callback(1, i, cb_arg)> is called in the outer loop
+(once for each witness that confirms that the candidate may be prime);
+i is the loop counter (starting at 0).
+=item *
+When a prime q has been found, B<callback(2, 0, cb_arg)> and
+B<callback(3, 0, cb_arg)> are called.
+=item *
+Before a candidate for p (other than the first) is generated and tested,
+B<callback(0, counter, cb_arg)> is called.
+=item *
+When a candidate for p has passed the test by trial division,
+B<callback(1, -1, cb_arg)> is called.
+While it is tested by the Miller-Rabin primality test,
+B<callback(1, i, cb_arg)> is called in the outer loop
+(once for each witness that confirms that the candidate may be prime).
+i is the loop counter (starting at 0).
+=item *
+When p has been found, B<callback(2, 1, cb_arg)> is called.
+=item *
+When the generator has been found, B<callback(3, 1, cb_arg)> is called.
+=back
+=head1 RETURN VALUE
+DSA_generate_parameters() returns a pointer to the DSA structure, or
+B<NULL> if the parameter generation fails. The error codes can be
+obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
+=head1 BUGS
+Seed lengths E<gt> 20 are not supported.
+=head1 SEE ALSO
+L<dsa(3)|dsa(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>,
+L<DSA_free(3)|DSA_free(3)>
+=head1 HISTORY
+DSA_generate_parameters() appeared in SSLeay 0.8. The B<cb_arg>
+argument was added in SSLeay 0.9.0.
+In versions up to OpenSSL 0.9.4, B<callback(1, ...)> was called
+in the inner loop of the Miller-Rabin test whenever it reached the
+squaring step (the parameters to B<callback> did not reveal how many
+witnesses had been tested); since OpenSSL 0.9.5, B<callback(1, ...)>
+is called as in BN_is_prime(3), i.e. once for each witness.
+=cut
diff --git a/src/lib/libcrypto/doc/DSA_get_ex_new_index.pod b/src/lib/libcrypto/doc/DSA_get_ex_new_index.pod
new file mode 100644
index 0000000000..fb6efc1182
--- /dev/null
+++ b/src/lib/libcrypto/doc/DSA_get_ex_new_index.pod
@@ -0,0 +1,36 @@
+=pod
+=head1 NAME
+DSA_get_ex_new_index, DSA_set_ex_data, DSA_get_ex_data - add application specific data to DSA structures
+=head1 SYNOPSIS
+ #include <openssl/dsa.h>
+ int DSA_get_ex_new_index(long argl, void *argp,
+                CRYPTO_EX_new *new_func,
+                CRYPTO_EX_dup *dup_func,
+                CRYPTO_EX_free *free_func);
+ int DSA_set_ex_data(DSA *d, int idx, void *arg);
+ char *DSA_get_ex_data(DSA *d, int idx);
+=head1 DESCRIPTION
+These functions handle application specific data in DSA
+structures. Their usage is identical to that of
+RSA_get_ex_new_index(), RSA_set_ex_data() and RSA_get_ex_data()
+as described in L<RSA_get_ex_new_index(3)>.
+=head1 SEE ALSO
+L<RSA_get_ex_new_index(3)|RSA_get_ex_new_index(3)>, L<dsa(3)|dsa(3)>
+=head1 HISTORY
+DSA_get_ex_new_index(), DSA_set_ex_data() and DSA_get_ex_data() are
+available since OpenSSL 0.9.5.
+=cut
diff --git a/src/lib/libcrypto/doc/DSA_new.pod b/src/lib/libcrypto/doc/DSA_new.pod
new file mode 100644
index 0000000000..48e9b82a09
--- /dev/null
+++ b/src/lib/libcrypto/doc/DSA_new.pod
@@ -0,0 +1,42 @@
+=pod
+=head1 NAME
+DSA_new, DSA_free - allocate and free DSA objects
+=head1 SYNOPSIS
+ #include <openssl/dsa.h>
+ DSA* DSA_new(void);
+ void DSA_free(DSA *dsa);
+=head1 DESCRIPTION
+DSA_new() allocates and initializes a B<DSA> structure. It is equivalent to
+calling DSA_new_method(NULL).
+DSA_free() frees the B<DSA> structure and its components. The values are
+erased before the memory is returned to the system.
+=head1 RETURN VALUES
+If the allocation fails, DSA_new() returns B<NULL> and sets an error
+code that can be obtained by
+L<ERR_get_error(3)|ERR_get_error(3)>. Otherwise it returns a pointer
+to the newly allocated structure.
+DSA_free() returns no value.
+=head1 SEE ALSO
+L<dsa(3)|dsa(3)>, L<ERR_get_error(3)|ERR_get_error(3)>,
+L<DSA_generate_parameters(3)|DSA_generate_parameters(3)>,
+L<DSA_generate_key(3)|DSA_generate_key(3)>
+=head1 HISTORY
+DSA_new() and DSA_free() are available in all versions of SSLeay and OpenSSL.
+=cut
diff --git a/src/lib/libcrypto/doc/DSA_set_method.pod b/src/lib/libcrypto/doc/DSA_set_method.pod
new file mode 100644
index 0000000000..9c1434bd8d
--- /dev/null
+++ b/src/lib/libcrypto/doc/DSA_set_method.pod
@@ -0,0 +1,143 @@
+=pod
+=head1 NAME
+DSA_set_default_method, DSA_get_default_method,
+DSA_set_method, DSA_new_method, DSA_OpenSSL - select DSA method
+=head1 SYNOPSIS
+ #include <openssl/dsa.h>
+ #include <openssl/engine.h>
+ void DSA_set_default_method(const DSA_METHOD *meth);
+ const DSA_METHOD *DSA_get_default_method(void);
+ int DSA_set_method(DSA *dsa, const DSA_METHOD *meth);
+ DSA *DSA_new_method(ENGINE *engine);
+ DSA_METHOD *DSA_OpenSSL(void);
+=head1 DESCRIPTION
+A B<DSA_METHOD> specifies the functions that OpenSSL uses for DSA
+operations. By modifying the method, alternative implementations
+such as hardware accelerators may be used. IMPORTANT: See the NOTES section for
+important information about how these DSA API functions are affected by the use
+of B<ENGINE> API calls.
+Initially, the default DSA_METHOD is the OpenSSL internal implementation,
+as returned by DSA_OpenSSL().
+DSA_set_default_method() makes B<meth> the default method for all DSA
+structures created later. B<NB>: This is true only whilst no ENGINE has
+been set as a default for DSA, so this function is no longer recommended.
+DSA_get_default_method() returns a pointer to the current default
+DSA_METHOD. However, the meaningfulness of this result is dependent on
+whether the ENGINE API is being used, so this function is no longer 
+recommended.
+DSA_set_method() selects B<meth> to perform all operations using the key
+B<rsa>. This will replace the DSA_METHOD used by the DSA key and if the
+previous method was supplied by an ENGINE, the handle to that ENGINE will
+be released during the change. It is possible to have DSA keys that only
+work with certain DSA_METHOD implementations (eg. from an ENGINE module
+that supports embedded hardware-protected keys), and in such cases
+attempting to change the DSA_METHOD for the key can have unexpected
+results.
+DSA_new_method() allocates and initializes a DSA structure so that B<engine>
+will be used for the DSA operations. If B<engine> is NULL, the default engine
+for DSA operations is used, and if no default ENGINE is set, the DSA_METHOD
+controlled by DSA_set_default_method() is used.
+=head1 THE DSA_METHOD STRUCTURE
+struct
+ {
+     /* name of the implementation */
+        const char *name;
+     /* sign */
+        DSA_SIG *(*dsa_do_sign)(const unsigned char *dgst, int dlen,
+                                 DSA *dsa);
+     /* pre-compute k^-1 and r */
+        int (*dsa_sign_setup)(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp,
+                                 BIGNUM **rp);
+     /* verify */
+        int (*dsa_do_verify)(const unsigned char *dgst, int dgst_len,
+                                 DSA_SIG *sig, DSA *dsa);
+     /* compute rr = a1^p1 * a2^p2 mod m (May be NULL for some
+                                          implementations) */
+        int (*dsa_mod_exp)(DSA *dsa, BIGNUM *rr, BIGNUM *a1, BIGNUM *p1,
+                                 BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
+                                 BN_CTX *ctx, BN_MONT_CTX *in_mont);
+     /* compute r = a ^ p mod m (May be NULL for some implementations) */
+        int (*bn_mod_exp)(DSA *dsa, BIGNUM *r, BIGNUM *a,
+                                 const BIGNUM *p, const BIGNUM *m,
+                                 BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+     /* called at DSA_new */
+        int (*init)(DSA *DSA);
+     /* called at DSA_free */
+        int (*finish)(DSA *DSA);
+        int flags;
+        char *app_data; /* ?? */
+ } DSA_METHOD;
+=head1 RETURN VALUES
+DSA_OpenSSL() and DSA_get_default_method() return pointers to the respective
+B<DSA_METHOD>s.
+DSA_set_default_method() returns no value.
+DSA_set_method() returns non-zero if the provided B<meth> was successfully set as
+the method for B<dsa> (including unloading the ENGINE handle if the previous
+method was supplied by an ENGINE).
+DSA_new_method() returns NULL and sets an error code that can be
+obtained by L<ERR_get_error(3)|ERR_get_error(3)> if the allocation
+fails. Otherwise it returns a pointer to the newly allocated structure.
+=head1 NOTES
+As of version 0.9.7, DSA_METHOD implementations are grouped together with other
+algorithmic APIs (eg. RSA_METHOD, EVP_CIPHER, etc) in B<ENGINE> modules. If a
+default ENGINE is specified for DSA functionality using an ENGINE API function,
+that will override any DSA defaults set using the DSA API (ie.
+DSA_set_default_method()). For this reason, the ENGINE API is the recommended way
+to control default implementations for use in DSA and other cryptographic
+algorithms.
+=head1 SEE ALSO
+L<dsa(3)|dsa(3)>, L<DSA_new(3)|DSA_new(3)>
+=head1 HISTORY
+DSA_set_default_method(), DSA_get_default_method(), DSA_set_method(),
+DSA_new_method() and DSA_OpenSSL() were added in OpenSSL 0.9.4.
+DSA_set_default_openssl_method() and DSA_get_default_openssl_method() replaced
+DSA_set_default_method() and DSA_get_default_method() respectively, and
+DSA_set_method() and DSA_new_method() were altered to use B<ENGINE>s rather than
+B<DSA_METHOD>s during development of the engine version of OpenSSL 0.9.6. For
+0.9.7, the handling of defaults in the ENGINE API was restructured so that this
+change was reversed, and behaviour of the other functions resembled more closely
+the previous behaviour. The behaviour of defaults in the ENGINE API now
+transparently overrides the behaviour of defaults in the DSA API without
+requiring changing these function prototypes.
+=cut
diff --git a/src/lib/libcrypto/doc/DSA_sign.pod b/src/lib/libcrypto/doc/DSA_sign.pod
new file mode 100644
index 0000000000..97389e8ec8
--- /dev/null
+++ b/src/lib/libcrypto/doc/DSA_sign.pod
@@ -0,0 +1,66 @@
+=pod
+=head1 NAME
+DSA_sign, DSA_sign_setup, DSA_verify - DSA signatures
+=head1 SYNOPSIS
+ #include <openssl/dsa.h>
+ int    DSA_sign(int type, const unsigned char *dgst, int len,
+                unsigned char *sigret, unsigned int *siglen, DSA *dsa);
+ int    DSA_sign_setup(DSA *dsa, BN_CTX *ctx, BIGNUM **kinvp,
+                BIGNUM **rp);
+ int    DSA_verify(int type, const unsigned char *dgst, int len,
+                unsigned char *sigbuf, int siglen, DSA *dsa);
+=head1 DESCRIPTION
+DSA_sign() computes a digital signature on the B<len> byte message
+digest B<dgst> using the private key B<dsa> and places its ASN.1 DER
+encoding at B<sigret>. The length of the signature is places in
+*B<siglen>. B<sigret> must point to DSA_size(B<dsa>) bytes of memory.
+DSA_sign_setup() may be used to precompute part of the signing
+operation in case signature generation is time-critical. It expects
+B<dsa> to contain DSA parameters. It places the precomputed values
+in newly allocated B<BIGNUM>s at *B<kinvp> and *B<rp>, after freeing
+the old ones unless *B<kinvp> and *B<rp> are NULL. These values may
+be passed to DSA_sign() in B<dsa-E<gt>kinv> and B<dsa-E<gt>r>.
+B<ctx> is a pre-allocated B<BN_CTX> or NULL.
+DSA_verify() verifies that the signature B<sigbuf> of size B<siglen>
+matches a given message digest B<dgst> of size B<len>.
+B<dsa> is the signer's public key.
+The B<type> parameter is ignored.
+The PRNG must be seeded before DSA_sign() (or DSA_sign_setup())
+is called.
+=head1 RETURN VALUES
+DSA_sign() and DSA_sign_setup() return 1 on success, 0 on error.
+DSA_verify() returns 1 for a valid signature, 0 for an incorrect
+signature and -1 on error. The error codes can be obtained by
+L<ERR_get_error(3)|ERR_get_error(3)>.
+=head1 CONFORMING TO
+US Federal Information Processing Standard FIPS 186 (Digital Signature
+Standard, DSS), ANSI X9.30
+=head1 SEE ALSO
+L<dsa(3)|dsa(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>,
+L<DSA_do_sign(3)|DSA_do_sign(3)>
+=head1 HISTORY
+DSA_sign() and DSA_verify() are available in all versions of SSLeay.
+DSA_sign_setup() was added in SSLeay 0.8.
+=cut
diff --git a/src/lib/libcrypto/doc/DSA_size.pod b/src/lib/libcrypto/doc/DSA_size.pod
new file mode 100644
index 0000000000..ba4f650361
--- /dev/null
+++ b/src/lib/libcrypto/doc/DSA_size.pod
@@ -0,0 +1,33 @@
+=pod
+=head1 NAME
+DSA_size - get DSA signature size
+=head1 SYNOPSIS
+ #include <openssl/dsa.h>
+ int DSA_size(const DSA *dsa);
+=head1 DESCRIPTION
+This function returns the size of an ASN.1 encoded DSA signature in
+bytes. It can be used to determine how much memory must be allocated
+for a DSA signature.
+B<dsa-E<gt>q> must not be B<NULL>.
+=head1 RETURN VALUE
+The size in bytes.
+=head1 SEE ALSO
+L<dsa(3)|dsa(3)>, L<DSA_sign(3)|DSA_sign(3)>
+=head1 HISTORY
+DSA_size() is available in all versions of SSLeay and OpenSSL.
+=cut
diff --git a/src/lib/libcrypto/doc/ERR_GET_LIB.pod b/src/lib/libcrypto/doc/ERR_GET_LIB.pod
new file mode 100644
index 0000000000..2a129da036
--- /dev/null
+++ b/src/lib/libcrypto/doc/ERR_GET_LIB.pod
@@ -0,0 +1,51 @@
+=pod
+=head1 NAME
+ERR_GET_LIB, ERR_GET_FUNC, ERR_GET_REASON - get library, function and
+reason code
+=head1 SYNOPSIS
+ #include <openssl/err.h>
+ int ERR_GET_LIB(unsigned long e);
+ int ERR_GET_FUNC(unsigned long e);
+ int ERR_GET_REASON(unsigned long e);
+=head1 DESCRIPTION
+The error code returned by ERR_get_error() consists of a library
+number, function code and reason code. ERR_GET_LIB(), ERR_GET_FUNC()
+and ERR_GET_REASON() can be used to extract these.
+The library number and function code describe where the error
+occurred, the reason code is the information about what went wrong.
+Each sub-library of OpenSSL has a unique library number; function and
+reason codes are unique within each sub-library.  Note that different
+libraries may use the same value to signal different functions and
+reasons.
+B<ERR_R_...> reason codes such as B<ERR_R_MALLOC_FAILURE> are globally
+unique. However, when checking for sub-library specific reason codes,
+be sure to also compare the library number.
+ERR_GET_LIB(), ERR_GET_FUNC() and ERR_GET_REASON() are macros.
+=head1 RETURN VALUES
+The library number, function code and reason code respectively.
+=head1 SEE ALSO
+L<err(3)|err(3)>, L<ERR_get_error(3)|ERR_get_error(3)>
+=head1 HISTORY
+ERR_GET_LIB(), ERR_GET_FUNC() and ERR_GET_REASON() are available in
+all versions of SSLeay and OpenSSL.
+=cut
diff --git a/src/lib/libcrypto/doc/ERR_clear_error.pod b/src/lib/libcrypto/doc/ERR_clear_error.pod
new file mode 100644
index 0000000000..566e1f4e31
--- /dev/null
+++ b/src/lib/libcrypto/doc/ERR_clear_error.pod
@@ -0,0 +1,29 @@
+=pod
+=head1 NAME
+ERR_clear_error - clear the error queue
+=head1 SYNOPSIS
+ #include <openssl/err.h>
+ void ERR_clear_error(void);
+=head1 DESCRIPTION
+ERR_clear_error() empties the current thread's error queue.
+=head1 RETURN VALUES
+ERR_clear_error() has no return value.
+=head1 SEE ALSO
+L<err(3)|err(3)>, L<ERR_get_error(3)|ERR_get_error(3)>
+=head1 HISTORY
+ERR_clear_error() is available in all versions of SSLeay and OpenSSL.
+=cut
diff --git a/src/lib/libcrypto/doc/ERR_error_string.pod b/src/lib/libcrypto/doc/ERR_error_string.pod
new file mode 100644
index 0000000000..cdfa7fe1fe
--- /dev/null
+++ b/src/lib/libcrypto/doc/ERR_error_string.pod
@@ -0,0 +1,73 @@
+=pod
+=head1 NAME
+ERR_error_string, ERR_error_string_n, ERR_lib_error_string,
+ERR_func_error_string, ERR_reason_error_string - obtain human-readable
+error message
+=head1 SYNOPSIS
+ #include <openssl/err.h>
+ char *ERR_error_string(unsigned long e, char *buf);
+ void ERR_error_string_n(unsigned long e, char *buf, size_t len);
+ const char *ERR_lib_error_string(unsigned long e);
+ const char *ERR_func_error_string(unsigned long e);
+ const char *ERR_reason_error_string(unsigned long e);
+=head1 DESCRIPTION
+ERR_error_string() generates a human-readable string representing the
+error code I<e>, and places it at I<buf>. I<buf> must be at least 120
+bytes long. If I<buf> is B<NULL>, the error string is placed in a
+static buffer.
+ERR_error_string_n() is a variant of ERR_error_string() that writes
+at most I<len> characters (including the terminating 0)
+and truncates the string if necessary.
+For ERR_error_string_n(), I<buf> may not be B<NULL>.
+The string will have the following format:
+ error:[error code]:[library name]:[function name]:[reason string]
+I<error code> is an 8 digit hexadecimal number, I<library name>,
+I<function name> and I<reason string> are ASCII text.
+ERR_lib_error_string(), ERR_func_error_string() and
+ERR_reason_error_string() return the library name, function
+name and reason string respectively.
+The OpenSSL error strings should be loaded by calling
+L<ERR_load_crypto_strings(3)|ERR_load_crypto_strings(3)> or, for SSL
+applications, L<SSL_load_error_strings(3)|SSL_load_error_strings(3)>
+first.
+If there is no text string registered for the given error code,
+the error string will contain the numeric code.
+L<ERR_print_errors(3)|ERR_print_errors(3)> can be used to print
+all error codes currently in the queue.
+=head1 RETURN VALUES
+ERR_error_string() returns a pointer to a static buffer containing the
+string if I<buf> B<== NULL>, I<buf> otherwise.
+ERR_lib_error_string(), ERR_func_error_string() and
+ERR_reason_error_string() return the strings, and B<NULL> if
+none is registered for the error code.
+=head1 SEE ALSO
+L<err(3)|err(3)>, L<ERR_get_error(3)|ERR_get_error(3)>,
+L<ERR_load_crypto_strings(3)|ERR_load_crypto_strings(3)>,
+L<SSL_load_error_strings(3)|SSL_load_error_strings(3)>
+L<ERR_print_errors(3)|ERR_print_errors(3)>
+=head1 HISTORY
+ERR_error_string() is available in all versions of SSLeay and OpenSSL.
+ERR_error_string_n() was added in OpenSSL 0.9.6.
+=cut
diff --git a/src/lib/libcrypto/doc/ERR_get_error.pod b/src/lib/libcrypto/doc/ERR_get_error.pod
new file mode 100644
index 0000000000..34443045fc
--- /dev/null
+++ b/src/lib/libcrypto/doc/ERR_get_error.pod
@@ -0,0 +1,76 @@
+=pod
+=head1 NAME
+ERR_get_error, ERR_peek_error, ERR_peek_last_error,
+ERR_get_error_line, ERR_peek_error_line, ERR_peek_last_error_line,
+ERR_get_error_line_data, ERR_peek_error_line_data,
+ERR_peek_last_error_line_data - obtain error code and data
+=head1 SYNOPSIS
+ #include <openssl/err.h>
+ unsigned long ERR_get_error(void);
+ unsigned long ERR_peek_error(void);
+ unsigned long ERR_peek_last_error(void);
+ unsigned long ERR_get_error_line(const char **file, int *line);
+ unsigned long ERR_peek_error_line(const char **file, int *line);
+ unsigned long ERR_peek_last_error_line(const char **file, int *line);
+ unsigned long ERR_get_error_line_data(const char **file, int *line,
+         const char **data, int *flags);
+ unsigned long ERR_peek_error_line_data(const char **file, int *line,
+         const char **data, int *flags);
+ unsigned long ERR_peek_last_error_line_data(const char **file, int *line,
+         const char **data, int *flags);
+=head1 DESCRIPTION
+ERR_get_error() returns the earliest error code from the thread's error
+queue and removes the entry. This function can be called repeatedly
+until there are no more error codes to return.
+ERR_peek_error() returns the earliest error code from the thread's
+error queue without modifying it.
+ERR_peek_last_error() returns the latest error code from the thread's
+error queue without modifying it.
+See L<ERR_GET_LIB(3)|ERR_GET_LIB(3)> for obtaining information about
+location and reason of the error, and
+L<ERR_error_string(3)|ERR_error_string(3)> for human-readable error
+messages.
+ERR_get_error_line(), ERR_peek_error_line() and
+ERR_peek_last_error_line() are the same as the above, but they
+additionally store the file name and line number where
+the error occurred in *B<file> and *B<line>, unless these are B<NULL>.
+ERR_get_error_line_data(), ERR_peek_error_line_data() and
+ERR_get_last_error_line_data() store additional data and flags
+associated with the error code in *B<data>
+and *B<flags>, unless these are B<NULL>. *B<data> contains a string
+if *B<flags>&B<ERR_TXT_STRING>. If it has been allocated by OPENSSL_malloc(),
+*B<flags>&B<ERR_TXT_MALLOCED> is true.
+=head1 RETURN VALUES
+The error code, or 0 if there is no error in the queue.
+=head1 SEE ALSO
+L<err(3)|err(3)>, L<ERR_error_string(3)|ERR_error_string(3)>,
+L<ERR_GET_LIB(3)|ERR_GET_LIB(3)>
+=head1 HISTORY
+ERR_get_error(), ERR_peek_error(), ERR_get_error_line() and
+ERR_peek_error_line() are available in all versions of SSLeay and
+OpenSSL. ERR_get_error_line_data() and ERR_peek_error_line_data()
+were added in SSLeay 0.9.0.
+ERR_peek_last_error(), ERR_peek_last_error_line() and
+ERR_peek_last_error_line_data() were added in OpenSSL 0.9.7.
+=cut
diff --git a/src/lib/libcrypto/doc/ERR_load_crypto_strings.pod b/src/lib/libcrypto/doc/ERR_load_crypto_strings.pod
new file mode 100644
index 0000000000..9bdec75a46
--- /dev/null
+++ b/src/lib/libcrypto/doc/ERR_load_crypto_strings.pod
@@ -0,0 +1,46 @@
+=pod
+=head1 NAME
+ERR_load_crypto_strings, SSL_load_error_strings, ERR_free_strings -
+load and free error strings
+=head1 SYNOPSIS
+ #include <openssl/err.h>
+ void ERR_load_crypto_strings(void);
+ void ERR_free_strings(void);
+ #include <openssl/ssl.h>
+ void SSL_load_error_strings(void);
+=head1 DESCRIPTION
+ERR_load_crypto_strings() registers the error strings for all
+B<libcrypto> functions. SSL_load_error_strings() does the same,
+but also registers the B<libssl> error strings.
+One of these functions should be called before generating
+textual error messages. However, this is not required when memory
+usage is an issue.
+ERR_free_strings() frees all previously loaded error strings.
+=head1 RETURN VALUES
+ERR_load_crypto_strings(), SSL_load_error_strings() and
+ERR_free_strings() return no values.
+=head1 SEE ALSO
+L<err(3)|err(3)>, L<ERR_error_string(3)|ERR_error_string(3)>
+=head1 HISTORY
+ERR_load_error_strings(), SSL_load_error_strings() and
+ERR_free_strings() are available in all versions of SSLeay and
+OpenSSL.
+=cut
diff --git a/src/lib/libcrypto/doc/ERR_load_strings.pod b/src/lib/libcrypto/doc/ERR_load_strings.pod
new file mode 100644
index 0000000000..5acdd0edbc
--- /dev/null
+++ b/src/lib/libcrypto/doc/ERR_load_strings.pod
@@ -0,0 +1,54 @@
+=pod
+=head1 NAME
+ERR_load_strings, ERR_PACK, ERR_get_next_error_library - load
+arbitrary error strings
+=head1 SYNOPSIS
+ #include <openssl/err.h>
+ void ERR_load_strings(int lib, ERR_STRING_DATA str[]);
+ int ERR_get_next_error_library(void);
+ unsigned long ERR_PACK(int lib, int func, int reason);
+=head1 DESCRIPTION
+ERR_load_strings() registers error strings for library number B<lib>.
+B<str> is an array of error string data:
+ typedef struct ERR_string_data_st
+ {
+        unsigned long error;
+        char *string;
+ } ERR_STRING_DATA;
+The error code is generated from the library number and a function and
+reason code: B<error> = ERR_PACK(B<lib>, B<func>, B<reason>).
+ERR_PACK() is a macro.
+The last entry in the array is {0,0}.
+ERR_get_next_error_library() can be used to assign library numbers
+to user libraries at runtime.
+=head1 RETURN VALUE
+ERR_load_strings() returns no value. ERR_PACK() return the error code.
+ERR_get_next_error_library() returns a new library number.
+=head1 SEE ALSO
+L<err(3)|err(3)>, L<ERR_load_strings(3)|ERR_load_strings(3)>
+=head1 HISTORY
+ERR_load_error_strings() and ERR_PACK() are available in all versions
+of SSLeay and OpenSSL. ERR_get_next_error_library() was added in
+SSLeay 0.9.0.
+=cut
diff --git a/src/lib/libcrypto/doc/ERR_print_errors.pod b/src/lib/libcrypto/doc/ERR_print_errors.pod
new file mode 100644
index 0000000000..b100a5fa2b
--- /dev/null
+++ b/src/lib/libcrypto/doc/ERR_print_errors.pod
@@ -0,0 +1,51 @@
+=pod
+=head1 NAME
+ERR_print_errors, ERR_print_errors_fp - print error messages
+=head1 SYNOPSIS
+ #include <openssl/err.h>
+ void ERR_print_errors(BIO *bp);
+ void ERR_print_errors_fp(FILE *fp);
+=head1 DESCRIPTION
+ERR_print_errors() is a convenience function that prints the error
+strings for all errors that OpenSSL has recorded to B<bp>, thus
+emptying the error queue.
+ERR_print_errors_fp() is the same, except that the output goes to a
+B<FILE>.
+The error strings will have the following format:
+ [pid]:error:[error code]:[library name]:[function name]:[reason string]:[file name]:[line]:[optional text message]
+I<error code> is an 8 digit hexadecimal number. I<library name>,
+I<function name> and I<reason string> are ASCII text, as is I<optional
+text message> if one was set for the respective error code.
+If there is no text string registered for the given error code,
+the error string will contain the numeric code.
+=head1 RETURN VALUES
+ERR_print_errors() and ERR_print_errors_fp() return no values.
+=head1 SEE ALSO
+L<err(3)|err(3)>, L<ERR_error_string(3)|ERR_error_string(3)>,
+L<ERR_get_error(3)|ERR_get_error(3)>,
+L<ERR_load_crypto_strings(3)|ERR_load_crypto_strings(3)>,
+L<SSL_load_error_strings(3)|SSL_load_error_strings(3)>
+=head1 HISTORY
+ERR_print_errors() and ERR_print_errors_fp()
+are available in all versions of SSLeay and OpenSSL.
+=cut
diff --git a/src/lib/libcrypto/doc/ERR_put_error.pod b/src/lib/libcrypto/doc/ERR_put_error.pod
new file mode 100644
index 0000000000..acd241fbe4
--- /dev/null
+++ b/src/lib/libcrypto/doc/ERR_put_error.pod
@@ -0,0 +1,44 @@
+=pod
+=head1 NAME
+ERR_put_error, ERR_add_error_data - record an error
+=head1 SYNOPSIS
+ #include <openssl/err.h>
+ void ERR_put_error(int lib, int func, int reason, const char *file,
+         int line);
+ void ERR_add_error_data(int num, ...);
+=head1 DESCRIPTION
+ERR_put_error() adds an error code to the thread's error queue. It
+signals that the error of reason code B<reason> occurred in function
+B<func> of library B<lib>, in line number B<line> of B<file>.
+This function is usually called by a macro.
+ERR_add_error_data() associates the concatenation of its B<num> string
+arguments with the error code added last.
+L<ERR_load_strings(3)|ERR_load_strings(3)> can be used to register
+error strings so that the application can a generate human-readable
+error messages for the error code.
+=head1 RETURN VALUES
+ERR_put_error() and ERR_add_error_data() return
+no values.
+=head1 SEE ALSO
+L<err(3)|err(3)>, L<ERR_load_strings(3)|ERR_load_strings(3)>
+=head1 HISTORY
+ERR_put_error() is available in all versions of SSLeay and OpenSSL.
+ERR_add_error_data() was added in SSLeay 0.9.0.
+=cut
diff --git a/src/lib/libcrypto/doc/ERR_remove_state.pod b/src/lib/libcrypto/doc/ERR_remove_state.pod
new file mode 100644
index 0000000000..72925fb9f4
--- /dev/null
+++ b/src/lib/libcrypto/doc/ERR_remove_state.pod
@@ -0,0 +1,34 @@
+=pod
+=head1 NAME
+ERR_remove_state - free a thread's error queue
+=head1 SYNOPSIS
+ #include <openssl/err.h>
+ void ERR_remove_state(unsigned long pid);
+=head1 DESCRIPTION
+ERR_remove_state() frees the error queue associated with thread B<pid>.
+If B<pid> == 0, the current thread will have its error queue removed.
+Since error queue data structures are allocated automatically for new
+threads, they must be freed when threads are terminated in order to
+avoid memory leaks.
+=head1 RETURN VALUE
+ERR_remove_state() returns no value.
+=head1 SEE ALSO
+L<err(3)|err(3)>
+=head1 HISTORY
+ERR_remove_state() is available in all versions of SSLeay and OpenSSL.
+=cut
diff --git a/src/lib/libcrypto/doc/ERR_set_mark.pod b/src/lib/libcrypto/doc/ERR_set_mark.pod
new file mode 100644
index 0000000000..d3ca4f2e77
--- /dev/null
+++ b/src/lib/libcrypto/doc/ERR_set_mark.pod
@@ -0,0 +1,38 @@
+=pod
+=head1 NAME
+ERR_set_mark, ERR_pop_to_mark - set marks and pop errors until mark
+=head1 SYNOPSIS
+ #include <openssl/err.h>
+ int ERR_set_mark(void);
+ int ERR_pop_to_mark(void);
+=head1 DESCRIPTION
+ERR_set_mark() sets a mark on the current topmost error record if there
+is one.
+ERR_pop_to_mark() will pop the top of the error stack until a mark is found.
+The mark is then removed.  If there is no mark, the whole stack is removed.
+=head1 RETURN VALUES
+ERR_set_mark() returns 0 if the error stack is empty, otherwise 1.
+ERR_pop_to_mark() returns 0 if there was no mark in the error stack, which
+implies that the stack became empty, otherwise 1.
+=head1 SEE ALSO
+L<err(3)|err(3)>
+=head1 HISTORY
+ERR_set_mark() and ERR_pop_to_mark() were added in OpenSSL 0.9.8.
+=cut
diff --git a/src/lib/libcrypto/doc/EVP_BytesToKey.pod b/src/lib/libcrypto/doc/EVP_BytesToKey.pod
new file mode 100644
index 0000000000..d375c46e03
--- /dev/null
+++ b/src/lib/libcrypto/doc/EVP_BytesToKey.pod
@@ -0,0 +1,67 @@
+=pod
+=head1 NAME
+EVP_BytesToKey - password based encryption routine
+=head1 SYNOPSIS
+ #include <openssl/evp.h>
+ int EVP_BytesToKey(const EVP_CIPHER *type,const EVP_MD *md,
+                       const unsigned char *salt,
+                       const unsigned char *data, int datal, int count,
+                       unsigned char *key,unsigned char *iv);
+=head1 DESCRIPTION
+EVP_BytesToKey() derives a key and IV from various parameters. B<type> is
+the cipher to derive the key and IV for. B<md> is the message digest to use.
+The B<salt> paramter is used as a salt in the derivation: it should point to
+an 8 byte buffer or NULL if no salt is used. B<data> is a buffer containing
+B<datal> bytes which is used to derive the keying data. B<count> is the
+iteration count to use. The derived key and IV will be written to B<key>
+and B<iv> respectively.
+=head1 NOTES
+A typical application of this function is to derive keying material for an
+encryption algorithm from a password in the B<data> parameter.
+Increasing the B<count> parameter slows down the algorithm which makes it
+harder for an attacker to peform a brute force attack using a large number
+of candidate passwords.
+If the total key and IV length is less than the digest length and
+B<MD5> is used then the derivation algorithm is compatible with PKCS#5 v1.5
+otherwise a non standard extension is used to derive the extra data.
+Newer applications should use more standard algorithms such as PKCS#5
+v2.0 for key derivation.
+=head1 KEY DERIVATION ALGORITHM
+The key and IV is derived by concatenating D_1, D_2, etc until
+enough data is available for the key and IV. D_i is defined as:
+        D_i = HASH^count(D_(i-1) || data || salt)
+where || denotes concatentaion, D_0 is empty, HASH is the digest
+algorithm in use, HASH^1(data) is simply HASH(data), HASH^2(data)
+is HASH(HASH(data)) and so on.
+The initial bytes are used for the key and the subsequent bytes for
+the IV.
+=head1 RETURN VALUES
+EVP_BytesToKey() returns the size of the derived key in bytes.
+=head1 SEE ALSO
+L<evp(3)|evp(3)>, L<rand(3)|rand(3)>,
+L<EVP_EncryptInit(3)|EVP_EncryptInit(3)>
+=head1 HISTORY
+=cut
diff --git a/src/lib/libcrypto/doc/EVP_DigestInit.pod b/src/lib/libcrypto/doc/EVP_DigestInit.pod
new file mode 100644
index 0000000000..37a751b1c5
--- /dev/null
+++ b/src/lib/libcrypto/doc/EVP_DigestInit.pod
@@ -0,0 +1,259 @@
+=pod
+=head1 NAME
+EVP_MD_CTX_init, EVP_MD_CTX_create, EVP_DigestInit_ex, EVP_DigestUpdate,
+EVP_DigestFinal_ex, EVP_MD_CTX_cleanup, EVP_MD_CTX_destroy, EVP_MAX_MD_SIZE,
+EVP_MD_CTX_copy_ex, EVP_MD_CTX_copy, EVP_MD_type, EVP_MD_pkey_type, EVP_MD_size,
+EVP_MD_block_size, EVP_MD_CTX_md, EVP_MD_CTX_size, EVP_MD_CTX_block_size, EVP_MD_CTX_type,
+EVP_md_null, EVP_md2, EVP_md5, EVP_sha, EVP_sha1, EVP_dss, EVP_dss1, EVP_mdc2,
+EVP_ripemd160, EVP_get_digestbyname, EVP_get_digestbynid, EVP_get_digestbyobj -
+EVP digest routines
+=head1 SYNOPSIS
+ #include <openssl/evp.h>
+ void EVP_MD_CTX_init(EVP_MD_CTX *ctx);
+ EVP_MD_CTX *EVP_MD_CTX_create(void);
+ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl);
+ int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *d, size_t cnt);
+ int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md,
+        unsigned int *s);
+ int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx);
+ void EVP_MD_CTX_destroy(EVP_MD_CTX *ctx);
+ int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out,const EVP_MD_CTX *in);  
+ int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type);
+ int EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md,
+        unsigned int *s);
+ int EVP_MD_CTX_copy(EVP_MD_CTX *out,EVP_MD_CTX *in);  
+ #define EVP_MAX_MD_SIZE (16+20) /* The SSLv3 md5+sha1 type */
+ #define EVP_MD_type(e)                 ((e)->type)
+ #define EVP_MD_pkey_type(e)            ((e)->pkey_type)
+ #define EVP_MD_size(e)                 ((e)->md_size)
+ #define EVP_MD_block_size(e)           ((e)->block_size)
+ #define EVP_MD_CTX_md(e)               (e)->digest)
+ #define EVP_MD_CTX_size(e)             EVP_MD_size((e)->digest)
+ #define EVP_MD_CTX_block_size(e)       EVP_MD_block_size((e)->digest)
+ #define EVP_MD_CTX_type(e)             EVP_MD_type((e)->digest)
+ const EVP_MD *EVP_md_null(void);
+ const EVP_MD *EVP_md2(void);
+ const EVP_MD *EVP_md5(void);
+ const EVP_MD *EVP_sha(void);
+ const EVP_MD *EVP_sha1(void);
+ const EVP_MD *EVP_dss(void);
+ const EVP_MD *EVP_dss1(void);
+ const EVP_MD *EVP_mdc2(void);
+ const EVP_MD *EVP_ripemd160(void);
+ const EVP_MD *EVP_get_digestbyname(const char *name);
+ #define EVP_get_digestbynid(a) EVP_get_digestbyname(OBJ_nid2sn(a))
+ #define EVP_get_digestbyobj(a) EVP_get_digestbynid(OBJ_obj2nid(a))
+=head1 DESCRIPTION
+The EVP digest routines are a high level interface to message digests.
+EVP_MD_CTX_init() initializes digest context B<ctx>.
+EVP_MD_CTX_create() allocates, initializes and returns a digest context.
+EVP_DigestInit_ex() sets up digest context B<ctx> to use a digest
+B<type> from ENGINE B<impl>. B<ctx> must be initialized before calling this
+function. B<type> will typically be supplied by a functionsuch as EVP_sha1().
+If B<impl> is NULL then the default implementation of digest B<type> is used.
+EVP_DigestUpdate() hashes B<cnt> bytes of data at B<d> into the
+digest context B<ctx>. This function can be called several times on the
+same B<ctx> to hash additional data.
+EVP_DigestFinal_ex() retrieves the digest value from B<ctx> and places
+it in B<md>. If the B<s> parameter is not NULL then the number of
+bytes of data written (i.e. the length of the digest) will be written
+to the integer at B<s>, at most B<EVP_MAX_MD_SIZE> bytes will be written.
+After calling EVP_DigestFinal_ex() no additional calls to EVP_DigestUpdate()
+can be made, but EVP_DigestInit_ex() can be called to initialize a new
+digest operation.
+EVP_MD_CTX_cleanup() cleans up digest context B<ctx>, it should be called
+after a digest context is no longer needed.
+EVP_MD_CTX_destroy() cleans up digest context B<ctx> and frees up the
+space allocated to it, it should be called only on a context created
+using EVP_MD_CTX_create().
+EVP_MD_CTX_copy_ex() can be used to copy the message digest state from
+B<in> to B<out>. This is useful if large amounts of data are to be
+hashed which only differ in the last few bytes. B<out> must be initialized
+before calling this function.
+EVP_DigestInit() behaves in the same way as EVP_DigestInit_ex() except
+the passed context B<ctx> does not have to be initialized, and it always
+uses the default digest implementation.
+EVP_DigestFinal() is similar to EVP_DigestFinal_ex() except the digest
+context B<ctx> is automatically cleaned up.
+EVP_MD_CTX_copy() is similar to EVP_MD_CTX_copy_ex() except the destination
+B<out> does not have to be initialized.
+EVP_MD_size() and EVP_MD_CTX_size() return the size of the message digest
+when passed an B<EVP_MD> or an B<EVP_MD_CTX> structure, i.e. the size of the
+hash.
+EVP_MD_block_size() and EVP_MD_CTX_block_size() return the block size of the
+message digest when passed an B<EVP_MD> or an B<EVP_MD_CTX> structure.
+EVP_MD_type() and EVP_MD_CTX_type() return the NID of the OBJECT IDENTIFIER
+representing the given message digest when passed an B<EVP_MD> structure.
+For example EVP_MD_type(EVP_sha1()) returns B<NID_sha1>. This function is
+normally used when setting ASN1 OIDs.
+EVP_MD_CTX_md() returns the B<EVP_MD> structure corresponding to the passed
+B<EVP_MD_CTX>.
+EVP_MD_pkey_type() returns the NID of the public key signing algorithm associated
+with this digest. For example EVP_sha1() is associated with RSA so this will
+return B<NID_sha1WithRSAEncryption>. This "link" between digests and signature
+algorithms may not be retained in future versions of OpenSSL.
+EVP_md2(), EVP_md5(), EVP_sha(), EVP_sha1(), EVP_mdc2() and EVP_ripemd160()
+return B<EVP_MD> structures for the MD2, MD5, SHA, SHA1, MDC2 and RIPEMD160 digest
+algorithms respectively. The associated signature algorithm is RSA in each case.
+EVP_dss() and EVP_dss1() return B<EVP_MD> structures for SHA and SHA1 digest
+algorithms but using DSS (DSA) for the signature algorithm. Note: there is 
+no need to use these pseudo-digests in OpenSSL 1.0.0 and later, they are
+however retained for compatibility.
+EVP_md_null() is a "null" message digest that does nothing: i.e. the hash it
+returns is of zero length.
+EVP_get_digestbyname(), EVP_get_digestbynid() and EVP_get_digestbyobj()
+return an B<EVP_MD> structure when passed a digest name, a digest NID or
+an ASN1_OBJECT structure respectively. The digest table must be initialized
+using, for example, OpenSSL_add_all_digests() for these functions to work.
+=head1 RETURN VALUES
+EVP_DigestInit_ex(), EVP_DigestUpdate() and EVP_DigestFinal_ex() return 1 for
+success and 0 for failure.
+EVP_MD_CTX_copy_ex() returns 1 if successful or 0 for failure.
+EVP_MD_type(), EVP_MD_pkey_type() and EVP_MD_type() return the NID of the
+corresponding OBJECT IDENTIFIER or NID_undef if none exists.
+EVP_MD_size(), EVP_MD_block_size(), EVP_MD_CTX_size(e), EVP_MD_size(),
+EVP_MD_CTX_block_size() and EVP_MD_block_size() return the digest or block
+size in bytes.
+EVP_md_null(), EVP_md2(), EVP_md5(), EVP_sha(), EVP_sha1(), EVP_dss(),
+EVP_dss1(), EVP_mdc2() and EVP_ripemd160() return pointers to the
+corresponding EVP_MD structures.
+EVP_get_digestbyname(), EVP_get_digestbynid() and EVP_get_digestbyobj()
+return either an B<EVP_MD> structure or NULL if an error occurs.
+=head1 NOTES
+The B<EVP> interface to message digests should almost always be used in
+preference to the low level interfaces. This is because the code then becomes
+transparent to the digest used and much more flexible.
+SHA1 is the digest of choice for new applications. The other digest algorithms
+are still in common use.
+For most applications the B<impl> parameter to EVP_DigestInit_ex() will be
+set to NULL to use the default digest implementation.
+The functions EVP_DigestInit(), EVP_DigestFinal() and EVP_MD_CTX_copy() are 
+obsolete but are retained to maintain compatibility with existing code. New
+applications should use EVP_DigestInit_ex(), EVP_DigestFinal_ex() and 
+EVP_MD_CTX_copy_ex() because they can efficiently reuse a digest context
+instead of initializing and cleaning it up on each call and allow non default
+implementations of digests to be specified.
+In OpenSSL 0.9.7 and later if digest contexts are not cleaned up after use
+memory leaks will occur. 
+=head1 EXAMPLE
+This example digests the data "Test Message\n" and "Hello World\n", using the
+digest name passed on the command line.
+ #include <stdio.h>
+ #include <openssl/evp.h>
+ main(int argc, char *argv[])
+ {
+ EVP_MD_CTX mdctx;
+ const EVP_MD *md;
+ char mess1[] = "Test Message\n";
+ char mess2[] = "Hello World\n";
+ unsigned char md_value[EVP_MAX_MD_SIZE];
+ int md_len, i;
+ OpenSSL_add_all_digests();
+ if(!argv[1]) {
+        printf("Usage: mdtest digestname\n");
+        exit(1);
+ }
+ md = EVP_get_digestbyname(argv[1]);
+ if(!md) {
+        printf("Unknown message digest %s\n", argv[1]);
+        exit(1);
+ }
+ EVP_MD_CTX_init(&mdctx);
+ EVP_DigestInit_ex(&mdctx, md, NULL);
+ EVP_DigestUpdate(&mdctx, mess1, strlen(mess1));
+ EVP_DigestUpdate(&mdctx, mess2, strlen(mess2));
+ EVP_DigestFinal_ex(&mdctx, md_value, &md_len);
+ EVP_MD_CTX_cleanup(&mdctx);
+ printf("Digest is: ");
+ for(i = 0; i < md_len; i++) printf("%02x", md_value[i]);
+ printf("\n");
+ }
+=head1 SEE ALSO
+L<evp(3)|evp(3)>, L<HMAC(3)|HMAC(3)>, L<MD2(3)|MD2(3)>,
+L<MD5(3)|MD5(3)>, L<MDC2(3)|MDC2(3)>, L<RIPEMD160(3)|RIPEMD160(3)>,
+L<SHA1(3)|SHA1(3)>
+=head1 HISTORY
+EVP_DigestInit(), EVP_DigestUpdate() and EVP_DigestFinal() are
+available in all versions of SSLeay and OpenSSL.
+EVP_MD_CTX_init(), EVP_MD_CTX_create(), EVP_MD_CTX_copy_ex(),
+EVP_MD_CTX_cleanup(), EVP_MD_CTX_destroy(), EVP_DigestInit_ex()
+and EVP_DigestFinal_ex() were added in OpenSSL 0.9.7.
+EVP_md_null(), EVP_md2(), EVP_md5(), EVP_sha(), EVP_sha1(),
+EVP_dss(), EVP_dss1(), EVP_mdc2() and EVP_ripemd160() were
+changed to return truely const EVP_MD * in OpenSSL 0.9.7.
+The link between digests and signing algorithms was fixed in OpenSSL 1.0 and
+later, so now EVP_sha1() can be used with RSA and DSA, there is no need to
+use EVP_dss1() any more.
+OpenSSL 1.0 and later does not include the MD2 digest algorithm in the
+default configuration due to its security weaknesses.
+=cut
diff --git a/src/lib/libcrypto/doc/EVP_DigestSignInit.pod b/src/lib/libcrypto/doc/EVP_DigestSignInit.pod
new file mode 100644
index 0000000000..37d960e3b2
--- /dev/null
+++ b/src/lib/libcrypto/doc/EVP_DigestSignInit.pod
@@ -0,0 +1,87 @@
+=pod
+=head1 NAME
+EVP_DigestSignInit, EVP_DigestSignUpdate, EVP_DigestSignFinal - EVP signing functions
+=head1 SYNOPSIS
+ #include <openssl/evp.h>
+ int EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
+                        const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey);
+ int EVP_DigestSignUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt);
+ int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sig, size_t *siglen);
+=head1 DESCRIPTION
+The EVP signature routines are a high level interface to digital signatures.
+EVP_DigestSignInit() sets up signing context B<ctx> to use digest B<type> from
+ENGINE B<impl> and private key B<pkey>. B<ctx> must be initialized with
+EVP_MD_CTX_init() before calling this function. If B<pctx> is not NULL the
+EVP_PKEY_CTX of the signing operation will be written to B<*pctx>: this can
+be used to set alternative signing options.
+EVP_DigestSignUpdate() hashes B<cnt> bytes of data at B<d> into the
+signature context B<ctx>. This function can be called several times on the
+same B<ctx> to include additional data. This function is currently implemented
+usig a macro.
+EVP_DigestSignFinal() signs the data in B<ctx> places the signature in B<sig>.
+If B<sig> is B<NULL> then the maximum size of the output buffer is written to
+the B<siglen> parameter. If B<sig> is not B<NULL> then before the call the
+B<siglen> parameter should contain the length of the B<sig> buffer, if the
+call is successful the signature is written to B<sig> and the amount of data
+written to B<siglen>.
+=head1 RETURN VALUES
+EVP_DigestSignInit() EVP_DigestSignUpdate() and EVP_DigestSignaFinal() return
+1 for success and 0 or a negative value for failure. In particular a return
+value of -2 indicates the operation is not supported by the public key
+algorithm.
+The error codes can be obtained from L<ERR_get_error(3)|ERR_get_error(3)>.
+=head1 NOTES
+The B<EVP> interface to digital signatures should almost always be used in
+preference to the low level interfaces. This is because the code then becomes
+transparent to the algorithm used and much more flexible.
+In previous versions of OpenSSL there was a link between message digest types
+and public key algorithms. This meant that "clone" digests such as EVP_dss1()
+needed to be used to sign using SHA1 and DSA. This is no longer necessary and
+the use of clone digest is now discouraged.
+For some key types and parameters the random number generator must be seeded
+or the operation will fail. 
+The call to EVP_DigestSignFinal() internally finalizes a copy of the digest
+context. This means that calls to EVP_DigestSignUpdate() and
+EVP_DigestSignFinal() can be called later to digest and sign additional data.
+Since only a copy of the digest context is ever finalized the context must
+be cleaned up after use by calling EVP_MD_CTX_cleanup() or a memory leak
+will occur.
+The use of EVP_PKEY_size() with these functions is discouraged because some
+signature operations may have a signature length which depends on the
+parameters set. As a result EVP_PKEY_size() would have to return a value
+which indicates the maximum possible signature for any set of parameters.
+=head1 SEE ALSO
+L<EVP_DigestVerifyInit(3)|EVP_DigestVerifyInit(3)>,
+L<EVP_DigestInit(3)|EVP_DigestInit(3)>, L<err(3)|err(3)>,
+L<evp(3)|evp(3)>, L<hmac(3)|hmac(3)>, L<md2(3)|md2(3)>,
+L<md5(3)|md5(3)>, L<mdc2(3)|mdc2(3)>, L<ripemd(3)|ripemd(3)>,
+L<sha(3)|sha(3)>, L<dgst(1)|dgst(1)>
+=head1 HISTORY
+EVP_DigestSignInit(), EVP_DigestSignUpdate() and EVP_DigestSignFinal() 
+were first added to OpenSSL 1.0.0.
+=cut
diff --git a/src/lib/libcrypto/doc/EVP_DigestVerifyInit.pod b/src/lib/libcrypto/doc/EVP_DigestVerifyInit.pod
new file mode 100644
index 0000000000..f224488978
--- /dev/null
+++ b/src/lib/libcrypto/doc/EVP_DigestVerifyInit.pod
@@ -0,0 +1,82 @@
+=pod
+=head1 NAME
+EVP_DigestVerifyInit, EVP_DigestVerifyUpdate, EVP_DigestVerifyFinal - EVP signature verification functions
+=head1 SYNOPSIS
+ #include <openssl/evp.h>
+ int EVP_DigestVerifyInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
+                        const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey);
+ int EVP_DigestVerifyUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt);
+ int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, unsigned char *sig, size_t siglen);
+=head1 DESCRIPTION
+The EVP signature routines are a high level interface to digital signatures.
+EVP_DigestVerifyInit() sets up verification context B<ctx> to use digest
+B<type> from ENGINE B<impl> and public key B<pkey>. B<ctx> must be initialized
+with EVP_MD_CTX_init() before calling this function. If B<pctx> is not NULL the
+EVP_PKEY_CTX of the verification operation will be written to B<*pctx>: this
+can be used to set alternative verification options.
+EVP_DigestVerifyUpdate() hashes B<cnt> bytes of data at B<d> into the
+verification context B<ctx>. This function can be called several times on the
+same B<ctx> to include additional data. This function is currently implemented
+using a macro.
+EVP_DigestVerifyFinal() verifies the data in B<ctx> against the signature in
+B<sig> of length B<siglen>.
+=head1 RETURN VALUES
+EVP_DigestVerifyInit() and EVP_DigestVerifyUpdate() return 1 for success and 0
+or a negative value for failure. In particular a return value of -2 indicates
+the operation is not supported by the public key algorithm.
+Unlike other functions the return value 0 from EVP_DigestVerifyFinal() only
+indicates that the signature did not not verify successfully (that is tbs did
+not match the original data or the signature was of invalid form) it is not an
+indication of a more serious error.
+The error codes can be obtained from L<ERR_get_error(3)|ERR_get_error(3)>.
+=head1 NOTES
+The B<EVP> interface to digital signatures should almost always be used in
+preference to the low level interfaces. This is because the code then becomes
+transparent to the algorithm used and much more flexible.
+In previous versions of OpenSSL there was a link between message digest types
+and public key algorithms. This meant that "clone" digests such as EVP_dss1()
+needed to be used to sign using SHA1 and DSA. This is no longer necessary and
+the use of clone digest is now discouraged.
+For some key types and parameters the random number generator must be seeded
+or the operation will fail. 
+The call to EVP_DigestVerifyFinal() internally finalizes a copy of the digest
+context. This means that calls to EVP_VerifyUpdate() and EVP_VerifyFinal() can
+be called later to digest and verify additional data.
+Since only a copy of the digest context is ever finalized the context must
+be cleaned up after use by calling EVP_MD_CTX_cleanup() or a memory leak
+will occur.
+=head1 SEE ALSO
+L<EVP_DigestSignInit(3)|EVP_DigestSignInit(3)>,
+L<EVP_DigestInit(3)|EVP_DigestInit(3)>, L<err(3)|err(3)>,
+L<evp(3)|evp(3)>, L<hmac(3)|hmac(3)>, L<md2(3)|md2(3)>,
+L<md5(3)|md5(3)>, L<mdc2(3)|mdc2(3)>, L<ripemd(3)|ripemd(3)>,
+L<sha(3)|sha(3)>, L<dgst(1)|dgst(1)>
+=head1 HISTORY
+EVP_DigestVerifyInit(), EVP_DigestVerifyUpdate() and EVP_DigestVerifyFinal() 
+were first added to OpenSSL 1.0.0.
+=cut
diff --git a/src/lib/libcrypto/doc/EVP_EncryptInit.pod b/src/lib/libcrypto/doc/EVP_EncryptInit.pod
new file mode 100644
index 0000000000..8271d3dfc4
--- /dev/null
+++ b/src/lib/libcrypto/doc/EVP_EncryptInit.pod
@@ -0,0 +1,511 @@
+=pod
+=head1 NAME
+EVP_CIPHER_CTX_init, EVP_EncryptInit_ex, EVP_EncryptUpdate,
+EVP_EncryptFinal_ex, EVP_DecryptInit_ex, EVP_DecryptUpdate,
+EVP_DecryptFinal_ex, EVP_CipherInit_ex, EVP_CipherUpdate,
+EVP_CipherFinal_ex, EVP_CIPHER_CTX_set_key_length,
+EVP_CIPHER_CTX_ctrl, EVP_CIPHER_CTX_cleanup, EVP_EncryptInit,
+EVP_EncryptFinal, EVP_DecryptInit, EVP_DecryptFinal,
+EVP_CipherInit, EVP_CipherFinal, EVP_get_cipherbyname,
+EVP_get_cipherbynid, EVP_get_cipherbyobj, EVP_CIPHER_nid,
+EVP_CIPHER_block_size, EVP_CIPHER_key_length, EVP_CIPHER_iv_length,
+EVP_CIPHER_flags, EVP_CIPHER_mode, EVP_CIPHER_type, EVP_CIPHER_CTX_cipher,
+EVP_CIPHER_CTX_nid, EVP_CIPHER_CTX_block_size, EVP_CIPHER_CTX_key_length,
+EVP_CIPHER_CTX_iv_length, EVP_CIPHER_CTX_get_app_data,
+EVP_CIPHER_CTX_set_app_data, EVP_CIPHER_CTX_type, EVP_CIPHER_CTX_flags,
+EVP_CIPHER_CTX_mode, EVP_CIPHER_param_to_asn1, EVP_CIPHER_asn1_to_param,
+EVP_CIPHER_CTX_set_padding - EVP cipher routines
+=head1 SYNOPSIS
+ #include <openssl/evp.h>
+ void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *a);
+ int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
+         ENGINE *impl, unsigned char *key, unsigned char *iv);
+ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
+         int *outl, unsigned char *in, int inl);
+ int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out,
+         int *outl);
+ int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
+         ENGINE *impl, unsigned char *key, unsigned char *iv);
+ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
+         int *outl, unsigned char *in, int inl);
+ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm,
+         int *outl);
+ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
+         ENGINE *impl, unsigned char *key, unsigned char *iv, int enc);
+ int EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
+         int *outl, unsigned char *in, int inl);
+ int EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm,
+         int *outl);
+ int EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
+         unsigned char *key, unsigned char *iv);
+ int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out,
+         int *outl);
+ int EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
+         unsigned char *key, unsigned char *iv);
+ int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm,
+         int *outl);
+ int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
+         unsigned char *key, unsigned char *iv, int enc);
+ int EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm,
+         int *outl);
+ int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *x, int padding);
+ int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *x, int keylen);
+ int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr);
+ int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *a);
+ const EVP_CIPHER *EVP_get_cipherbyname(const char *name);
+ #define EVP_get_cipherbynid(a) EVP_get_cipherbyname(OBJ_nid2sn(a))
+ #define EVP_get_cipherbyobj(a) EVP_get_cipherbynid(OBJ_obj2nid(a))
+ #define EVP_CIPHER_nid(e)              ((e)->nid)
+ #define EVP_CIPHER_block_size(e)       ((e)->block_size)
+ #define EVP_CIPHER_key_length(e)       ((e)->key_len)
+ #define EVP_CIPHER_iv_length(e)                ((e)->iv_len)
+ #define EVP_CIPHER_flags(e)            ((e)->flags)
+ #define EVP_CIPHER_mode(e)             ((e)->flags) & EVP_CIPH_MODE)
+ int EVP_CIPHER_type(const EVP_CIPHER *ctx);
+ #define EVP_CIPHER_CTX_cipher(e)       ((e)->cipher)
+ #define EVP_CIPHER_CTX_nid(e)          ((e)->cipher->nid)
+ #define EVP_CIPHER_CTX_block_size(e)   ((e)->cipher->block_size)
+ #define EVP_CIPHER_CTX_key_length(e)   ((e)->key_len)
+ #define EVP_CIPHER_CTX_iv_length(e)    ((e)->cipher->iv_len)
+ #define EVP_CIPHER_CTX_get_app_data(e) ((e)->app_data)
+ #define EVP_CIPHER_CTX_set_app_data(e,d) ((e)->app_data=(char *)(d))
+ #define EVP_CIPHER_CTX_type(c)         EVP_CIPHER_type(EVP_CIPHER_CTX_cipher(c))
+ #define EVP_CIPHER_CTX_flags(e)                ((e)->cipher->flags)
+ #define EVP_CIPHER_CTX_mode(e)         ((e)->cipher->flags & EVP_CIPH_MODE)
+ int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type);
+ int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type);
+=head1 DESCRIPTION
+The EVP cipher routines are a high level interface to certain
+symmetric ciphers.
+EVP_CIPHER_CTX_init() initializes cipher contex B<ctx>.
+EVP_EncryptInit_ex() sets up cipher context B<ctx> for encryption
+with cipher B<type> from ENGINE B<impl>. B<ctx> must be initialized
+before calling this function. B<type> is normally supplied
+by a function such as EVP_des_cbc(). If B<impl> is NULL then the
+default implementation is used. B<key> is the symmetric key to use
+and B<iv> is the IV to use (if necessary), the actual number of bytes
+used for the key and IV depends on the cipher. It is possible to set
+all parameters to NULL except B<type> in an initial call and supply
+the remaining parameters in subsequent calls, all of which have B<type>
+set to NULL. This is done when the default cipher parameters are not
+appropriate.
+EVP_EncryptUpdate() encrypts B<inl> bytes from the buffer B<in> and
+writes the encrypted version to B<out>. This function can be called
+multiple times to encrypt successive blocks of data. The amount
+of data written depends on the block alignment of the encrypted data:
+as a result the amount of data written may be anything from zero bytes
+to (inl + cipher_block_size - 1) so B<outl> should contain sufficient
+room. The actual number of bytes written is placed in B<outl>.
+If padding is enabled (the default) then EVP_EncryptFinal_ex() encrypts
+the "final" data, that is any data that remains in a partial block.
+It uses L<standard block padding|/NOTES> (aka PKCS padding). The encrypted
+final data is written to B<out> which should have sufficient space for
+one cipher block. The number of bytes written is placed in B<outl>. After
+this function is called the encryption operation is finished and no further
+calls to EVP_EncryptUpdate() should be made.
+If padding is disabled then EVP_EncryptFinal_ex() will not encrypt any more
+data and it will return an error if any data remains in a partial block:
+that is if the total data length is not a multiple of the block size. 
+EVP_DecryptInit_ex(), EVP_DecryptUpdate() and EVP_DecryptFinal_ex() are the
+corresponding decryption operations. EVP_DecryptFinal() will return an
+error code if padding is enabled and the final block is not correctly
+formatted. The parameters and restrictions are identical to the encryption
+operations except that if padding is enabled the decrypted data buffer B<out>
+passed to EVP_DecryptUpdate() should have sufficient room for
+(B<inl> + cipher_block_size) bytes unless the cipher block size is 1 in
+which case B<inl> bytes is sufficient.
+EVP_CipherInit_ex(), EVP_CipherUpdate() and EVP_CipherFinal_ex() are
+functions that can be used for decryption or encryption. The operation
+performed depends on the value of the B<enc> parameter. It should be set
+to 1 for encryption, 0 for decryption and -1 to leave the value unchanged
+(the actual value of 'enc' being supplied in a previous call).
+EVP_CIPHER_CTX_cleanup() clears all information from a cipher context
+and free up any allocated memory associate with it. It should be called
+after all operations using a cipher are complete so sensitive information
+does not remain in memory.
+EVP_EncryptInit(), EVP_DecryptInit() and EVP_CipherInit() behave in a
+similar way to EVP_EncryptInit_ex(), EVP_DecryptInit_ex and
+EVP_CipherInit_ex() except the B<ctx> paramter does not need to be
+initialized and they always use the default cipher implementation.
+EVP_EncryptFinal(), EVP_DecryptFinal() and EVP_CipherFinal() behave in a
+similar way to EVP_EncryptFinal_ex(), EVP_DecryptFinal_ex() and
+EVP_CipherFinal_ex() except B<ctx> is automatically cleaned up 
+after the call.
+EVP_get_cipherbyname(), EVP_get_cipherbynid() and EVP_get_cipherbyobj()
+return an EVP_CIPHER structure when passed a cipher name, a NID or an
+ASN1_OBJECT structure.
+EVP_CIPHER_nid() and EVP_CIPHER_CTX_nid() return the NID of a cipher when
+passed an B<EVP_CIPHER> or B<EVP_CIPHER_CTX> structure.  The actual NID
+value is an internal value which may not have a corresponding OBJECT
+IDENTIFIER.
+EVP_CIPHER_CTX_set_padding() enables or disables padding. By default
+encryption operations are padded using standard block padding and the
+padding is checked and removed when decrypting. If the B<pad> parameter
+is zero then no padding is performed, the total amount of data encrypted
+or decrypted must then be a multiple of the block size or an error will
+occur.
+EVP_CIPHER_key_length() and EVP_CIPHER_CTX_key_length() return the key
+length of a cipher when passed an B<EVP_CIPHER> or B<EVP_CIPHER_CTX>
+structure. The constant B<EVP_MAX_KEY_LENGTH> is the maximum key length
+for all ciphers. Note: although EVP_CIPHER_key_length() is fixed for a
+given cipher, the value of EVP_CIPHER_CTX_key_length() may be different
+for variable key length ciphers.
+EVP_CIPHER_CTX_set_key_length() sets the key length of the cipher ctx.
+If the cipher is a fixed length cipher then attempting to set the key
+length to any value other than the fixed value is an error.
+EVP_CIPHER_iv_length() and EVP_CIPHER_CTX_iv_length() return the IV
+length of a cipher when passed an B<EVP_CIPHER> or B<EVP_CIPHER_CTX>.
+It will return zero if the cipher does not use an IV.  The constant
+B<EVP_MAX_IV_LENGTH> is the maximum IV length for all ciphers.
+EVP_CIPHER_block_size() and EVP_CIPHER_CTX_block_size() return the block
+size of a cipher when passed an B<EVP_CIPHER> or B<EVP_CIPHER_CTX>
+structure. The constant B<EVP_MAX_IV_LENGTH> is also the maximum block
+length for all ciphers.
+EVP_CIPHER_type() and EVP_CIPHER_CTX_type() return the type of the passed
+cipher or context. This "type" is the actual NID of the cipher OBJECT
+IDENTIFIER as such it ignores the cipher parameters and 40 bit RC2 and
+128 bit RC2 have the same NID. If the cipher does not have an object
+identifier or does not have ASN1 support this function will return
+B<NID_undef>.
+EVP_CIPHER_CTX_cipher() returns the B<EVP_CIPHER> structure when passed
+an B<EVP_CIPHER_CTX> structure.
+EVP_CIPHER_mode() and EVP_CIPHER_CTX_mode() return the block cipher mode:
+EVP_CIPH_ECB_MODE, EVP_CIPH_CBC_MODE, EVP_CIPH_CFB_MODE or
+EVP_CIPH_OFB_MODE. If the cipher is a stream cipher then
+EVP_CIPH_STREAM_CIPHER is returned.
+EVP_CIPHER_param_to_asn1() sets the AlgorithmIdentifier "parameter" based
+on the passed cipher. This will typically include any parameters and an
+IV. The cipher IV (if any) must be set when this call is made. This call
+should be made before the cipher is actually "used" (before any
+EVP_EncryptUpdate(), EVP_DecryptUpdate() calls for example). This function
+may fail if the cipher does not have any ASN1 support.
+EVP_CIPHER_asn1_to_param() sets the cipher parameters based on an ASN1
+AlgorithmIdentifier "parameter". The precise effect depends on the cipher
+In the case of RC2, for example, it will set the IV and effective key length.
+This function should be called after the base cipher type is set but before
+the key is set. For example EVP_CipherInit() will be called with the IV and
+key set to NULL, EVP_CIPHER_asn1_to_param() will be called and finally
+EVP_CipherInit() again with all parameters except the key set to NULL. It is
+possible for this function to fail if the cipher does not have any ASN1 support
+or the parameters cannot be set (for example the RC2 effective key length
+is not supported.
+EVP_CIPHER_CTX_ctrl() allows various cipher specific parameters to be determined
+and set. Currently only the RC2 effective key length and the number of rounds of
+RC5 can be set.
+=head1 RETURN VALUES
+EVP_EncryptInit_ex(), EVP_EncryptUpdate() and EVP_EncryptFinal_ex()
+return 1 for success and 0 for failure.
+EVP_DecryptInit_ex() and EVP_DecryptUpdate() return 1 for success and 0 for failure.
+EVP_DecryptFinal_ex() returns 0 if the decrypt failed or 1 for success.
+EVP_CipherInit_ex() and EVP_CipherUpdate() return 1 for success and 0 for failure.
+EVP_CipherFinal_ex() returns 0 for a decryption failure or 1 for success.
+EVP_CIPHER_CTX_cleanup() returns 1 for success and 0 for failure.
+EVP_get_cipherbyname(), EVP_get_cipherbynid() and EVP_get_cipherbyobj()
+return an B<EVP_CIPHER> structure or NULL on error.
+EVP_CIPHER_nid() and EVP_CIPHER_CTX_nid() return a NID.
+EVP_CIPHER_block_size() and EVP_CIPHER_CTX_block_size() return the block
+size.
+EVP_CIPHER_key_length() and EVP_CIPHER_CTX_key_length() return the key
+length.
+EVP_CIPHER_CTX_set_padding() always returns 1.
+EVP_CIPHER_iv_length() and EVP_CIPHER_CTX_iv_length() return the IV
+length or zero if the cipher does not use an IV.
+EVP_CIPHER_type() and EVP_CIPHER_CTX_type() return the NID of the cipher's
+OBJECT IDENTIFIER or NID_undef if it has no defined OBJECT IDENTIFIER.
+EVP_CIPHER_CTX_cipher() returns an B<EVP_CIPHER> structure.
+EVP_CIPHER_param_to_asn1() and EVP_CIPHER_asn1_to_param() return 1 for 
+success or zero for failure.
+=head1 CIPHER LISTING
+All algorithms have a fixed key length unless otherwise stated.
+=over 4
+=item EVP_enc_null()
+Null cipher: does nothing.
+=item EVP_des_cbc(void), EVP_des_ecb(void), EVP_des_cfb(void), EVP_des_ofb(void)
+DES in CBC, ECB, CFB and OFB modes respectively. 
+=item EVP_des_ede_cbc(void), EVP_des_ede(), EVP_des_ede_ofb(void),  EVP_des_ede_cfb(void)
+Two key triple DES in CBC, ECB, CFB and OFB modes respectively.
+=item EVP_des_ede3_cbc(void), EVP_des_ede3(), EVP_des_ede3_ofb(void),  EVP_des_ede3_cfb(void)
+Three key triple DES in CBC, ECB, CFB and OFB modes respectively.
+=item EVP_desx_cbc(void)
+DESX algorithm in CBC mode.
+=item EVP_rc4(void)
+RC4 stream cipher. This is a variable key length cipher with default key length 128 bits.
+=item EVP_rc4_40(void)
+RC4 stream cipher with 40 bit key length. This is obsolete and new code should use EVP_rc4()
+and the EVP_CIPHER_CTX_set_key_length() function.
+=item EVP_idea_cbc() EVP_idea_ecb(void), EVP_idea_cfb(void), EVP_idea_ofb(void), EVP_idea_cbc(void)
+IDEA encryption algorithm in CBC, ECB, CFB and OFB modes respectively.
+=item EVP_rc2_cbc(void), EVP_rc2_ecb(void), EVP_rc2_cfb(void), EVP_rc2_ofb(void)
+RC2 encryption algorithm in CBC, ECB, CFB and OFB modes respectively. This is a variable key
+length cipher with an additional parameter called "effective key bits" or "effective key length".
+By default both are set to 128 bits.
+=item EVP_rc2_40_cbc(void), EVP_rc2_64_cbc(void)
+RC2 algorithm in CBC mode with a default key length and effective key length of 40 and 64 bits.
+These are obsolete and new code should use EVP_rc2_cbc(), EVP_CIPHER_CTX_set_key_length() and
+EVP_CIPHER_CTX_ctrl() to set the key length and effective key length.
+=item EVP_bf_cbc(void), EVP_bf_ecb(void), EVP_bf_cfb(void), EVP_bf_ofb(void);
+Blowfish encryption algorithm in CBC, ECB, CFB and OFB modes respectively. This is a variable key
+length cipher.
+=item EVP_cast5_cbc(void), EVP_cast5_ecb(void), EVP_cast5_cfb(void), EVP_cast5_ofb(void)
+CAST encryption algorithm in CBC, ECB, CFB and OFB modes respectively. This is a variable key
+length cipher.
+=item EVP_rc5_32_12_16_cbc(void), EVP_rc5_32_12_16_ecb(void), EVP_rc5_32_12_16_cfb(void), EVP_rc5_32_12_16_ofb(void)
+RC5 encryption algorithm in CBC, ECB, CFB and OFB modes respectively. This is a variable key length
+cipher with an additional "number of rounds" parameter. By default the key length is set to 128
+bits and 12 rounds.
+=back
+=head1 NOTES
+Where possible the B<EVP> interface to symmetric ciphers should be used in
+preference to the low level interfaces. This is because the code then becomes
+transparent to the cipher used and much more flexible.
+PKCS padding works by adding B<n> padding bytes of value B<n> to make the total 
+length of the encrypted data a multiple of the block size. Padding is always
+added so if the data is already a multiple of the block size B<n> will equal
+the block size. For example if the block size is 8 and 11 bytes are to be
+encrypted then 5 padding bytes of value 5 will be added.
+When decrypting the final block is checked to see if it has the correct form.
+Although the decryption operation can produce an error if padding is enabled,
+it is not a strong test that the input data or key is correct. A random block
+has better than 1 in 256 chance of being of the correct format and problems with
+the input data earlier on will not produce a final decrypt error.
+If padding is disabled then the decryption operation will always succeed if
+the total amount of data decrypted is a multiple of the block size.
+The functions EVP_EncryptInit(), EVP_EncryptFinal(), EVP_DecryptInit(),
+EVP_CipherInit() and EVP_CipherFinal() are obsolete but are retained for
+compatibility with existing code. New code should use EVP_EncryptInit_ex(),
+EVP_EncryptFinal_ex(), EVP_DecryptInit_ex(), EVP_DecryptFinal_ex(),
+EVP_CipherInit_ex() and EVP_CipherFinal_ex() because they can reuse an
+existing context without allocating and freeing it up on each call.
+=head1 BUGS
+For RC5 the number of rounds can currently only be set to 8, 12 or 16. This is
+a limitation of the current RC5 code rather than the EVP interface.
+EVP_MAX_KEY_LENGTH and EVP_MAX_IV_LENGTH only refer to the internal ciphers with
+default key lengths. If custom ciphers exceed these values the results are
+unpredictable. This is because it has become standard practice to define a 
+generic key as a fixed unsigned char array containing EVP_MAX_KEY_LENGTH bytes.
+The ASN1 code is incomplete (and sometimes inaccurate) it has only been tested
+for certain common S/MIME ciphers (RC2, DES, triple DES) in CBC mode.
+=head1 EXAMPLES
+Get the number of rounds used in RC5:
+ int nrounds;
+ EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GET_RC5_ROUNDS, 0, &nrounds);
+Get the RC2 effective key length:
+ int key_bits;
+ EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GET_RC2_KEY_BITS, 0, &key_bits);
+Set the number of rounds used in RC5:
+ int nrounds;
+ EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_SET_RC5_ROUNDS, nrounds, NULL);
+Set the effective key length used in RC2:
+ int key_bits;
+ EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_SET_RC2_KEY_BITS, key_bits, NULL);
+Encrypt a string using blowfish:
+ int do_crypt(char *outfile)
+        {
+        unsigned char outbuf[1024];
+        int outlen, tmplen;
+        /* Bogus key and IV: we'd normally set these from
+         * another source.
+         */
+        unsigned char key[] = {0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15};
+        unsigned char iv[] = {1,2,3,4,5,6,7,8};
+        char intext[] = "Some Crypto Text";
+        EVP_CIPHER_CTX ctx;
+        FILE *out;
+        EVP_CIPHER_CTX_init(&ctx);
+        EVP_EncryptInit_ex(&ctx, EVP_bf_cbc(), NULL, key, iv);
+        if(!EVP_EncryptUpdate(&ctx, outbuf, &outlen, intext, strlen(intext)))
+                {
+                /* Error */
+                return 0;
+                }
+        /* Buffer passed to EVP_EncryptFinal() must be after data just
+         * encrypted to avoid overwriting it.
+         */
+        if(!EVP_EncryptFinal_ex(&ctx, outbuf + outlen, &tmplen))
+                {
+                /* Error */
+                return 0;
+                }
+        outlen += tmplen;
+        EVP_CIPHER_CTX_cleanup(&ctx);
+        /* Need binary mode for fopen because encrypted data is
+         * binary data. Also cannot use strlen() on it because
+         * it wont be null terminated and may contain embedded
+         * nulls.
+         */
+        out = fopen(outfile, "wb");
+        fwrite(outbuf, 1, outlen, out);
+        fclose(out);
+        return 1;
+        }
+The ciphertext from the above example can be decrypted using the B<openssl>
+utility with the command line:
+ 
+ S<openssl bf -in cipher.bin -K 000102030405060708090A0B0C0D0E0F -iv 0102030405060708 -d>
+General encryption, decryption function example using FILE I/O and RC2 with an
+80 bit key:
+ int do_crypt(FILE *in, FILE *out, int do_encrypt)
+        {
+        /* Allow enough space in output buffer for additional block */
+        inbuf[1024], outbuf[1024 + EVP_MAX_BLOCK_LENGTH];
+        int inlen, outlen;
+        /* Bogus key and IV: we'd normally set these from
+         * another source.
+         */
+        unsigned char key[] = "0123456789";
+        unsigned char iv[] = "12345678";
+        /* Don't set key or IV because we will modify the parameters */
+        EVP_CIPHER_CTX_init(&ctx);
+        EVP_CipherInit_ex(&ctx, EVP_rc2(), NULL, NULL, NULL, do_encrypt);
+        EVP_CIPHER_CTX_set_key_length(&ctx, 10);
+        /* We finished modifying parameters so now we can set key and IV */
+        EVP_CipherInit_ex(&ctx, NULL, NULL, key, iv, do_encrypt);
+        for(;;) 
+                {
+                inlen = fread(inbuf, 1, 1024, in);
+                if(inlen <= 0) break;
+                if(!EVP_CipherUpdate(&ctx, outbuf, &outlen, inbuf, inlen))
+                        {
+                        /* Error */
+                        EVP_CIPHER_CTX_cleanup(&ctx);
+                        return 0;
+                        }
+                fwrite(outbuf, 1, outlen, out);
+                }
+        if(!EVP_CipherFinal_ex(&ctx, outbuf, &outlen))
+                {
+                /* Error */
+                EVP_CIPHER_CTX_cleanup(&ctx);
+                return 0;
+                }
+        fwrite(outbuf, 1, outlen, out);
+        EVP_CIPHER_CTX_cleanup(&ctx);
+        return 1;
+        }
+=head1 SEE ALSO
+L<evp(3)|evp(3)>
+=head1 HISTORY
+EVP_CIPHER_CTX_init(), EVP_EncryptInit_ex(), EVP_EncryptFinal_ex(),
+EVP_DecryptInit_ex(), EVP_DecryptFinal_ex(), EVP_CipherInit_ex(),
+EVP_CipherFinal_ex() and EVP_CIPHER_CTX_set_padding() appeared in
+OpenSSL 0.9.7.
+=cut
diff --git a/src/lib/libcrypto/doc/EVP_OpenInit.pod b/src/lib/libcrypto/doc/EVP_OpenInit.pod
new file mode 100644
index 0000000000..2e710da945
--- /dev/null
+++ b/src/lib/libcrypto/doc/EVP_OpenInit.pod
@@ -0,0 +1,63 @@
+=pod
+=head1 NAME
+EVP_OpenInit, EVP_OpenUpdate, EVP_OpenFinal - EVP envelope decryption
+=head1 SYNOPSIS
+ #include <openssl/evp.h>
+ int EVP_OpenInit(EVP_CIPHER_CTX *ctx,EVP_CIPHER *type,unsigned char *ek,
+                int ekl,unsigned char *iv,EVP_PKEY *priv);
+ int EVP_OpenUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
+         int *outl, unsigned char *in, int inl);
+ int EVP_OpenFinal(EVP_CIPHER_CTX *ctx, unsigned char *out,
+         int *outl);
+=head1 DESCRIPTION
+The EVP envelope routines are a high level interface to envelope
+decryption. They decrypt a public key encrypted symmetric key and
+then decrypt data using it.
+EVP_OpenInit() initializes a cipher context B<ctx> for decryption
+with cipher B<type>. It decrypts the encrypted symmetric key of length
+B<ekl> bytes passed in the B<ek> parameter using the private key B<priv>.
+The IV is supplied in the B<iv> parameter.
+EVP_OpenUpdate() and EVP_OpenFinal() have exactly the same properties
+as the EVP_DecryptUpdate() and EVP_DecryptFinal() routines, as 
+documented on the L<EVP_EncryptInit(3)|EVP_EncryptInit(3)> manual
+page.
+=head1 NOTES
+It is possible to call EVP_OpenInit() twice in the same way as
+EVP_DecryptInit(). The first call should have B<priv> set to NULL
+and (after setting any cipher parameters) it should be called again
+with B<type> set to NULL.
+If the cipher passed in the B<type> parameter is a variable length
+cipher then the key length will be set to the value of the recovered
+key length. If the cipher is a fixed length cipher then the recovered
+key length must match the fixed cipher length.
+=head1 RETURN VALUES
+EVP_OpenInit() returns 0 on error or a non zero integer (actually the
+recovered secret key size) if successful.
+EVP_OpenUpdate() returns 1 for success or 0 for failure.
+EVP_OpenFinal() returns 0 if the decrypt failed or 1 for success.
+=head1 SEE ALSO
+L<evp(3)|evp(3)>, L<rand(3)|rand(3)>,
+L<EVP_EncryptInit(3)|EVP_EncryptInit(3)>,
+L<EVP_SealInit(3)|EVP_SealInit(3)>
+=head1 HISTORY
+=cut
diff --git a/src/lib/libcrypto/doc/EVP_PKEY_CTX_ctrl.pod b/src/lib/libcrypto/doc/EVP_PKEY_CTX_ctrl.pod
new file mode 100644
index 0000000000..f2f455990f
--- /dev/null
+++ b/src/lib/libcrypto/doc/EVP_PKEY_CTX_ctrl.pod
@@ -0,0 +1,128 @@
+=pod
+=head1 NAME
+EVP_PKEY_ctrl, EVP_PKEY_ctrl_str - algorithm specific control operations
+=head1 SYNOPSIS
+ #include <openssl/evp.h>
+ int EVP_PKEY_CTX_ctrl(EVP_PKEY_CTX *ctx, int keytype, int optype,
+                                int cmd, int p1, void *p2);
+ int EVP_PKEY_CTX_ctrl_str(EVP_PKEY_CTX *ctx, const char *type,
+                                                const char *value);
+ int EVP_PKEY_get_default_digest_nid(EVP_PKEY *pkey, int *pnid);
+ #include <openssl/rsa.h>
+ int EVP_PKEY_CTX_set_signature_md(EVP_PKEY_CTX *ctx, const EVP_MD *md);
+ int EVP_PKEY_CTX_set_rsa_padding(EVP_PKEY_CTX *ctx, int pad);
+ int EVP_PKEY_CTX_set_rsa_pss_saltlen(EVP_PKEY_CTX *ctx, int len);
+ int EVP_PKEY_CTX_set_rsa_rsa_keygen_bits(EVP_PKEY_CTX *ctx, int mbits);
+ int EVP_PKEY_CTX_set_rsa_keygen_pubexp(EVP_PKEY_CTX *ctx, BIGNUM *pubexp);
+ #include <openssl/dsa.h>
+ int EVP_PKEY_CTX_set_dsa_paramgen_bits(EVP_PKEY_CTX *ctx, int nbits);
+ #include <openssl/dh.h>
+ int EVP_PKEY_CTX_set_dh_paramgen_prime_len(EVP_PKEY_CTX *ctx, int len);
+ int EVP_PKEY_CTX_set_dh_paramgen_generator(EVP_PKEY_CTX *ctx, int gen);
+ #include <openssl/ec.h>
+ int EVP_PKEY_CTX_set_ec_paramgen_curve_nid(EVP_PKEY_CTX *ctx, int nid);
+=head1 DESCRIPTION
+The function EVP_PKEY_CTX_ctrl() sends a control operation to the context
+B<ctx>. The key type used must match B<keytype> if it is not -1. The parameter
+B<optype> is a mask indicating which operations the control can be applied to.
+The control command is indicated in B<cmd> and any additional arguments in
+B<p1> and B<p2>.
+Applications will not normally call EVP_PKEY_CTX_ctrl() directly but will
+instead call one of the algorithm specific macros below.
+The function EVP_PKEY_ctrl_str() allows an application to send an algorithm
+specific control operation to a context B<ctx> in string form. This is
+intended to be used for options specified on the command line or in text
+files. The commands supported are documented in the openssl utility
+command line pages for the option B<-pkeyopt> which is supported by the
+B<pkeyutl>, B<genpkey> and B<req> commands.
+All the remaining "functions" are implemented as macros.
+The EVP_PKEY_CTX_set_signature_md() macro sets the message digest type used
+in a signature. It can be used with any public key algorithm supporting
+signature operations.
+The macro EVP_PKEY_CTX_set_rsa_padding() sets the RSA padding mode for B<ctx>.
+The B<pad> parameter can take the value RSA_PKCS1_PADDING for PKCS#1 padding,
+RSA_SSLV23_PADDING for SSLv23 padding, RSA_NO_PADDING for no padding,
+RSA_PKCS1_OAEP_PADDING for OAEP padding (encrypt and decrypt only),
+RSA_X931_PADDING for X9.31 padding (signature operations only) and 
+RSA_PKCS1_PSS_PADDING (sign and verify only).
+Two RSA padding modes behave differently if EVP_PKEY_CTX_set_signature_md()
+is used. If this macro is called for PKCS#1 padding the plaintext buffer is
+an actual digest value and is encapsulated in a DigestInfo structure according
+to PKCS#1 when signing and this structure is expected (and stripped off) when
+verifying. If this control is not used with RSA and PKCS#1 padding then the
+supplied data is used directly and not encapsulated. In the case of X9.31
+padding for RSA the algorithm identifier byte is added or checked and removed
+if this control is called. If it is not called then the first byte of the plaintext buffer is expected to be the algorithm identifier byte.
+The EVP_PKEY_CTX_set_rsa_pss_saltlen() macro sets the RSA PSS salt length to
+B<len> as its name implies it is only supported for PSS padding.  Two special
+values are supported: -1 sets the salt length to the digest length. When
+signing -2 sets the salt length to the maximum permissible value. When
+verifying -2 causes the salt length to be automatically determined based on the
+B<PSS> block structure. If this macro is not called a salt length value of -2
+is used by default.
+The EVP_PKEY_CTX_set_rsa_rsa_keygen_bits() macro sets the RSA key length for
+RSA key genration to B<bits>. If not specified 1024 bits is used.
+The EVP_PKEY_CTX_set_rsa_keygen_pubexp() macro sets the public exponent value
+for RSA key generation to B<pubexp> currently it should be an odd integer. The
+B<pubexp> pointer is used internally by this function so it should not be 
+modified or free after the call. If this macro is not called then 65537 is used.
+The macro EVP_PKEY_CTX_set_dsa_paramgen_bits() sets the number of bits used
+for DSA parameter generation to B<bits>. If not specified 1024 is used.
+The macro EVP_PKEY_CTX_set_dh_paramgen_prime_len() sets the length of the DH
+prime parameter B<p> for DH parameter generation. If this macro is not called
+then 1024 is used.
+The EVP_PKEY_CTX_set_dh_paramgen_generator() macro sets DH generator to B<gen>
+for DH parameter generation. If not specified 2 is used.
+The EVP_PKEY_CTX_set_ec_paramgen_curve_nid() sets the EC curve for EC parameter
+generation to B<nid>. For EC parameter generation this macro must be called
+or an error occurs because there is no default curve.
+=head1 RETURN VALUES
+EVP_PKEY_CTX_ctrl() and its macros return a positive value for success and 0
+or a negative value for failure. In particular a return value of -2
+indicates the operation is not supported by the public key algorithm.
+=head1 SEE ALSO
+L<EVP_PKEY_CTX_new(3)|EVP_PKEY_CTX_new(3)>,
+L<EVP_PKEY_encrypt(3)|EVP_PKEY_encrypt(3)>,
+L<EVP_PKEY_decrypt(3)|EVP_PKEY_decrypt(3)>,
+L<EVP_PKEY_sign(3)|EVP_PKEY_sign(3)>,
+L<EVP_PKEY_verify(3)|EVP_PKEY_verify(3)>,
+L<EVP_PKEY_verifyrecover(3)|EVP_PKEY_verifyrecover(3)>,
+L<EVP_PKEY_derive(3)|EVP_PKEY_derive(3)> 
+L<EVP_PKEY_keygen(3)|EVP_PKEY_keygen(3)> 
+=head1 HISTORY
+These functions were first added to OpenSSL 1.0.0.
+=cut
diff --git a/src/lib/libcrypto/doc/EVP_PKEY_CTX_new.pod b/src/lib/libcrypto/doc/EVP_PKEY_CTX_new.pod
new file mode 100644
index 0000000000..a9af867580
--- /dev/null
+++ b/src/lib/libcrypto/doc/EVP_PKEY_CTX_new.pod
@@ -0,0 +1,52 @@
+=pod
+=head1 NAME
+EVP_PKEY_CTX_new, EVP_PKEY_CTX_new_id, EVP_PKEY_CTX_dup, EVP_PKEY_CTX_free - public key algorithm context functions.
+=head1 SYNOPSIS
+ #include <openssl/evp.h>
+ EVP_PKEY_CTX *EVP_PKEY_CTX_new(EVP_PKEY *pkey, ENGINE *e);
+ EVP_PKEY_CTX *EVP_PKEY_CTX_new_id(int id, ENGINE *e);
+ EVP_PKEY_CTX *EVP_PKEY_CTX_dup(EVP_PKEY_CTX *ctx);
+ void EVP_PKEY_CTX_free(EVP_PKEY_CTX *ctx);
+=head1 DESCRIPTION
+The EVP_PKEY_CTX_new() function allocates public key algorithm context using
+the algorithm specified in B<pkey> and ENGINE B<e>.
+The EVP_PKEY_CTX_new_id() function allocates public key algorithm context
+using the algorithm specified by B<id> and ENGINE B<e>. It is normally used
+when no B<EVP_PKEY> structure is associated with the operations, for example
+during parameter generation of key genration for some algorithms.
+EVP_PKEY_CTX_dup() duplicates the context B<ctx>.
+EVP_PKEY_CTX_free() frees up the context B<ctx>.
+=head1 NOTES
+The B<EVP_PKEY_CTX> structure is an opaque public key algorithm context used
+by the OpenSSL high level public key API. Contexts B<MUST NOT> be shared between
+threads: that is it is not permissible to use the same context simultaneously
+in two threads.
+=head1 RETURN VALUES
+EVP_PKEY_CTX_new(), EVP_PKEY_CTX_new_id(), EVP_PKEY_CTX_dup() returns either
+the newly allocated B<EVP_PKEY_CTX> structure of B<NULL> if an error occurred.
+EVP_PKEY_CTX_free() does not return a value.
+=head1 SEE ALSO
+L<EVP_PKEY_new(3)|EVP_PKEY_new(3)>
+=head1 HISTORY
+These functions were first added to OpenSSL 1.0.0.
+=cut
diff --git a/src/lib/libcrypto/doc/EVP_PKEY_cmp.pod b/src/lib/libcrypto/doc/EVP_PKEY_cmp.pod
new file mode 100644
index 0000000000..4f8185e36c
--- /dev/null
+++ b/src/lib/libcrypto/doc/EVP_PKEY_cmp.pod
@@ -0,0 +1,61 @@
+=pod
+=head1 NAME
+EVP_PKEY_copy_parameters, EVP_PKEY_missing_parameters, EVP_PKEY_cmp_parameters, EVP_PKEY_cmp - public key parameter and comparison functions
+=head1 SYNOPSIS
+ #include <openssl/evp.h>
+ int EVP_PKEY_missing_parameters(const EVP_PKEY *pkey);
+ int EVP_PKEY_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from);
+ int EVP_PKEY_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b);
+ int EVP_PKEY_cmp(const EVP_PKEY *a, const EVP_PKEY *b);
+=head1 DESCRIPTION
+The function EVP_PKEY_missing_parameters() returns 1 if the public key
+parameters of B<pkey> are missing and 0 if they are present or the algorithm
+doesn't use parameters.
+The function EVP_PKEY_copy_parameters() copies the parameters from key
+B<from> to key B<to>.
+The funcion EVP_PKEY_cmp_parameters() compares the parameters of keys
+B<a> and B<b>.
+The funcion EVP_PKEY_cmp() compares the public key components and paramters
+(if present) of keys B<a> and B<b>.
+=head1 NOTES
+The main purpose of the functions EVP_PKEY_missing_parameters() and
+EVP_PKEY_copy_parameters() is to handle public keys in certificates where the
+parameters are sometimes omitted from a public key if they are inherited from
+the CA that signed it.
+Since OpenSSL private keys contain public key components too the function
+EVP_PKEY_cmp() can also be used to determine if a private key matches
+a public key.
+=head1 RETURN VALUES
+The function EVP_PKEY_missing_parameters() returns 1 if the public key
+parameters of B<pkey> are missing and 0 if they are present or the algorithm
+doesn't use parameters.
+These functions EVP_PKEY_copy_parameters() returns 1 for success and 0 for
+failure.
+The function EVP_PKEY_cmp_parameters() and EVP_PKEY_cmp() return 1 if the
+keys match, 0 if they don't match, -1 if the key types are different and
+-2 if the operation is not supported.
+=head1 SEE ALSO
+L<EVP_PKEY_CTX_new(3)|EVP_PKEY_CTX_new(3)>,
+L<EVP_PKEY_keygen(3)|EVP_PKEY_keygen(3)> 
+=cut
diff --git a/src/lib/libcrypto/doc/EVP_PKEY_decrypt.pod b/src/lib/libcrypto/doc/EVP_PKEY_decrypt.pod
new file mode 100644
index 0000000000..42b2a8c44e
--- /dev/null
+++ b/src/lib/libcrypto/doc/EVP_PKEY_decrypt.pod
@@ -0,0 +1,93 @@
+=pod
+=head1 NAME
+EVP_PKEY_decrypt_init, EVP_PKEY_decrypt - decrypt using a public key algorithm
+=head1 SYNOPSIS
+ #include <openssl/evp.h>
+ int EVP_PKEY_decrypt_init(EVP_PKEY_CTX *ctx);
+ int EVP_PKEY_decrypt(EVP_PKEY_CTX *ctx,
+                        unsigned char *out, size_t *outlen,
+                        const unsigned char *in, size_t inlen);
+=head1 DESCRIPTION
+The EVP_PKEY_decrypt_init() function initializes a public key algorithm
+context using key B<pkey> for a decryption operation.
+The EVP_PKEY_decrypt() function performs a public key decryption operation
+using B<ctx>. The data to be decrypted is specified using the B<in> and
+B<inlen> parameters. If B<out> is B<NULL> then the maximum size of the output
+buffer is written to the B<outlen> parameter. If B<out> is not B<NULL> then
+before the call the B<outlen> parameter should contain the length of the
+B<out> buffer, if the call is successful the decrypted data is written to
+B<out> and the amount of data written to B<outlen>.
+=head1 NOTES
+After the call to EVP_PKEY_decrypt_init() algorithm specific control
+operations can be performed to set any appropriate parameters for the
+operation.
+The function EVP_PKEY_decrypt() can be called more than once on the same
+context if several operations are performed using the same parameters.
+=head1 RETURN VALUES
+EVP_PKEY_decrypt_init() and EVP_PKEY_decrypt() return 1 for success and 0
+or a negative value for failure. In particular a return value of -2
+indicates the operation is not supported by the public key algorithm.
+=head1 EXAMPLE
+Decrypt data using OAEP (for RSA keys):
+ #include <openssl/evp.h>
+ #include <openssl/rsa.h>
+ EVP_PKEY_CTX *ctx;
+ unsigned char *out, *in;
+ size_t outlen, inlen; 
+ EVP_PKEY *key;
+ /* NB: assumes key in, inlen are already set up
+  * and that key is an RSA private key
+  */
+ ctx = EVP_PKEY_CTX_new(key);
+ if (!ctx)
+        /* Error occurred */
+ if (EVP_PKEY_decrypt_init(ctx) <= 0)
+        /* Error */
+ if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_OAEP_PADDING) <= 0)
+        /* Error */
+ /* Determine buffer length */
+ if (EVP_PKEY_decrypt(ctx, NULL, &outlen, in, inlen) <= 0)
+        /* Error */
+ out = OPENSSL_malloc(outlen);
+ if (!out)
+        /* malloc failure */
+ 
+ if (EVP_PKEY_decrypt(ctx, out, &outlen, in, inlen) <= 0)
+        /* Error */
+ /* Decrypted data is outlen bytes written to buffer out */
+=head1 SEE ALSO
+L<EVP_PKEY_CTX_new(3)|EVP_PKEY_CTX_new(3)>,
+L<EVP_PKEY_encrypt(3)|EVP_PKEY_encrypt(3)>,
+L<EVP_PKEY_sign(3)|EVP_PKEY_sign(3)>,
+L<EVP_PKEY_verify(3)|EVP_PKEY_verify(3)>,
+L<EVP_PKEY_verifyrecover(3)|EVP_PKEY_verifyrecover(3)>,
+L<EVP_PKEY_derive(3)|EVP_PKEY_derive(3)> 
+=head1 HISTORY
+These functions were first added to OpenSSL 1.0.0.
+=cut
diff --git a/src/lib/libcrypto/doc/EVP_PKEY_derive.pod b/src/lib/libcrypto/doc/EVP_PKEY_derive.pod
new file mode 100644
index 0000000000..d9d6d76c72
--- /dev/null
+++ b/src/lib/libcrypto/doc/EVP_PKEY_derive.pod
@@ -0,0 +1,93 @@
+=pod
+=head1 NAME
+EVP_PKEY_derive_init, EVP_PKEY_derive_set_peer, EVP_PKEY_derive - derive public key algorithm shared secret.
+=head1 SYNOPSIS
+ #include <openssl/evp.h>
+ int EVP_PKEY_derive_init(EVP_PKEY_CTX *ctx);
+ int EVP_PKEY_derive_set_peer(EVP_PKEY_CTX *ctx, EVP_PKEY *peer);
+ int EVP_PKEY_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen);
+=head1 DESCRIPTION
+The EVP_PKEY_derive_init() function initializes a public key algorithm
+context using key B<pkey> for shared secret derivation.
+The EVP_PKEY_derive_set_peer() function sets the peer key: this will normally
+be a public key.
+The EVP_PKEY_derive() derives a shared secret using B<ctx>.
+If B<key> is B<NULL> then the maximum size of the output buffer is written to
+the B<keylen> parameter. If B<key> is not B<NULL> then before the call the
+B<keylen> parameter should contain the length of the B<key> buffer, if the call
+is successful the shared secret is written to B<key> and the amount of data
+written to B<keylen>.
+=head1 NOTES
+After the call to EVP_PKEY_derive_init() algorithm specific control
+operations can be performed to set any appropriate parameters for the
+operation.
+The function EVP_PKEY_derive() can be called more than once on the same
+context if several operations are performed using the same parameters.
+=head1 RETURN VALUES
+EVP_PKEY_derive_init() and EVP_PKEY_derive() return 1 for success and 0
+or a negative value for failure. In particular a return value of -2
+indicates the operation is not supported by the public key algorithm.
+=head1 EXAMPLE
+Derive shared secret (for example DH or EC keys):
+ #include <openssl/evp.h>
+ #include <openssl/rsa.h>
+ EVP_PKEY_CTX *ctx;
+ unsigned char *skey;
+ size_t skeylen;
+ EVP_PKEY *pkey, *peerkey;
+ /* NB: assumes pkey, peerkey have been already set up */
+ ctx = EVP_PKEY_CTX_new(pkey);
+ if (!ctx)
+        /* Error occurred */
+ if (EVP_PKEY_derive_init(ctx) <= 0)
+        /* Error */
+ if (EVP_PKEY_derive_set_peer(ctx, peerkey) <= 0)
+        /* Error */
+ /* Determine buffer length */
+ if (EVP_PKEY_derive(ctx, NULL, &skeylen) <= 0)
+        /* Error */
+ skey = OPENSSL_malloc(skeylen);
+ if (!skey)
+        /* malloc failure */
+ 
+ if (EVP_PKEY_derive(ctx, skey, &skeylen) <= 0)
+        /* Error */
+ /* Shared secret is skey bytes written to buffer skey */
+=head1 SEE ALSO
+L<EVP_PKEY_CTX_new(3)|EVP_PKEY_CTX_new(3)>,
+L<EVP_PKEY_encrypt(3)|EVP_PKEY_encrypt(3)>,
+L<EVP_PKEY_decrypt(3)|EVP_PKEY_decrypt(3)>,
+L<EVP_PKEY_sign(3)|EVP_PKEY_sign(3)>,
+L<EVP_PKEY_verify(3)|EVP_PKEY_verify(3)>,
+L<EVP_PKEY_verifyrecover(3)|EVP_PKEY_verifyrecover(3)>,
+=head1 HISTORY
+These functions were first added to OpenSSL 1.0.0.
+=cut
diff --git a/src/lib/libcrypto/doc/EVP_PKEY_encrypt.pod b/src/lib/libcrypto/doc/EVP_PKEY_encrypt.pod
new file mode 100644
index 0000000000..91c9c5d0a5
--- /dev/null
+++ b/src/lib/libcrypto/doc/EVP_PKEY_encrypt.pod
@@ -0,0 +1,93 @@
+=pod
+=head1 NAME
+EVP_PKEY_encrypt_init, EVP_PKEY_encrypt - encrypt using a public key algorithm
+=head1 SYNOPSIS
+ #include <openssl/evp.h>
+ int EVP_PKEY_encrypt_init(EVP_PKEY_CTX *ctx);
+ int EVP_PKEY_encrypt(EVP_PKEY_CTX *ctx,
+                        unsigned char *out, size_t *outlen,
+                        const unsigned char *in, size_t inlen);
+=head1 DESCRIPTION
+The EVP_PKEY_encrypt_init() function initializes a public key algorithm
+context using key B<pkey> for an encryption operation.
+The EVP_PKEY_encrypt() function performs a public key encryption operation
+using B<ctx>. The data to be encrypted is specified using the B<in> and
+B<inlen> parameters. If B<out> is B<NULL> then the maximum size of the output
+buffer is written to the B<outlen> parameter. If B<out> is not B<NULL> then
+before the call the B<outlen> parameter should contain the length of the
+B<out> buffer, if the call is successful the encrypted data is written to
+B<out> and the amount of data written to B<outlen>.
+=head1 NOTES
+After the call to EVP_PKEY_encrypt_init() algorithm specific control
+operations can be performed to set any appropriate parameters for the
+operation.
+The function EVP_PKEY_encrypt() can be called more than once on the same
+context if several operations are performed using the same parameters.
+=head1 RETURN VALUES
+EVP_PKEY_encrypt_init() and EVP_PKEY_encrypt() return 1 for success and 0
+or a negative value for failure. In particular a return value of -2
+indicates the operation is not supported by the public key algorithm.
+=head1 EXAMPLE
+Encrypt data using OAEP (for RSA keys):
+ #include <openssl/evp.h>
+ #include <openssl/rsa.h>
+ EVP_PKEY_CTX *ctx;
+ unsigned char *out, *in;
+ size_t outlen, inlen; 
+ EVP_PKEY *key;
+ /* NB: assumes key in, inlen are already set up
+  * and that key is an RSA public key
+  */
+ ctx = EVP_PKEY_CTX_new(key);
+ if (!ctx)
+        /* Error occurred */
+ if (EVP_PKEY_encrypt_init(ctx) <= 0)
+        /* Error */
+ if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_OAEP_PADDING) <= 0)
+        /* Error */
+ /* Determine buffer length */
+ if (EVP_PKEY_encrypt(ctx, NULL, &outlen, in, inlen) <= 0)
+        /* Error */
+ out = OPENSSL_malloc(outlen);
+ if (!out)
+        /* malloc failure */
+ 
+ if (EVP_PKEY_encrypt(ctx, out, &outlen, in, inlen) <= 0)
+        /* Error */
+ /* Encrypted data is outlen bytes written to buffer out */
+=head1 SEE ALSO
+L<EVP_PKEY_CTX_new(3)|EVP_PKEY_CTX_new(3)>,
+L<EVP_PKEY_decrypt(3)|EVP_PKEY_decrypt(3)>,
+L<EVP_PKEY_sign(3)|EVP_PKEY_sign(3)>,
+L<EVP_PKEY_verify(3)|EVP_PKEY_verify(3)>,
+L<EVP_PKEY_verifyrecover(3)|EVP_PKEY_verifyrecover(3)>,
+L<EVP_PKEY_derive(3)|EVP_PKEY_derive(3)> 
+=head1 HISTORY
+These functions were first added to OpenSSL 1.0.0.
+=cut
diff --git a/src/lib/libcrypto/doc/EVP_PKEY_get_default_digest.pod b/src/lib/libcrypto/doc/EVP_PKEY_get_default_digest.pod
new file mode 100644
index 0000000000..1a9c7954c5
--- /dev/null
+++ b/src/lib/libcrypto/doc/EVP_PKEY_get_default_digest.pod
@@ -0,0 +1,41 @@
+=pod
+=head1 NAME
+EVP_PKEY_get_default_digest_nid - get default signature digest
+=head1 SYNOPSIS
+ #include <openssl/evp.h>
+ int EVP_PKEY_get_default_digest_nid(EVP_PKEY *pkey, int *pnid);
+=head1 DESCRIPTION
+The EVP_PKEY_get_default_digest_nid() function sets B<pnid> to the default
+message digest NID for the public key signature operations associated with key
+B<pkey>.
+=head1 NOTES
+For all current standard OpenSSL public key algorithms SHA1 is returned.
+=head1 RETURN VALUES
+The EVP_PKEY_get_default_digest_nid() function returns 1 if the message digest
+is advisory (that is other digests can be used) and 2 if it is mandatory (other
+digests can not be used).  It returns 0 or a negative value for failure. In
+particular a return value of -2 indicates the operation is not supported by the
+public key algorithm.
+=head1 SEE ALSO
+L<EVP_PKEY_CTX_new(3)|EVP_PKEY_CTX_new(3)>,
+L<EVP_PKEY_sign(3)|EVP_PKEY_sign(3)>,
+L<EVP_PKEY_verify(3)|EVP_PKEY_verify(3)>,
+L<EVP_PKEY_verifyrecover(3)|EVP_PKEY_verifyrecover(3)>,
+=head1 HISTORY
+This function was first added to OpenSSL 1.0.0.
+=cut
diff --git a/src/lib/libcrypto/doc/EVP_PKEY_keygen.pod b/src/lib/libcrypto/doc/EVP_PKEY_keygen.pod
new file mode 100644
index 0000000000..37c6fe9503
--- /dev/null
+++ b/src/lib/libcrypto/doc/EVP_PKEY_keygen.pod
@@ -0,0 +1,161 @@
+=pod
+=head1 NAME
+EVP_PKEY_keygen_init, EVP_PKEY_keygen, EVP_PKEY_paramgen_init, EVP_PKEY_paramgen, EVP_PKEY_CTX_set_cb, EVP_PKEY_CTX_get_cb, EVP_PKEY_CTX_get_keygen_info, EVP_PKEVP_PKEY_CTX_set_app_data, EVP_PKEY_CTX_get_app_data - key and parameter generation functions
+=head1 SYNOPSIS
+ #include <openssl/evp.h>
+ int EVP_PKEY_keygen_init(EVP_PKEY_CTX *ctx);
+ int EVP_PKEY_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey);
+ int EVP_PKEY_paramgen_init(EVP_PKEY_CTX *ctx);
+ int EVP_PKEY_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey);
+ typedef int EVP_PKEY_gen_cb(EVP_PKEY_CTX *ctx);
+ void EVP_PKEY_CTX_set_cb(EVP_PKEY_CTX *ctx, EVP_PKEY_gen_cb *cb);
+ EVP_PKEY_gen_cb *EVP_PKEY_CTX_get_cb(EVP_PKEY_CTX *ctx);
+ int EVP_PKEY_CTX_get_keygen_info(EVP_PKEY_CTX *ctx, int idx);
+ void EVP_PKEY_CTX_set_app_data(EVP_PKEY_CTX *ctx, void *data);
+ void *EVP_PKEY_CTX_get_app_data(EVP_PKEY_CTX *ctx);
+=head1 DESCRIPTION
+The EVP_PKEY_keygen_init() function initializes a public key algorithm
+context using key B<pkey> for a key genration operation.
+The EVP_PKEY_keygen() function performs a key generation operation, the 
+generated key is written to B<ppkey>.
+The functions EVP_PKEY_paramgen_init() and EVP_PKEY_paramgen() are similar
+except parameters are generated.
+The function EVP_PKEY_set_cb() sets the key or parameter generation callback
+to B<cb>. The function EVP_PKEY_CTX_get_cb() returns the key or parameter
+generation callback.
+The function EVP_PKEY_CTX_get_keygen_info() returns parameters associated
+with the generation operation. If B<idx> is -1 the total number of
+parameters available is returned. Any non negative value returns the value of
+that parameter. EVP_PKEY_CTX_gen_keygen_info() with a non-negative value for
+B<idx> should only be called within the generation callback.
+If the callback returns 0 then the key genration operation is aborted and an
+error occurs. This might occur during a time consuming operation where
+a user clicks on a "cancel" button.
+The functions EVP_PKEY_CTX_set_app_data() and EVP_PKEY_CTX_get_app_data() set
+and retrieve an opaque pointer. This can be used to set some application
+defined value which can be retrieved in the callback: for example a handle
+which is used to update a "progress dialog".
+=head1 NOTES
+After the call to EVP_PKEY_keygen_init() or EVP_PKEY_paramgen_init() algorithm
+specific control operations can be performed to set any appropriate parameters
+for the operation.
+The functions EVP_PKEY_keygen() and EVP_PKEY_paramgen() can be called more than
+once on the same context if several operations are performed using the same
+parameters.
+The meaning of the parameters passed to the callback will depend on the
+algorithm and the specifiic implementation of the algorithm. Some might not
+give any useful information at all during key or parameter generation. Others
+might not even call the callback.
+The operation performed by key or parameter generation depends on the algorithm
+used. In some cases (e.g. EC with a supplied named curve) the "generation"
+option merely sets the appropriate fields in an EVP_PKEY structure.
+In OpenSSL an EVP_PKEY structure containing a private key also contains the
+public key components and parameters (if any). An OpenSSL private key is
+equivalent to what some libraries call a "key pair". A private key can be used
+in functions which require the use of a public key or parameters.
+=head1 RETURN VALUES
+EVP_PKEY_keygen_init(), EVP_PKEY_paramgen_init(), EVP_PKEY_keygen() and
+EVP_PKEY_paramgen() return 1 for success and 0 or a negative value for failure.
+In particular a return value of -2 indicates the operation is not supported by
+the public key algorithm.
+=head1 EXAMPLES
+Generate a 2048 bit RSA key:
+ #include <openssl/evp.h>
+ #include <openssl/rsa.h>
+ EVP_PKEY_CTX *ctx;
+ EVP_PKEY *pkey = NULL;
+ ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL);
+ if (!ctx)
+        /* Error occurred */
+ if (EVP_PKEY_keygen_init(ctx) <= 0)
+        /* Error */
+ if (EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, 2048) <= 0)
+        /* Error */
+ /* Generate key */
+ if (EVP_PKEY_keygen(ctx, &pkey) <= 0)
+        /* Error */
+Generate a key from a set of parameters:
+ #include <openssl/evp.h>
+ #include <openssl/rsa.h>
+ EVP_PKEY_CTX *ctx;
+ EVP_PKEY *pkey = NULL, *param;
+ /* Assumed param is set up already */
+ ctx = EVP_PKEY_CTX_new(param);
+ if (!ctx)
+        /* Error occurred */
+ if (EVP_PKEY_keygen_init(ctx) <= 0)
+        /* Error */
+ /* Generate key */
+ if (EVP_PKEY_keygen(ctx, &pkey) <= 0)
+        /* Error */
+Example of generation callback for OpenSSL public key implementations:
+ /* Application data is a BIO to output status to */
+ EVP_PKEY_CTX_set_app_data(ctx, status_bio);
+ static int genpkey_cb(EVP_PKEY_CTX *ctx)
+        {
+        char c='*';
+        BIO *b = EVP_PKEY_CTX_get_app_data(ctx);
+        int p;
+        p = EVP_PKEY_CTX_get_keygen_info(ctx, 0);
+        if (p == 0) c='.';
+        if (p == 1) c='+';
+        if (p == 2) c='*';
+        if (p == 3) c='\n';
+        BIO_write(b,&c,1);
+        (void)BIO_flush(b);
+        return 1;
+        }
+=head1 SEE ALSO
+L<EVP_PKEY_CTX_new(3)|EVP_PKEY_CTX_new(3)>,
+L<EVP_PKEY_encrypt(3)|EVP_PKEY_encrypt(3)>,
+L<EVP_PKEY_decrypt(3)|EVP_PKEY_decrypt(3)>,
+L<EVP_PKEY_sign(3)|EVP_PKEY_sign(3)>,
+L<EVP_PKEY_verify(3)|EVP_PKEY_verify(3)>,
+L<EVP_PKEY_verifyrecover(3)|EVP_PKEY_verifyrecover(3)>,
+L<EVP_PKEY_derive(3)|EVP_PKEY_derive(3)> 
+=head1 HISTORY
+These functions were first added to OpenSSL 1.0.0.
+=cut
diff --git a/src/lib/libcrypto/doc/EVP_PKEY_new.pod b/src/lib/libcrypto/doc/EVP_PKEY_new.pod
new file mode 100644
index 0000000000..10687e458d
--- /dev/null
+++ b/src/lib/libcrypto/doc/EVP_PKEY_new.pod
@@ -0,0 +1,47 @@
+=pod
+=head1 NAME
+EVP_PKEY_new, EVP_PKEY_free - private key allocation functions.
+=head1 SYNOPSIS
+ #include <openssl/evp.h>
+ EVP_PKEY *EVP_PKEY_new(void);
+ void EVP_PKEY_free(EVP_PKEY *key);
+=head1 DESCRIPTION
+The EVP_PKEY_new() function allocates an empty B<EVP_PKEY> 
+structure which is used by OpenSSL to store private keys.
+EVP_PKEY_free() frees up the private key B<key>.
+=head1 NOTES
+The B<EVP_PKEY> structure is used by various OpenSSL functions
+which require a general private key without reference to any
+particular algorithm.
+The structure returned by EVP_PKEY_new() is empty. To add a
+private key to this empty structure the functions described in
+L<EVP_PKEY_set1_RSA(3)|EVP_PKEY_set1_RSA(3)> should be used.
+=head1 RETURN VALUES
+EVP_PKEY_new() returns either the newly allocated B<EVP_PKEY>
+structure of B<NULL> if an error occurred.
+EVP_PKEY_free() does not return a value.
+=head1 SEE ALSO
+L<EVP_PKEY_set1_RSA(3)|EVP_PKEY_set1_RSA(3)>
+=head1 HISTORY
+TBA
+=cut
diff --git a/src/lib/libcrypto/doc/EVP_PKEY_print_private.pod b/src/lib/libcrypto/doc/EVP_PKEY_print_private.pod
new file mode 100644
index 0000000000..ce9d70d7a7
--- /dev/null
+++ b/src/lib/libcrypto/doc/EVP_PKEY_print_private.pod
@@ -0,0 +1,53 @@
+=pod
+=head1 NAME
+EVP_PKEY_print_public, EVP_PKEY_print_private, EVP_PKEY_print_params - public key algorithm printing routines.
+=head1 SYNOPSIS
+ #include <openssl/evp.h>
+ int EVP_PKEY_print_public(BIO *out, const EVP_PKEY *pkey,
+                                int indent, ASN1_PCTX *pctx);
+ int EVP_PKEY_print_private(BIO *out, const EVP_PKEY *pkey,
+                                int indent, ASN1_PCTX *pctx);
+ int EVP_PKEY_print_params(BIO *out, const EVP_PKEY *pkey,
+                                int indent, ASN1_PCTX *pctx);
+=head1 DESCRIPTION
+The functions EVP_PKEY_print_public(), EVP_PKEY_print_private() and
+EVP_PKEY_print_params() print out the public, private or parameter components
+of key B<pkey> respectively. The key is sent to BIO B<out> in human readable
+form. The parameter B<indent> indicated how far the printout should be indented.
+The B<pctx> parameter allows the print output to be finely tuned by using
+ASN1 printing options. If B<pctx> is set to NULL then default values will
+be used.
+=head1 NOTES
+Currently no public key algorithms include any options in the B<pctx> parameter 
+parameter.
+If the key does not include all the components indicated by the function then
+only those contained in the key will be printed. For example passing a public
+key to EVP_PKEY_print_private() will only print the public components.
+=head1 RETURN VALUES
+These functions all return 1 for success and 0 or a negative value for failure.
+In particular a return value of -2 indicates the operation is not supported by
+the public key algorithm.
+=head1 SEE ALSO
+L<EVP_PKEY_CTX_new(3)|EVP_PKEY_CTX_new(3)>,
+L<EVP_PKEY_keygen(3)|EVP_PKEY_keygen(3)> 
+=head1 HISTORY
+These functions were first added to OpenSSL 1.0.0.
+=cut
diff --git a/src/lib/libcrypto/doc/EVP_PKEY_set1_RSA.pod b/src/lib/libcrypto/doc/EVP_PKEY_set1_RSA.pod
new file mode 100644
index 0000000000..2db692e271
--- /dev/null
+++ b/src/lib/libcrypto/doc/EVP_PKEY_set1_RSA.pod
@@ -0,0 +1,80 @@
+=pod
+=head1 NAME
+EVP_PKEY_set1_RSA, EVP_PKEY_set1_DSA, EVP_PKEY_set1_DH, EVP_PKEY_set1_EC_KEY,
+EVP_PKEY_get1_RSA, EVP_PKEY_get1_DSA, EVP_PKEY_get1_DH, EVP_PKEY_get1_EC_KEY,
+EVP_PKEY_assign_RSA, EVP_PKEY_assign_DSA, EVP_PKEY_assign_DH, EVP_PKEY_assign_EC_KEY,
+EVP_PKEY_type - EVP_PKEY assignment functions.
+=head1 SYNOPSIS
+ #include <openssl/evp.h>
+ int EVP_PKEY_set1_RSA(EVP_PKEY *pkey,RSA *key);
+ int EVP_PKEY_set1_DSA(EVP_PKEY *pkey,DSA *key);
+ int EVP_PKEY_set1_DH(EVP_PKEY *pkey,DH *key);
+ int EVP_PKEY_set1_EC_KEY(EVP_PKEY *pkey,EC_KEY *key);
+ RSA *EVP_PKEY_get1_RSA(EVP_PKEY *pkey);
+ DSA *EVP_PKEY_get1_DSA(EVP_PKEY *pkey);
+ DH *EVP_PKEY_get1_DH(EVP_PKEY *pkey);
+ EC_KEY *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey);
+ int EVP_PKEY_assign_RSA(EVP_PKEY *pkey,RSA *key);
+ int EVP_PKEY_assign_DSA(EVP_PKEY *pkey,DSA *key);
+ int EVP_PKEY_assign_DH(EVP_PKEY *pkey,DH *key);
+ int EVP_PKEY_assign_EC_KEY(EVP_PKEY *pkey,EC_KEY *key);
+ int EVP_PKEY_type(int type);
+=head1 DESCRIPTION
+EVP_PKEY_set1_RSA(), EVP_PKEY_set1_DSA(), EVP_PKEY_set1_DH() and
+EVP_PKEY_set1_EC_KEY() set the key referenced by B<pkey> to B<key>.
+EVP_PKEY_get1_RSA(), EVP_PKEY_get1_DSA(), EVP_PKEY_get1_DH() and
+EVP_PKEY_get1_EC_KEY() return the referenced key in B<pkey> or
+B<NULL> if the key is not of the correct type.
+EVP_PKEY_assign_RSA() EVP_PKEY_assign_DSA(), EVP_PKEY_assign_DH()
+and EVP_PKEY_assign_EC_KEY() also set the referenced key to B<key>
+however these use the supplied B<key> internally and so B<key>
+will be freed when the parent B<pkey> is freed.
+EVP_PKEY_type() returns the type of key corresponding to the value
+B<type>. The type of a key can be obtained with
+EVP_PKEY_type(pkey->type). The return value will be EVP_PKEY_RSA,
+EVP_PKEY_DSA, EVP_PKEY_DH or EVP_PKEY_EC for the corresponding
+key types or NID_undef if the key type is unassigned.
+=head1 NOTES
+In accordance with the OpenSSL naming convention the key obtained
+from or assigned to the B<pkey> using the B<1> functions must be
+freed as well as B<pkey>.
+EVP_PKEY_assign_RSA() EVP_PKEY_assign_DSA(), EVP_PKEY_assign_DH()
+EVP_PKEY_assign_EC_KEY() are implemented as macros.
+=head1 RETURN VALUES
+EVP_PKEY_set1_RSA(), EVP_PKEY_set1_DSA(), EVP_PKEY_set1_DH() and
+EVP_PKEY_set1_EC_KEY() return 1 for success or 0 for failure.
+EVP_PKEY_get1_RSA(), EVP_PKEY_get1_DSA(), EVP_PKEY_get1_DH() and
+EVP_PKEY_get1_EC_KEY() return the referenced key or B<NULL> if 
+an error occurred.
+EVP_PKEY_assign_RSA() EVP_PKEY_assign_DSA(), EVP_PKEY_assign_DH()
+and EVP_PKEY_assign_EC_KEY() return 1 for success and 0 for failure.
+=head1 SEE ALSO
+L<EVP_PKEY_new(3)|EVP_PKEY_new(3)>
+=head1 HISTORY
+TBA
+=cut
diff --git a/src/lib/libcrypto/doc/EVP_PKEY_sign.pod b/src/lib/libcrypto/doc/EVP_PKEY_sign.pod
new file mode 100644
index 0000000000..2fb52c3486
--- /dev/null
+++ b/src/lib/libcrypto/doc/EVP_PKEY_sign.pod
@@ -0,0 +1,96 @@
+=pod
+=head1 NAME
+EVP_PKEY_sign_init, EVP_PKEY_sign - sign using a public key algorithm
+=head1 SYNOPSIS
+ #include <openssl/evp.h>
+ int EVP_PKEY_sign_init(EVP_PKEY_CTX *ctx);
+ int EVP_PKEY_sign(EVP_PKEY_CTX *ctx,
+                        unsigned char *sig, size_t *siglen,
+                        const unsigned char *tbs, size_t tbslen);
+=head1 DESCRIPTION
+The EVP_PKEY_sign_init() function initializes a public key algorithm
+context using key B<pkey> for a signing operation.
+The EVP_PKEY_sign() function performs a public key signing operation
+using B<ctx>. The data to be signed is specified using the B<tbs> and
+B<tbslen> parameters. If B<sig> is B<NULL> then the maximum size of the output
+buffer is written to the B<siglen> parameter. If B<sig> is not B<NULL> then
+before the call the B<siglen> parameter should contain the length of the
+B<sig> buffer, if the call is successful the signature is written to
+B<sig> and the amount of data written to B<siglen>.
+=head1 NOTES
+After the call to EVP_PKEY_sign_init() algorithm specific control
+operations can be performed to set any appropriate parameters for the
+operation.
+The function EVP_PKEY_sign() can be called more than once on the same
+context if several operations are performed using the same parameters.
+=head1 RETURN VALUES
+EVP_PKEY_sign_init() and EVP_PKEY_sign() return 1 for success and 0
+or a negative value for failure. In particular a return value of -2
+indicates the operation is not supported by the public key algorithm.
+=head1 EXAMPLE
+Sign data using RSA with PKCS#1 padding and SHA256 digest:
+ #include <openssl/evp.h>
+ #include <openssl/rsa.h>
+ EVP_PKEY_CTX *ctx;
+ unsigned char *md, *sig;
+ size_t mdlen, siglen; 
+ EVP_PKEY *signing_key;
+ /* NB: assumes signing_key, md and mdlen are already set up
+  * and that signing_key is an RSA private key
+  */
+ ctx = EVP_PKEY_CTX_new(signing_key);
+ if (!ctx)
+        /* Error occurred */
+ if (EVP_PKEY_sign_init(ctx) <= 0)
+        /* Error */
+ if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING) <= 0)
+        /* Error */
+ if (EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()) <= 0)
+        /* Error */
+ /* Determine buffer length */
+ if (EVP_PKEY_sign(ctx, NULL, &siglen, md, mdlen) <= 0)
+        /* Error */
+ sig = OPENSSL_malloc(siglen);
+ if (!sig)
+        /* malloc failure */
+ 
+ if (EVP_PKEY_sign(ctx, sig, &siglen, md, mdlen) <= 0)
+        /* Error */
+ /* Signature is siglen bytes written to buffer sig */
+=head1 SEE ALSO
+L<EVP_PKEY_CTX_new(3)|EVP_PKEY_CTX_new(3)>,
+L<EVP_PKEY_encrypt(3)|EVP_PKEY_encrypt(3)>,
+L<EVP_PKEY_decrypt(3)|EVP_PKEY_decrypt(3)>,
+L<EVP_PKEY_verify(3)|EVP_PKEY_verify(3)>,
+L<EVP_PKEY_verifyrecover(3)|EVP_PKEY_verifyrecover(3)>,
+L<EVP_PKEY_derive(3)|EVP_PKEY_derive(3)> 
+=head1 HISTORY
+These functions were first added to OpenSSL 1.0.0.
+=cut
diff --git a/src/lib/libcrypto/doc/EVP_PKEY_verify.pod b/src/lib/libcrypto/doc/EVP_PKEY_verify.pod
new file mode 100644
index 0000000000..f93e5fc6c3
--- /dev/null
+++ b/src/lib/libcrypto/doc/EVP_PKEY_verify.pod
@@ -0,0 +1,91 @@
+=pod
+=head1 NAME
+EVP_PKEY_verify_init, EVP_PKEY_verify - signature verification using a public key algorithm
+=head1 SYNOPSIS
+ #include <openssl/evp.h>
+ int EVP_PKEY_verify_init(EVP_PKEY_CTX *ctx);
+ int EVP_PKEY_verify(EVP_PKEY_CTX *ctx,
+                        const unsigned char *sig, size_t siglen,
+                        const unsigned char *tbs, size_t tbslen);
+=head1 DESCRIPTION
+The EVP_PKEY_verify_init() function initializes a public key algorithm
+context using key B<pkey> for a signature verification operation.
+The EVP_PKEY_verify() function performs a public key verification operation
+using B<ctx>. The signature is specified using the B<sig> and
+B<siglen> parameters. The verified data (i.e. the data believed originally
+signed) is specified using the B<tbs> and B<tbslen> parameters.
+=head1 NOTES
+After the call to EVP_PKEY_verify_init() algorithm specific control
+operations can be performed to set any appropriate parameters for the
+operation.
+The function EVP_PKEY_verify() can be called more than once on the same
+context if several operations are performed using the same parameters.
+=head1 RETURN VALUES
+EVP_PKEY_verify_init() and EVP_PKEY_verify() return 1 if the verification was
+successful and 0 if it failed. Unlike other functions the return value 0 from
+EVP_PKEY_verify() only indicates that the signature did not not verify
+successfully (that is tbs did not match the original data or the signature was
+of invalid form) it is not an indication of a more serious error.
+A negative value indicates an error other that signature verification failure.
+In particular a return value of -2 indicates the operation is not supported by
+the public key algorithm.
+=head1 EXAMPLE
+Verify signature using PKCS#1 and SHA256 digest:
+ #include <openssl/evp.h>
+ #include <openssl/rsa.h>
+ EVP_PKEY_CTX *ctx;
+ unsigned char *md, *sig;
+ size_t mdlen, siglen; 
+ EVP_PKEY *verify_key;
+ /* NB: assumes verify_key, sig, siglen md and mdlen are already set up
+  * and that verify_key is an RSA public key
+  */
+ ctx = EVP_PKEY_CTX_new(verify_key);
+ if (!ctx)
+        /* Error occurred */
+ if (EVP_PKEY_verify_init(ctx) <= 0)
+        /* Error */
+ if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING) <= 0)
+        /* Error */
+ if (EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()) <= 0)
+        /* Error */
+ /* Perform operation */
+ ret = EVP_PKEY_verify(ctx, sig, siglen, md, mdlen);
+ /* ret == 1 indicates success, 0 verify failure and < 0 for some
+  * other error.
+  */
+=head1 SEE ALSO
+L<EVP_PKEY_CTX_new(3)|EVP_PKEY_CTX_new(3)>,
+L<EVP_PKEY_encrypt(3)|EVP_PKEY_encrypt(3)>,
+L<EVP_PKEY_decrypt(3)|EVP_PKEY_decrypt(3)>,
+L<EVP_PKEY_sign(3)|EVP_PKEY_sign(3)>,
+L<EVP_PKEY_verifyrecover(3)|EVP_PKEY_verifyrecover(3)>,
+L<EVP_PKEY_derive(3)|EVP_PKEY_derive(3)> 
+=head1 HISTORY
+These functions were first added to OpenSSL 1.0.0.
+=cut
diff --git a/src/lib/libcrypto/doc/EVP_SealInit.pod b/src/lib/libcrypto/doc/EVP_SealInit.pod
new file mode 100644
index 0000000000..7d793e19ef
--- /dev/null
+++ b/src/lib/libcrypto/doc/EVP_SealInit.pod
@@ -0,0 +1,85 @@
+=pod
+=head1 NAME
+EVP_SealInit, EVP_SealUpdate, EVP_SealFinal - EVP envelope encryption
+=head1 SYNOPSIS
+ #include <openssl/evp.h>
+ int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
+                  unsigned char **ek, int *ekl, unsigned char *iv,
+                  EVP_PKEY **pubk, int npubk);
+ int EVP_SealUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
+         int *outl, unsigned char *in, int inl);
+ int EVP_SealFinal(EVP_CIPHER_CTX *ctx, unsigned char *out,
+         int *outl);
+=head1 DESCRIPTION
+The EVP envelope routines are a high level interface to envelope
+encryption. They generate a random key and IV (if required) then
+"envelope" it by using public key encryption. Data can then be
+encrypted using this key.
+EVP_SealInit() initializes a cipher context B<ctx> for encryption
+with cipher B<type> using a random secret key and IV. B<type> is normally
+supplied by a function such as EVP_des_cbc(). The secret key is encrypted
+using one or more public keys, this allows the same encrypted data to be
+decrypted using any of the corresponding private keys. B<ek> is an array of
+buffers where the public key encrypted secret key will be written, each buffer
+must contain enough room for the corresponding encrypted key: that is
+B<ek[i]> must have room for B<EVP_PKEY_size(pubk[i])> bytes. The actual
+size of each encrypted secret key is written to the array B<ekl>. B<pubk> is
+an array of B<npubk> public keys.
+The B<iv> parameter is a buffer where the generated IV is written to. It must
+contain enough room for the corresponding cipher's IV, as determined by (for
+example) EVP_CIPHER_iv_length(type).
+If the cipher does not require an IV then the B<iv> parameter is ignored
+and can be B<NULL>.
+EVP_SealUpdate() and EVP_SealFinal() have exactly the same properties
+as the EVP_EncryptUpdate() and EVP_EncryptFinal() routines, as 
+documented on the L<EVP_EncryptInit(3)|EVP_EncryptInit(3)> manual
+page. 
+=head1 RETURN VALUES
+EVP_SealInit() returns 0 on error or B<npubk> if successful.
+EVP_SealUpdate() and EVP_SealFinal() return 1 for success and 0 for
+failure.
+=head1 NOTES
+Because a random secret key is generated the random number generator
+must be seeded before calling EVP_SealInit().
+The public key must be RSA because it is the only OpenSSL public key
+algorithm that supports key transport.
+Envelope encryption is the usual method of using public key encryption
+on large amounts of data, this is because public key encryption is slow
+but symmetric encryption is fast. So symmetric encryption is used for
+bulk encryption and the small random symmetric key used is transferred
+using public key encryption.
+It is possible to call EVP_SealInit() twice in the same way as
+EVP_EncryptInit(). The first call should have B<npubk> set to 0
+and (after setting any cipher parameters) it should be called again
+with B<type> set to NULL.
+=head1 SEE ALSO
+L<evp(3)|evp(3)>, L<rand(3)|rand(3)>,
+L<EVP_EncryptInit(3)|EVP_EncryptInit(3)>,
+L<EVP_OpenInit(3)|EVP_OpenInit(3)>
+=head1 HISTORY
+EVP_SealFinal() did not return a value before OpenSSL 0.9.7.
+=cut
diff --git a/src/lib/libcrypto/doc/EVP_SignInit.pod b/src/lib/libcrypto/doc/EVP_SignInit.pod
new file mode 100644
index 0000000000..781d43e401
--- /dev/null
+++ b/src/lib/libcrypto/doc/EVP_SignInit.pod
@@ -0,0 +1,104 @@
+=pod
+=head1 NAME
+EVP_SignInit, EVP_SignUpdate, EVP_SignFinal - EVP signing functions
+=head1 SYNOPSIS
+ #include <openssl/evp.h>
+ int EVP_SignInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl);
+ int EVP_SignUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt);
+ int EVP_SignFinal(EVP_MD_CTX *ctx,unsigned char *sig,unsigned int *s, EVP_PKEY *pkey);
+ void EVP_SignInit(EVP_MD_CTX *ctx, const EVP_MD *type);
+ int EVP_PKEY_size(EVP_PKEY *pkey);
+=head1 DESCRIPTION
+The EVP signature routines are a high level interface to digital
+signatures.
+EVP_SignInit_ex() sets up signing context B<ctx> to use digest
+B<type> from ENGINE B<impl>. B<ctx> must be initialized with
+EVP_MD_CTX_init() before calling this function.
+EVP_SignUpdate() hashes B<cnt> bytes of data at B<d> into the
+signature context B<ctx>. This function can be called several times on the
+same B<ctx> to include additional data.
+EVP_SignFinal() signs the data in B<ctx> using the private key B<pkey> and
+places the signature in B<sig>. The number of bytes of data written (i.e. the
+length of the signature) will be written to the integer at B<s>, at most
+EVP_PKEY_size(pkey) bytes will be written. 
+EVP_SignInit() initializes a signing context B<ctx> to use the default
+implementation of digest B<type>.
+EVP_PKEY_size() returns the maximum size of a signature in bytes. The actual
+signature returned by EVP_SignFinal() may be smaller.
+=head1 RETURN VALUES
+EVP_SignInit_ex(), EVP_SignUpdate() and EVP_SignFinal() return 1
+for success and 0 for failure.
+EVP_PKEY_size() returns the maximum size of a signature in bytes.
+The error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
+=head1 NOTES
+The B<EVP> interface to digital signatures should almost always be used in
+preference to the low level interfaces. This is because the code then becomes
+transparent to the algorithm used and much more flexible.
+Due to the link between message digests and public key algorithms the correct
+digest algorithm must be used with the correct public key type. A list of
+algorithms and associated public key algorithms appears in 
+L<EVP_DigestInit(3)|EVP_DigestInit(3)>.
+When signing with DSA private keys the random number generator must be seeded
+or the operation will fail. The random number generator does not need to be
+seeded for RSA signatures.
+The call to EVP_SignFinal() internally finalizes a copy of the digest context.
+This means that calls to EVP_SignUpdate() and EVP_SignFinal() can be called
+later to digest and sign additional data.
+Since only a copy of the digest context is ever finalized the context must
+be cleaned up after use by calling EVP_MD_CTX_cleanup() or a memory leak
+will occur.
+=head1 BUGS
+Older versions of this documentation wrongly stated that calls to 
+EVP_SignUpdate() could not be made after calling EVP_SignFinal().
+Since the private key is passed in the call to EVP_SignFinal() any error
+relating to the private key (for example an unsuitable key and digest
+combination) will not be indicated until after potentially large amounts of
+data have been passed through EVP_SignUpdate().
+It is not possible to change the signing parameters using these function.
+The previous two bugs are fixed in the newer EVP_SignDigest*() function.
+=head1 SEE ALSO
+L<EVP_VerifyInit(3)|EVP_VerifyInit(3)>,
+L<EVP_DigestInit(3)|EVP_DigestInit(3)>, L<ERR_get_error(3)|ERR_get_error(3)>,
+L<evp(3)|evp(3)>, L<HMAC(3)|HMAC(3)>, L<MD2(3)|MD2(3)>,
+L<MD5(3)|MD5(3)>, L<MDC2(3)|MDC2(3)>, L<RIPEMD(3)|RIPEMD(3)>,
+L<SHA1(3)|SHA1(3)>, L<digest(1)|digest(1)>
+=head1 HISTORY
+EVP_SignInit(), EVP_SignUpdate() and EVP_SignFinal() are
+available in all versions of SSLeay and OpenSSL.
+EVP_SignInit_ex() was added in OpenSSL 0.9.7.
+=cut
diff --git a/src/lib/libcrypto/doc/EVP_VerifyInit.pod b/src/lib/libcrypto/doc/EVP_VerifyInit.pod
new file mode 100644
index 0000000000..9097f09410
--- /dev/null
+++ b/src/lib/libcrypto/doc/EVP_VerifyInit.pod
@@ -0,0 +1,95 @@
+=pod
+=head1 NAME
+EVP_VerifyInit, EVP_VerifyUpdate, EVP_VerifyFinal - EVP signature verification functions
+=head1 SYNOPSIS
+ #include <openssl/evp.h>
+ int EVP_VerifyInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl);
+ int EVP_VerifyUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt);
+ int EVP_VerifyFinal(EVP_MD_CTX *ctx,unsigned char *sigbuf, unsigned int siglen,EVP_PKEY *pkey);
+ int EVP_VerifyInit(EVP_MD_CTX *ctx, const EVP_MD *type);
+=head1 DESCRIPTION
+The EVP signature verification routines are a high level interface to digital
+signatures.
+EVP_VerifyInit_ex() sets up verification context B<ctx> to use digest
+B<type> from ENGINE B<impl>. B<ctx> must be initialized by calling
+EVP_MD_CTX_init() before calling this function.
+EVP_VerifyUpdate() hashes B<cnt> bytes of data at B<d> into the
+verification context B<ctx>. This function can be called several times on the
+same B<ctx> to include additional data.
+EVP_VerifyFinal() verifies the data in B<ctx> using the public key B<pkey>
+and against the B<siglen> bytes at B<sigbuf>.
+EVP_VerifyInit() initializes verification context B<ctx> to use the default
+implementation of digest B<type>.
+=head1 RETURN VALUES
+EVP_VerifyInit_ex() and EVP_VerifyUpdate() return 1 for success and 0 for
+failure.
+EVP_VerifyFinal() returns 1 for a correct signature, 0 for failure and -1 if some
+other error occurred.
+The error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
+=head1 NOTES
+The B<EVP> interface to digital signatures should almost always be used in
+preference to the low level interfaces. This is because the code then becomes
+transparent to the algorithm used and much more flexible.
+Due to the link between message digests and public key algorithms the correct
+digest algorithm must be used with the correct public key type. A list of
+algorithms and associated public key algorithms appears in 
+L<EVP_DigestInit(3)|EVP_DigestInit(3)>.
+The call to EVP_VerifyFinal() internally finalizes a copy of the digest context.
+This means that calls to EVP_VerifyUpdate() and EVP_VerifyFinal() can be called
+later to digest and verify additional data.
+Since only a copy of the digest context is ever finalized the context must
+be cleaned up after use by calling EVP_MD_CTX_cleanup() or a memory leak
+will occur.
+=head1 BUGS
+Older versions of this documentation wrongly stated that calls to 
+EVP_VerifyUpdate() could not be made after calling EVP_VerifyFinal().
+Since the public key is passed in the call to EVP_SignFinal() any error
+relating to the private key (for example an unsuitable key and digest
+combination) will not be indicated until after potentially large amounts of
+data have been passed through EVP_SignUpdate().
+It is not possible to change the signing parameters using these function.
+The previous two bugs are fixed in the newer EVP_VerifyDigest*() function.
+=head1 SEE ALSO
+L<evp(3)|evp(3)>,
+L<EVP_SignInit(3)|EVP_SignInit(3)>,
+L<EVP_DigestInit(3)|EVP_DigestInit(3)>, L<err(3)|err(3)>,
+L<evp(3)|evp(3)>, L<hmac(3)|hmac(3)>, L<md2(3)|md2(3)>,
+L<md5(3)|md5(3)>, L<mdc2(3)|mdc2(3)>, L<ripemd(3)|ripemd(3)>,
+L<sha(3)|sha(3)>, L<dgst(1)|dgst(1)>
+=head1 HISTORY
+EVP_VerifyInit(), EVP_VerifyUpdate() and EVP_VerifyFinal() are
+available in all versions of SSLeay and OpenSSL.
+EVP_VerifyInit_ex() was added in OpenSSL 0.9.7
+=cut
diff --git a/src/lib/libcrypto/doc/OBJ_nid2obj.pod b/src/lib/libcrypto/doc/OBJ_nid2obj.pod
new file mode 100644
index 0000000000..1e45dd40f6
--- /dev/null
+++ b/src/lib/libcrypto/doc/OBJ_nid2obj.pod
@@ -0,0 +1,151 @@
+=pod
+=head1 NAME
+OBJ_nid2obj, OBJ_nid2ln, OBJ_nid2sn, OBJ_obj2nid, OBJ_txt2nid, OBJ_ln2nid, OBJ_sn2nid,
+OBJ_cmp, OBJ_dup, OBJ_txt2obj, OBJ_obj2txt, OBJ_create, OBJ_cleanup - ASN1 object utility
+functions
+=head1 SYNOPSIS
+ #include <openssl/objects.h>
+ ASN1_OBJECT * OBJ_nid2obj(int n);
+ const char *  OBJ_nid2ln(int n);
+ const char *  OBJ_nid2sn(int n);
+ int OBJ_obj2nid(const ASN1_OBJECT *o);
+ int OBJ_ln2nid(const char *ln);
+ int OBJ_sn2nid(const char *sn);
+ int OBJ_txt2nid(const char *s);
+ ASN1_OBJECT * OBJ_txt2obj(const char *s, int no_name);
+ int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name);
+ int OBJ_cmp(const ASN1_OBJECT *a,const ASN1_OBJECT *b);
+ ASN1_OBJECT * OBJ_dup(const ASN1_OBJECT *o);
+ int OBJ_create(const char *oid,const char *sn,const char *ln);
+ void OBJ_cleanup(void);
+=head1 DESCRIPTION
+The ASN1 object utility functions process ASN1_OBJECT structures which are
+a representation of the ASN1 OBJECT IDENTIFIER (OID) type.
+OBJ_nid2obj(), OBJ_nid2ln() and OBJ_nid2sn() convert the NID B<n> to 
+an ASN1_OBJECT structure, its long name and its short name respectively,
+or B<NULL> is an error occurred.
+OBJ_obj2nid(), OBJ_ln2nid(), OBJ_sn2nid() return the corresponding NID
+for the object B<o>, the long name <ln> or the short name <sn> respectively
+or NID_undef if an error occurred.
+OBJ_txt2nid() returns NID corresponding to text string <s>. B<s> can be
+a long name, a short name or the numerical respresentation of an object.
+OBJ_txt2obj() converts the text string B<s> into an ASN1_OBJECT structure.
+If B<no_name> is 0 then long names and short names will be interpreted
+as well as numerical forms. If B<no_name> is 1 only the numerical form
+is acceptable.
+OBJ_obj2txt() converts the B<ASN1_OBJECT> B<a> into a textual representation.
+The representation is written as a null terminated string to B<buf>
+at most B<buf_len> bytes are written, truncating the result if necessary.
+The total amount of space required is returned. If B<no_name> is 0 then
+if the object has a long or short name then that will be used, otherwise
+the numerical form will be used. If B<no_name> is 1 then the numerical
+form will always be used.
+OBJ_cmp() compares B<a> to B<b>. If the two are identical 0 is returned.
+OBJ_dup() returns a copy of B<o>.
+OBJ_create() adds a new object to the internal table. B<oid> is the 
+numerical form of the object, B<sn> the short name and B<ln> the
+long name. A new NID is returned for the created object.
+OBJ_cleanup() cleans up OpenSSLs internal object table: this should
+be called before an application exits if any new objects were added
+using OBJ_create().
+=head1 NOTES
+Objects in OpenSSL can have a short name, a long name and a numerical
+identifier (NID) associated with them. A standard set of objects is
+represented in an internal table. The appropriate values are defined
+in the header file B<objects.h>.
+For example the OID for commonName has the following definitions:
+ #define SN_commonName                   "CN"
+ #define LN_commonName                   "commonName"
+ #define NID_commonName                  13
+New objects can be added by calling OBJ_create().
+Table objects have certain advantages over other objects: for example
+their NIDs can be used in a C language switch statement. They are
+also static constant structures which are shared: that is there
+is only a single constant structure for each table object.
+Objects which are not in the table have the NID value NID_undef.
+Objects do not need to be in the internal tables to be processed,
+the functions OBJ_txt2obj() and OBJ_obj2txt() can process the numerical
+form of an OID.
+=head1 EXAMPLES
+Create an object for B<commonName>:
+ ASN1_OBJECT *o;
+ o = OBJ_nid2obj(NID_commonName);
+Check if an object is B<commonName>
+ if (OBJ_obj2nid(obj) == NID_commonName)
+        /* Do something */
+Create a new NID and initialize an object from it:
+ int new_nid;
+ ASN1_OBJECT *obj;
+ new_nid = OBJ_create("1.2.3.4", "NewOID", "New Object Identifier");
+ obj = OBJ_nid2obj(new_nid);
+ 
+Create a new object directly:
+ obj = OBJ_txt2obj("1.2.3.4", 1);
+=head1 BUGS
+OBJ_obj2txt() is awkward and messy to use: it doesn't follow the 
+convention of other OpenSSL functions where the buffer can be set
+to B<NULL> to determine the amount of data that should be written.
+Instead B<buf> must point to a valid buffer and B<buf_len> should
+be set to a positive value. A buffer length of 80 should be more
+than enough to handle any OID encountered in practice.
+=head1 RETURN VALUES
+OBJ_nid2obj() returns an B<ASN1_OBJECT> structure or B<NULL> is an
+error occurred.
+OBJ_nid2ln() and OBJ_nid2sn() returns a valid string or B<NULL>
+on error.
+OBJ_obj2nid(), OBJ_ln2nid(), OBJ_sn2nid() and OBJ_txt2nid() return
+a NID or B<NID_undef> on error.
+=head1 SEE ALSO
+L<ERR_get_error(3)|ERR_get_error(3)>
+=head1 HISTORY
+TBA
+=cut
diff --git a/src/lib/libcrypto/doc/OPENSSL_VERSION_NUMBER.pod b/src/lib/libcrypto/doc/OPENSSL_VERSION_NUMBER.pod
new file mode 100644
index 0000000000..c39ac35e78
--- /dev/null
+++ b/src/lib/libcrypto/doc/OPENSSL_VERSION_NUMBER.pod
@@ -0,0 +1,101 @@
+=pod
+=head1 NAME
+OPENSSL_VERSION_NUMBER, SSLeay, SSLeay_version - get OpenSSL version number
+=head1 SYNOPSIS
+ #include <openssl/opensslv.h>
+ #define OPENSSL_VERSION_NUMBER 0xnnnnnnnnnL
+ #include <openssl/crypto.h>
+ long SSLeay(void);
+ const char *SSLeay_version(int t);
+=head1 DESCRIPTION
+OPENSSL_VERSION_NUMBER is a numeric release version identifier:
+ MMNNFFPPS: major minor fix patch status
+The status nibble has one of the values 0 for development, 1 to e for betas
+1 to 14, and f for release.
+for example
+ 0x000906000 == 0.9.6 dev
+ 0x000906023 == 0.9.6b beta 3
+ 0x00090605f == 0.9.6e release
+Versions prior to 0.9.3 have identifiers E<lt> 0x0930.
+Versions between 0.9.3 and 0.9.5 had a version identifier with this
+interpretation:
+ MMNNFFRBB major minor fix final beta/patch
+for example
+ 0x000904100 == 0.9.4 release
+ 0x000905000 == 0.9.5 dev
+Version 0.9.5a had an interim interpretation that is like the current one,
+except the patch level got the highest bit set, to keep continuity.  The
+number was therefore 0x0090581f.
+For backward compatibility, SSLEAY_VERSION_NUMBER is also defined.
+SSLeay() returns this number. The return value can be compared to the
+macro to make sure that the correct version of the library has been
+loaded, especially when using DLLs on Windows systems.
+SSLeay_version() returns different strings depending on B<t>:
+=over 4
+=item SSLEAY_VERSION
+The text variant of the version number and the release date.  For example,
+"OpenSSL 0.9.5a 1 Apr 2000".
+=item SSLEAY_CFLAGS
+The compiler flags set for the compilation process in the form
+"compiler: ..."  if available or "compiler: information not available"
+otherwise.
+=item SSLEAY_BUILT_ON
+The date of the build process in the form "built on: ..." if available
+or "built on: date not available" otherwise.
+=item SSLEAY_PLATFORM
+The "Configure" target of the library build in the form "platform: ..."
+if available or "platform: information not available" otherwise.
+=item SSLEAY_DIR
+The "OPENSSLDIR" setting of the library build in the form "OPENSSLDIR: "...""
+if available or "OPENSSLDIR: N/A" otherwise.
+=back
+For an unknown B<t>, the text "not available" is returned.
+=head1 RETURN VALUE
+The version number.
+=head1 SEE ALSO
+L<crypto(3)|crypto(3)>
+=head1 HISTORY
+SSLeay() and SSLEAY_VERSION_NUMBER are available in all versions of SSLeay and OpenSSL.
+OPENSSL_VERSION_NUMBER is available in all versions of OpenSSL.
+B<SSLEAY_DIR> was added in OpenSSL 0.9.7.
+=cut
diff --git a/src/lib/libcrypto/doc/OPENSSL_config.pod b/src/lib/libcrypto/doc/OPENSSL_config.pod
new file mode 100644
index 0000000000..e7bba2aaca
--- /dev/null
+++ b/src/lib/libcrypto/doc/OPENSSL_config.pod
@@ -0,0 +1,82 @@
+=pod
+=head1 NAME
+OPENSSL_config, OPENSSL_no_config - simple OpenSSL configuration functions
+=head1 SYNOPSIS
+ #include <openssl/conf.h>
+ void OPENSSL_config(const char *config_name);
+ void OPENSSL_no_config(void);
+=head1 DESCRIPTION
+OPENSSL_config() configures OpenSSL using the standard B<openssl.cnf>
+configuration file name using B<config_name>. If B<config_name> is NULL then
+the default name B<openssl_conf> will be used. Any errors are ignored. Further
+calls to OPENSSL_config() will have no effect. The configuration file format
+is documented in the L<conf(5)|conf(5)> manual page.
+OPENSSL_no_config() disables configuration. If called before OPENSSL_config()
+no configuration takes place.
+=head1 NOTES
+It is B<strongly> recommended that B<all> new applications call OPENSSL_config()
+or the more sophisticated functions such as CONF_modules_load() during
+initialization (that is before starting any threads). By doing this
+an application does not need to keep track of all configuration options
+and some new functionality can be supported automatically.
+It is also possible to automatically call OPENSSL_config() when an application
+calls OPENSSL_add_all_algorithms() by compiling an application with the
+preprocessor symbol B<OPENSSL_LOAD_CONF> #define'd. In this way configuration
+can be added without source changes.
+The environment variable B<OPENSSL_CONF> can be set to specify the location
+of the configuration file.
+ 
+Currently ASN1 OBJECTs and ENGINE configuration can be performed future
+versions of OpenSSL will add new configuration options.
+There are several reasons why calling the OpenSSL configuration routines is
+advisable. For example new ENGINE functionality was added to OpenSSL 0.9.7.
+In OpenSSL 0.9.7 control functions can be supported by ENGINEs, this can be
+used (among other things) to load dynamic ENGINEs from shared libraries (DSOs).
+However very few applications currently support the control interface and so
+very few can load and use dynamic ENGINEs. Equally in future more sophisticated
+ENGINEs will require certain control operations to customize them. If an
+application calls OPENSSL_config() it doesn't need to know or care about
+ENGINE control operations because they can be performed by editing a
+configuration file.
+Applications should free up configuration at application closedown by calling
+CONF_modules_free().
+=head1 RESTRICTIONS
+The OPENSSL_config() function is designed to be a very simple "call it and
+forget it" function. As a result its behaviour is somewhat limited. It ignores
+all errors silently and it can only load from the standard configuration file
+location for example.
+It is however B<much> better than nothing. Applications which need finer
+control over their configuration functionality should use the configuration
+functions such as CONF_load_modules() directly.
+=head1 RETURN VALUES
+Neither OPENSSL_config() nor OPENSSL_no_config() return a value.
+=head1 SEE ALSO
+L<conf(5)|conf(5)>, L<CONF_load_modules_file(3)|CONF_load_modules_file(3)>,
+L<CONF_modules_free(3),CONF_modules_free(3)>
+=head1 HISTORY
+OPENSSL_config() and OPENSSL_no_config() first appeared in OpenSSL 0.9.7
+=cut
diff --git a/src/lib/libcrypto/doc/OPENSSL_load_builtin_modules.pod b/src/lib/libcrypto/doc/OPENSSL_load_builtin_modules.pod
new file mode 100644
index 0000000000..f14dfaf005
--- /dev/null
+++ b/src/lib/libcrypto/doc/OPENSSL_load_builtin_modules.pod
@@ -0,0 +1,51 @@
+=pod
+=head1 NAME
+OPENSSL_load_builtin_modules - add standard configuration modules
+=head1 SYNOPSIS
+ #include <openssl/conf.h>
+ void OPENSSL_load_builtin_modules(void);
+ void ASN1_add_oid_module(void);
+ ENGINE_add_conf_module();
+=head1 DESCRIPTION
+The function OPENSSL_load_builtin_modules() adds all the standard OpenSSL
+configuration modules to the internal list. They can then be used by the
+OpenSSL configuration code.
+ASN1_add_oid_module() adds just the ASN1 OBJECT module.
+ENGINE_add_conf_module() adds just the ENGINE configuration module.
+=head1 NOTES
+If the simple configuration function OPENSSL_config() is called then 
+OPENSSL_load_builtin_modules() is called automatically.
+Applications which use the configuration functions directly will need to
+call OPENSSL_load_builtin_modules() themselves I<before> any other 
+configuration code.
+Applications should call OPENSSL_load_builtin_modules() to load all
+configuration modules instead of adding modules selectively: otherwise 
+functionality may be missing from the application if an when new
+modules are added.
+=head1 RETURN VALUE
+None of the functions return a value.
+=head1 SEE ALSO
+L<conf(3)|conf(3)>, L<OPENSSL_config(3)|OPENSSL_config(3)>
+=head1 HISTORY
+These functions first appeared in OpenSSL 0.9.7.
+=cut
diff --git a/src/lib/libcrypto/doc/OpenSSL_add_all_algorithms.pod b/src/lib/libcrypto/doc/OpenSSL_add_all_algorithms.pod
new file mode 100644
index 0000000000..e63411b5bb
--- /dev/null
+++ b/src/lib/libcrypto/doc/OpenSSL_add_all_algorithms.pod
@@ -0,0 +1,66 @@
+=pod
+=head1 NAME
+OpenSSL_add_all_algorithms, OpenSSL_add_all_ciphers, OpenSSL_add_all_digests -
+add algorithms to internal table
+=head1 SYNOPSIS
+ #include <openssl/evp.h>
+ void OpenSSL_add_all_algorithms(void);
+ void OpenSSL_add_all_ciphers(void);
+ void OpenSSL_add_all_digests(void);
+ void EVP_cleanup(void);
+=head1 DESCRIPTION
+OpenSSL keeps an internal table of digest algorithms and ciphers. It uses
+this table to lookup ciphers via functions such as EVP_get_cipher_byname().
+OpenSSL_add_all_digests() adds all digest algorithms to the table.
+OpenSSL_add_all_algorithms() adds all algorithms to the table (digests and
+ciphers).
+OpenSSL_add_all_ciphers() adds all encryption algorithms to the table including
+password based encryption algorithms.
+EVP_cleanup() removes all ciphers and digests from the table.
+=head1 RETURN VALUES
+None of the functions return a value.
+=head1 NOTES
+A typical application will call OpenSSL_add_all_algorithms() initially and
+EVP_cleanup() before exiting.
+An application does not need to add algorithms to use them explicitly, for example
+by EVP_sha1(). It just needs to add them if it (or any of the functions it calls)
+needs to lookup algorithms.
+The cipher and digest lookup functions are used in many parts of the library. If
+the table is not initialized several functions will misbehave and complain they
+cannot find algorithms. This includes the PEM, PKCS#12, SSL and S/MIME libraries.
+This is a common query in the OpenSSL mailing lists.
+Calling OpenSSL_add_all_algorithms() links in all algorithms: as a result a
+statically linked executable can be quite large. If this is important it is possible
+to just add the required ciphers and digests.
+=head1 BUGS
+Although the functions do not return error codes it is possible for them to fail.
+This will only happen as a result of a memory allocation failure so this is not
+too much of a problem in practice.
+=head1 SEE ALSO
+L<evp(3)|evp(3)>, L<EVP_DigestInit(3)|EVP_DigestInit(3)>,
+L<EVP_EncryptInit(3)|EVP_EncryptInit(3)>
+=cut
diff --git a/src/lib/libcrypto/doc/PEM_write_bio_CMS_stream.pod b/src/lib/libcrypto/doc/PEM_write_bio_CMS_stream.pod
new file mode 100644
index 0000000000..e070c45c2e
--- /dev/null
+++ b/src/lib/libcrypto/doc/PEM_write_bio_CMS_stream.pod
@@ -0,0 +1,41 @@
+=pod
+=head1 NAME
+ PEM_write_bio_CMS_stream - output CMS_ContentInfo structure in PEM format.
+=head1 SYNOPSIS
+ #include <openssl/cms.h>
+ #include <openssl/pem.h>
+ int PEM_write_bio_CMS_stream(BIO *out, CMS_ContentInfo *cms, BIO *data, int flags);
+=head1 DESCRIPTION
+PEM_write_bio_CMS_stream() outputs a CMS_ContentInfo structure in PEM format.
+It is otherwise identical to the function SMIME_write_CMS().
+=head1 NOTES
+This function is effectively a version of the PEM_write_bio_CMS() supporting
+streaming.
+=head1 RETURN VALUES
+PEM_write_bio_CMS_stream() returns 1 for success or 0 for failure.
+=head1 SEE ALSO
+L<ERR_get_error(3)|ERR_get_error(3)>, L<CMS_sign(3)|CMS_sign(3)>,
+L<CMS_verify(3)|CMS_verify(3)>, L<CMS_encrypt(3)|CMS_encrypt(3)>
+L<CMS_decrypt(3)|CMS_decrypt(3)>,
+L<SMIME_write_CMS(3)|SMIME_write_CMS(3)>,
+L<i2d_CMS_bio_stream(3)|i2d_CMS_bio_stream(3)>
+=head1 HISTORY
+PEM_write_bio_CMS_stream() was added to OpenSSL 1.0.0
+=cut
diff --git a/src/lib/libcrypto/doc/PEM_write_bio_PKCS7_stream.pod b/src/lib/libcrypto/doc/PEM_write_bio_PKCS7_stream.pod
new file mode 100644
index 0000000000..16fc9b6845
--- /dev/null
+++ b/src/lib/libcrypto/doc/PEM_write_bio_PKCS7_stream.pod
@@ -0,0 +1,41 @@
+=pod
+=head1 NAME
+PEM_write_bio_PKCS7_stream - output PKCS7 structure in PEM format.
+=head1 SYNOPSIS
+ #include <openssl/pkcs7.h>
+ #include <openssl/pem.h>
+ int PEM_write_bio_PKCS7_stream(BIO *out, PKCS7 *p7, BIO *data, int flags);
+=head1 DESCRIPTION
+PEM_write_bio_PKCS7_stream() outputs a PKCS7 structure in PEM format.
+It is otherwise identical to the function SMIME_write_PKCS7().
+=head1 NOTES
+This function is effectively a version of the PEM_write_bio_PKCS7() supporting
+streaming.
+=head1 RETURN VALUES
+PEM_write_bio_PKCS7_stream() returns 1 for success or 0 for failure.
+=head1 SEE ALSO
+L<ERR_get_error(3)|ERR_get_error(3)>, L<PKCS7_sign(3)|PKCS7_sign(3)>,
+L<PKCS7_verify(3)|PKCS7_verify(3)>, L<PKCS7_encrypt(3)|PKCS7_encrypt(3)>
+L<PKCS7_decrypt(3)|PKCS7_decrypt(3)>,
+L<SMIME_write_PKCS7(3)|SMIME_write_PKCS7(3)>,
+L<i2d_PKCS7_bio_stream(3)|i2d_PKCS7_bio_stream(3)>
+=head1 HISTORY
+PEM_write_bio_PKCS7_stream() was added to OpenSSL 1.0.0
+=cut
diff --git a/src/lib/libcrypto/doc/PKCS12_create.pod b/src/lib/libcrypto/doc/PKCS12_create.pod
new file mode 100644
index 0000000000..de7cab2bdf
--- /dev/null
+++ b/src/lib/libcrypto/doc/PKCS12_create.pod
@@ -0,0 +1,75 @@
+=pod
+=head1 NAME
+PKCS12_create - create a PKCS#12 structure
+=head1 SYNOPSIS
+ #include <openssl/pkcs12.h>
+ PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert, STACK_OF(X509) *ca,
+                                int nid_key, int nid_cert, int iter, int mac_iter, int keytype);
+=head1 DESCRIPTION
+PKCS12_create() creates a PKCS#12 structure.
+B<pass> is the passphrase to use. B<name> is the B<friendlyName> to use for
+the supplied certifictate and key. B<pkey> is the private key to include in
+the structure and B<cert> its corresponding certificates. B<ca>, if not B<NULL>
+is an optional set of certificates to also include in the structure.
+B<nid_key> and B<nid_cert> are the encryption algorithms that should be used
+for the key and certificate respectively. B<iter> is the encryption algorithm
+iteration count to use and B<mac_iter> is the MAC iteration count to use.
+B<keytype> is the type of key.
+=head1 NOTES
+The parameters B<nid_key>, B<nid_cert>, B<iter>, B<mac_iter> and B<keytype>
+can all be set to zero and sensible defaults will be used.
+These defaults are: 40 bit RC2 encryption for certificates, triple DES
+encryption for private keys, a key iteration count of PKCS12_DEFAULT_ITER
+(currently 2048) and a MAC iteration count of 1.
+The default MAC iteration count is 1 in order to retain compatibility with
+old software which did not interpret MAC iteration counts. If such compatibility
+is not required then B<mac_iter> should be set to PKCS12_DEFAULT_ITER.
+B<keytype> adds a flag to the store private key. This is a non standard extension
+that is only currently interpreted by MSIE. If set to zero the flag is omitted,
+if set to B<KEY_SIG> the key can be used for signing only, if set to B<KEY_EX>
+it can be used for signing and encryption. This option was useful for old
+export grade software which could use signing only keys of arbitrary size but
+had restrictions on the permissible sizes of keys which could be used for
+encryption.
+=head1 NEW FUNCTIONALITY IN OPENSSL 0.9.8
+Some additional functionality was added to PKCS12_create() in OpenSSL
+0.9.8. These extensions are detailed below.
+If a certificate contains an B<alias> or B<keyid> then this will be
+used for the corresponding B<friendlyName> or B<localKeyID> in the
+PKCS12 structure.
+Either B<pkey>, B<cert> or both can be B<NULL> to indicate that no key or
+certficate is required. In previous versions both had to be present or
+a fatal error is returned.
+B<nid_key> or B<nid_cert> can be set to -1 indicating that no encryption
+should be used. 
+B<mac_iter> can be set to -1 and the MAC will then be omitted entirely.
+=head1 SEE ALSO
+L<d2i_PKCS12(3)|d2i_PKCS12(3)>
+=head1 HISTORY
+PKCS12_create was added in OpenSSL 0.9.3
+=cut
diff --git a/src/lib/libcrypto/doc/PKCS12_parse.pod b/src/lib/libcrypto/doc/PKCS12_parse.pod
new file mode 100644
index 0000000000..c54cf2ad61
--- /dev/null
+++ b/src/lib/libcrypto/doc/PKCS12_parse.pod
@@ -0,0 +1,57 @@
+=pod
+=head1 NAME
+PKCS12_parse - parse a PKCS#12 structure
+=head1 SYNOPSIS
+ #include <openssl/pkcs12.h>
+int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca);
+=head1 DESCRIPTION
+PKCS12_parse() parses a PKCS12 structure.
+B<p12> is the B<PKCS12> structure to parse. B<pass> is the passphrase to use.
+If successful the private key will be written to B<*pkey>, the corresponding
+certificate to B<*cert> and any additional certificates to B<*ca>.
+=head1 NOTES
+The parameters B<pkey> and B<cert> cannot be B<NULL>. B<ca> can be <NULL> in
+which case additional certificates will be discarded. B<*ca> can also be a
+valid STACK in which case additional certificates are appended to B<*ca>. If
+B<*ca> is B<NULL> a new STACK will be allocated.
+The B<friendlyName> and B<localKeyID> attributes (if present) on each
+certificate will be stored in the B<alias> and B<keyid> attributes of the
+B<X509> structure.
+=head1 RETURN VALUES
+PKCS12_parse() returns 1 for success and zero if an error occurred.
+The error can be obtained from L<ERR_get_error(3)|ERR_get_error(3)>
+=head1 BUGS
+Only a single private key and corresponding certificate is returned by this
+function. More complex PKCS#12 files with multiple private keys will only
+return the first match.
+Only B<friendlyName> and B<localKeyID> attributes are currently stored in
+certificates. Other attributes are discarded.
+Attributes currently cannot be stored in the private key B<EVP_PKEY> structure.
+=head1 SEE ALSO
+L<d2i_PKCS12(3)|d2i_PKCS12(3)>
+=head1 HISTORY
+PKCS12_parse was added in OpenSSL 0.9.3
+=cut
diff --git a/src/lib/libcrypto/doc/PKCS7_decrypt.pod b/src/lib/libcrypto/doc/PKCS7_decrypt.pod
new file mode 100644
index 0000000000..325699d0b6
--- /dev/null
+++ b/src/lib/libcrypto/doc/PKCS7_decrypt.pod
@@ -0,0 +1,55 @@
+=pod
+=head1 NAME
+PKCS7_decrypt - decrypt content from a PKCS#7 envelopedData structure
+=head1 SYNOPSIS
+ #include <openssl/pkcs7.h>
+ int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags);
+=head1 DESCRIPTION
+PKCS7_decrypt() extracts and decrypts the content from a PKCS#7 envelopedData
+structure. B<pkey> is the private key of the recipient, B<cert> is the
+recipients certificate, B<data> is a BIO to write the content to and
+B<flags> is an optional set of flags.
+=head1 NOTES
+OpenSSL_add_all_algorithms() (or equivalent) should be called before using this
+function or errors about unknown algorithms will occur.
+Although the recipients certificate is not needed to decrypt the data it is needed
+to locate the appropriate (of possible several) recipients in the PKCS#7 structure.
+The following flags can be passed in the B<flags> parameter.
+If the B<PKCS7_TEXT> flag is set MIME headers for type B<text/plain> are deleted
+from the content. If the content is not of type B<text/plain> then an error is
+returned.
+=head1 RETURN VALUES
+PKCS7_decrypt() returns either 1 for success or 0 for failure.
+The error can be obtained from ERR_get_error(3)
+=head1 BUGS
+PKCS7_decrypt() must be passed the correct recipient key and certificate. It would
+be better if it could look up the correct key and certificate from a database.
+The lack of single pass processing and need to hold all data in memory as
+mentioned in PKCS7_sign() also applies to PKCS7_verify().
+=head1 SEE ALSO
+L<ERR_get_error(3)|ERR_get_error(3)>, L<PKCS7_encrypt(3)|PKCS7_encrypt(3)>
+=head1 HISTORY
+PKCS7_decrypt() was added to OpenSSL 0.9.5
+=cut
diff --git a/src/lib/libcrypto/doc/PKCS7_encrypt.pod b/src/lib/libcrypto/doc/PKCS7_encrypt.pod
new file mode 100644
index 0000000000..2cd925a7e0
--- /dev/null
+++ b/src/lib/libcrypto/doc/PKCS7_encrypt.pod
@@ -0,0 +1,80 @@
+=pod
+=head1 NAME
+PKCS7_encrypt - create a PKCS#7 envelopedData structure
+=head1 SYNOPSIS
+ #include <openssl/pkcs7.h>
+ PKCS7 *PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, const EVP_CIPHER *cipher, int flags);
+=head1 DESCRIPTION
+PKCS7_encrypt() creates and returns a PKCS#7 envelopedData structure. B<certs>
+is a list of recipient certificates. B<in> is the content to be encrypted.
+B<cipher> is the symmetric cipher to use. B<flags> is an optional set of flags.
+=head1 NOTES
+Only RSA keys are supported in PKCS#7 and envelopedData so the recipient
+certificates supplied to this function must all contain RSA public keys, though
+they do not have to be signed using the RSA algorithm.
+EVP_des_ede3_cbc() (triple DES) is the algorithm of choice for S/MIME use
+because most clients will support it.
+Some old "export grade" clients may only support weak encryption using 40 or 64
+bit RC2. These can be used by passing EVP_rc2_40_cbc() and EVP_rc2_64_cbc()
+respectively.
+The algorithm passed in the B<cipher> parameter must support ASN1 encoding of
+its parameters. 
+Many browsers implement a "sign and encrypt" option which is simply an S/MIME
+envelopedData containing an S/MIME signed message. This can be readily produced
+by storing the S/MIME signed message in a memory BIO and passing it to
+PKCS7_encrypt().
+The following flags can be passed in the B<flags> parameter.
+If the B<PKCS7_TEXT> flag is set MIME headers for type B<text/plain> are
+prepended to the data.
+Normally the supplied content is translated into MIME canonical format (as
+required by the S/MIME specifications) if B<PKCS7_BINARY> is set no translation
+occurs. This option should be used if the supplied data is in binary format
+otherwise the translation will corrupt it. If B<PKCS7_BINARY> is set then
+B<PKCS7_TEXT> is ignored.
+If the B<PKCS7_STREAM> flag is set a partial B<PKCS7> structure is output
+suitable for streaming I/O: no data is read from the BIO B<in>.
+=head1 NOTES
+If the flag B<PKCS7_STREAM> is set the returned B<PKCS7> structure is B<not>
+complete and outputting its contents via a function that does not
+properly finalize the B<PKCS7> structure will give unpredictable 
+results.
+Several functions including SMIME_write_PKCS7(), i2d_PKCS7_bio_stream(),
+PEM_write_bio_PKCS7_stream() finalize the structure. Alternatively finalization
+can be performed by obtaining the streaming ASN1 B<BIO> directly using
+BIO_new_PKCS7().
+=head1 RETURN VALUES
+PKCS7_encrypt() returns either a PKCS7 structure or NULL if an error occurred.
+The error can be obtained from ERR_get_error(3).
+=head1 SEE ALSO
+L<ERR_get_error(3)|ERR_get_error(3)>, L<PKCS7_decrypt(3)|PKCS7_decrypt(3)>
+=head1 HISTORY
+PKCS7_decrypt() was added to OpenSSL 0.9.5
+The B<PKCS7_STREAM> flag was first supported in OpenSSL 1.0.0.
+=cut
diff --git a/src/lib/libcrypto/doc/PKCS7_sign.pod b/src/lib/libcrypto/doc/PKCS7_sign.pod
new file mode 100644
index 0000000000..64a35144f8
--- /dev/null
+++ b/src/lib/libcrypto/doc/PKCS7_sign.pod
@@ -0,0 +1,116 @@
+=pod
+=head1 NAME
+PKCS7_sign - create a PKCS#7 signedData structure
+=head1 SYNOPSIS
+ #include <openssl/pkcs7.h>
+ PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, BIO *data, int flags);
+=head1 DESCRIPTION
+PKCS7_sign() creates and returns a PKCS#7 signedData structure. B<signcert> is
+the certificate to sign with, B<pkey> is the corresponsding private key.
+B<certs> is an optional additional set of certificates to include in the PKCS#7
+structure (for example any intermediate CAs in the chain). 
+The data to be signed is read from BIO B<data>.
+B<flags> is an optional set of flags.
+=head1 NOTES
+Any of the following flags (ored together) can be passed in the B<flags>
+parameter.
+Many S/MIME clients expect the signed content to include valid MIME headers. If
+the B<PKCS7_TEXT> flag is set MIME headers for type B<text/plain> are prepended
+to the data.
+If B<PKCS7_NOCERTS> is set the signer's certificate will not be included in the
+PKCS7 structure, the signer's certificate must still be supplied in the
+B<signcert> parameter though. This can reduce the size of the signature if the
+signers certificate can be obtained by other means: for example a previously
+signed message.
+The data being signed is included in the PKCS7 structure, unless
+B<PKCS7_DETACHED> is set in which case it is omitted. This is used for PKCS7
+detached signatures which are used in S/MIME plaintext signed messages for
+example.
+Normally the supplied content is translated into MIME canonical format (as
+required by the S/MIME specifications) if B<PKCS7_BINARY> is set no translation
+occurs. This option should be used if the supplied data is in binary format
+otherwise the translation will corrupt it.
+The signedData structure includes several PKCS#7 autenticatedAttributes
+including the signing time, the PKCS#7 content type and the supported list of
+ciphers in an SMIMECapabilities attribute. If B<PKCS7_NOATTR> is set then no
+authenticatedAttributes will be used. If B<PKCS7_NOSMIMECAP> is set then just
+the SMIMECapabilities are omitted.
+If present the SMIMECapabilities attribute indicates support for the following
+algorithms: triple DES, 128 bit RC2, 64 bit RC2, DES and 40 bit RC2. If any of
+these algorithms is disabled then it will not be included.
+If the flags B<PKCS7_STREAM> is set then the returned B<PKCS7> structure is
+just initialized ready to perform the signing operation. The signing is however
+B<not> performed and the data to be signed is not read from the B<data>
+parameter. Signing is deferred until after the data has been written. In this
+way data can be signed in a single pass.
+If the B<PKCS7_PARTIAL> flag is set a partial B<PKCS7> structure is output to
+which additional signers and capabilities can be added before finalization.
+=head1 NOTES
+If the flag B<PKCS7_STREAM> is set the returned B<PKCS7> structure is B<not>
+complete and outputting its contents via a function that does not properly
+finalize the B<PKCS7> structure will give unpredictable results.
+Several functions including SMIME_write_PKCS7(), i2d_PKCS7_bio_stream(),
+PEM_write_bio_PKCS7_stream() finalize the structure. Alternatively finalization
+can be performed by obtaining the streaming ASN1 B<BIO> directly using
+BIO_new_PKCS7().
+If a signer is specified it will use the default digest for the signing
+algorithm. This is B<SHA1> for both RSA and DSA keys.
+In OpenSSL 1.0.0 the B<certs>, B<signcert> and B<pkey> parameters can all be
+B<NULL> if the B<PKCS7_PARTIAL> flag is set. One or more signers can be added
+using the function B<PKCS7_sign_add_signer()>. B<PKCS7_final()> must also be
+called to finalize the structure if streaming is not enabled. Alternative
+signing digests can also be specified using this method.
+In OpenSSL 1.0.0 if B<signcert> and B<pkey> are NULL then a certificates only
+PKCS#7 structure is output.
+In versions of OpenSSL before 1.0.0 the B<signcert> and B<pkey> parameters must
+B<NOT> be NULL.
+=head1 BUGS
+Some advanced attributes such as counter signatures are not supported.
+=head1 RETURN VALUES
+PKCS7_sign() returns either a valid PKCS7 structure or NULL if an error
+occurred.  The error can be obtained from ERR_get_error(3).
+=head1 SEE ALSO
+L<ERR_get_error(3)|ERR_get_error(3)>, L<PKCS7_verify(3)|PKCS7_verify(3)>
+=head1 HISTORY
+PKCS7_sign() was added to OpenSSL 0.9.5
+The B<PKCS7_PARTIAL> flag was added in OpenSSL 1.0.0
+The B<PKCS7_STREAM> flag was added in OpenSSL 1.0.0
+=cut
diff --git a/src/lib/libcrypto/doc/PKCS7_sign_add_signer.pod b/src/lib/libcrypto/doc/PKCS7_sign_add_signer.pod
new file mode 100644
index 0000000000..ebec4d57de
--- /dev/null
+++ b/src/lib/libcrypto/doc/PKCS7_sign_add_signer.pod
@@ -0,0 +1,87 @@
+=pod
+=head1 NAME
+PKCS7_sign_add_signer - add a signer PKCS7 signed data structure.
+=head1 SYNOPSIS
+ #include <openssl/pkcs7.h>
+ PKCS7_SIGNER_INFO *PKCS7_sign_add_signer(PKCS7 *p7, X509 *signcert, EVP_PKEY *pkey, const EVP_MD *md, int flags);
+=head1 DESCRIPTION
+PKCS7_sign_add_signer() adds a signer with certificate B<signcert> and private
+key B<pkey> using message digest B<md> to a PKCS7 signed data structure
+B<p7>.
+The PKCS7 structure should be obtained from an initial call to PKCS7_sign()
+with the flag B<PKCS7_PARTIAL> set or in the case or re-signing a valid PKCS7
+signed data structure.
+If the B<md> parameter is B<NULL> then the default digest for the public
+key algorithm will be used.
+Unless the B<PKCS7_REUSE_DIGEST> flag is set the returned PKCS7 structure
+is not complete and must be finalized either by streaming (if applicable) or
+a call to PKCS7_final().
+=head1 NOTES
+The main purpose of this function is to provide finer control over a PKCS#7
+signed data structure where the simpler PKCS7_sign() function defaults are
+not appropriate. For example if multiple signers or non default digest
+algorithms are needed.
+Any of the following flags (ored together) can be passed in the B<flags>
+parameter.
+If B<PKCS7_REUSE_DIGEST> is set then an attempt is made to copy the content
+digest value from the PKCS7 struture: to add a signer to an existing structure.
+An error occurs if a matching digest value cannot be found to copy. The
+returned PKCS7 structure will be valid and finalized when this flag is set.
+If B<PKCS7_PARTIAL> is set in addition to B<PKCS7_REUSE_DIGEST> then the 
+B<PKCS7_SIGNER_INO> structure will not be finalized so additional attributes
+can be added. In this case an explicit call to PKCS7_SIGNER_INFO_sign() is
+needed to finalize it.
+If B<PKCS7_NOCERTS> is set the signer's certificate will not be included in the
+PKCS7 structure, the signer's certificate must still be supplied in the
+B<signcert> parameter though. This can reduce the size of the signature if the
+signers certificate can be obtained by other means: for example a previously
+signed message.
+The signedData structure includes several PKCS#7 autenticatedAttributes
+including the signing time, the PKCS#7 content type and the supported list of
+ciphers in an SMIMECapabilities attribute. If B<PKCS7_NOATTR> is set then no
+authenticatedAttributes will be used. If B<PKCS7_NOSMIMECAP> is set then just
+the SMIMECapabilities are omitted.
+If present the SMIMECapabilities attribute indicates support for the following
+algorithms: triple DES, 128 bit RC2, 64 bit RC2, DES and 40 bit RC2. If any of
+these algorithms is disabled then it will not be included.
+PKCS7_sign_add_signers() returns an internal pointer to the PKCS7_SIGNER_INFO
+structure just added, this can be used to set additional attributes 
+before it is finalized.
+=head1 RETURN VALUES
+PKCS7_sign_add_signers() returns an internal pointer to the PKCS7_SIGNER_INFO
+structure just added or NULL if an error occurs.
+=head1 SEE ALSO
+L<ERR_get_error(3)|ERR_get_error(3)>, L<PKCS7_sign(3)|PKCS7_sign(3)>,
+L<PKCS7_final(3)|PKCS7_final(3)>,
+=head1 HISTORY
+PPKCS7_sign_add_signer() was added to OpenSSL 1.0.0
+=cut
diff --git a/src/lib/libcrypto/doc/PKCS7_verify.pod b/src/lib/libcrypto/doc/PKCS7_verify.pod
new file mode 100644
index 0000000000..7c10a4cc3c
--- /dev/null
+++ b/src/lib/libcrypto/doc/PKCS7_verify.pod
@@ -0,0 +1,118 @@
+=pod
+=head1 NAME
+PKCS7_verify - verify a PKCS#7 signedData structure
+=head1 SYNOPSIS
+ #include <openssl/pkcs7.h>
+ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, BIO *indata, BIO *out, int flags);
+ STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, int flags);
+=head1 DESCRIPTION
+PKCS7_verify() verifies a PKCS#7 signedData structure. B<p7> is the PKCS7
+structure to verify. B<certs> is a set of certificates in which to search for
+the signer's certificate. B<store> is a trusted certficate store (used for
+chain verification). B<indata> is the signed data if the content is not
+present in B<p7> (that is it is detached). The content is written to B<out>
+if it is not NULL.
+B<flags> is an optional set of flags, which can be used to modify the verify
+operation.
+PKCS7_get0_signers() retrieves the signer's certificates from B<p7>, it does
+B<not> check their validity or whether any signatures are valid. The B<certs>
+and B<flags> parameters have the same meanings as in PKCS7_verify().
+=head1 VERIFY PROCESS
+Normally the verify process proceeds as follows.
+Initially some sanity checks are performed on B<p7>. The type of B<p7> must
+be signedData. There must be at least one signature on the data and if
+the content is detached B<indata> cannot be B<NULL>.
+An attempt is made to locate all the signer's certificates, first looking in
+the B<certs> parameter (if it is not B<NULL>) and then looking in any certificates
+contained in the B<p7> structure itself. If any signer's certificates cannot be
+located the operation fails.
+Each signer's certificate is chain verified using the B<smimesign> purpose and
+the supplied trusted certificate store. Any internal certificates in the message
+are used as untrusted CAs. If any chain verify fails an error code is returned.
+Finally the signed content is read (and written to B<out> is it is not NULL) and
+the signature's checked.
+If all signature's verify correctly then the function is successful.
+Any of the following flags (ored together) can be passed in the B<flags> parameter
+to change the default verify behaviour. Only the flag B<PKCS7_NOINTERN> is
+meaningful to PKCS7_get0_signers().
+If B<PKCS7_NOINTERN> is set the certificates in the message itself are not 
+searched when locating the signer's certificate. This means that all the signers
+certificates must be in the B<certs> parameter.
+If the B<PKCS7_TEXT> flag is set MIME headers for type B<text/plain> are deleted
+from the content. If the content is not of type B<text/plain> then an error is
+returned.
+If B<PKCS7_NOVERIFY> is set the signer's certificates are not chain verified.
+If B<PKCS7_NOCHAIN> is set then the certificates contained in the message are
+not used as untrusted CAs. This means that the whole verify chain (apart from
+the signer's certificate) must be contained in the trusted store.
+If B<PKCS7_NOSIGS> is set then the signatures on the data are not checked.
+=head1 NOTES
+One application of B<PKCS7_NOINTERN> is to only accept messages signed by
+a small number of certificates. The acceptable certificates would be passed
+in the B<certs> parameter. In this case if the signer is not one of the
+certificates supplied in B<certs> then the verify will fail because the
+signer cannot be found.
+Care should be taken when modifying the default verify behaviour, for example
+setting B<PKCS7_NOVERIFY|PKCS7_NOSIGS> will totally disable all verification 
+and any signed message will be considered valid. This combination is however
+useful if one merely wishes to write the content to B<out> and its validity
+is not considered important.
+Chain verification should arguably be performed  using the signing time rather
+than the current time. However since the signing time is supplied by the
+signer it cannot be trusted without additional evidence (such as a trusted
+timestamp).
+=head1 RETURN VALUES
+PKCS7_verify() returns 1 for a successful verification and zero or a negative
+value if an error occurs.
+PKCS7_get0_signers() returns all signers or B<NULL> if an error occurred.
+The error can be obtained from L<ERR_get_error(3)|ERR_get_error(3)>
+=head1 BUGS
+The trusted certificate store is not searched for the signers certificate,
+this is primarily due to the inadequacies of the current B<X509_STORE>
+functionality.
+The lack of single pass processing and need to hold all data in memory as
+mentioned in PKCS7_sign() also applies to PKCS7_verify().
+=head1 SEE ALSO
+L<ERR_get_error(3)|ERR_get_error(3)>, L<PKCS7_sign(3)|PKCS7_sign(3)>
+=head1 HISTORY
+PKCS7_verify() was added to OpenSSL 0.9.5
+=cut
diff --git a/src/lib/libcrypto/doc/RAND_add.pod b/src/lib/libcrypto/doc/RAND_add.pod
new file mode 100644
index 0000000000..67c66f3e0c
--- /dev/null
+++ b/src/lib/libcrypto/doc/RAND_add.pod
@@ -0,0 +1,77 @@
+=pod
+=head1 NAME
+RAND_add, RAND_seed, RAND_status, RAND_event, RAND_screen - add
+entropy to the PRNG
+=head1 SYNOPSIS
+ #include <openssl/rand.h>
+ void RAND_seed(const void *buf, int num);
+ void RAND_add(const void *buf, int num, double entropy);
+ int  RAND_status(void);
+ int  RAND_event(UINT iMsg, WPARAM wParam, LPARAM lParam);
+ void RAND_screen(void);
+=head1 DESCRIPTION
+RAND_add() mixes the B<num> bytes at B<buf> into the PRNG state. Thus,
+if the data at B<buf> are unpredictable to an adversary, this
+increases the uncertainty about the state and makes the PRNG output
+less predictable. Suitable input comes from user interaction (random
+key presses, mouse movements) and certain hardware events. The
+B<entropy> argument is (the lower bound of) an estimate of how much
+randomness is contained in B<buf>, measured in bytes. Details about
+sources of randomness and how to estimate their entropy can be found
+in the literature, e.g. RFC 1750.
+RAND_add() may be called with sensitive data such as user entered
+passwords. The seed values cannot be recovered from the PRNG output.
+OpenSSL makes sure that the PRNG state is unique for each thread. On
+systems that provide C</dev/urandom>, the randomness device is used
+to seed the PRNG transparently. However, on all other systems, the
+application is responsible for seeding the PRNG by calling RAND_add(),
+L<RAND_egd(3)|RAND_egd(3)>
+or L<RAND_load_file(3)|RAND_load_file(3)>.
+RAND_seed() is equivalent to RAND_add() when B<num == entropy>.
+RAND_event() collects the entropy from Windows events such as mouse
+movements and other user interaction. It should be called with the
+B<iMsg>, B<wParam> and B<lParam> arguments of I<all> messages sent to
+the window procedure. It will estimate the entropy contained in the
+event message (if any), and add it to the PRNG. The program can then
+process the messages as usual.
+The RAND_screen() function is available for the convenience of Windows
+programmers. It adds the current contents of the screen to the PRNG.
+For applications that can catch Windows events, seeding the PRNG by
+calling RAND_event() is a significantly better source of
+randomness. It should be noted that both methods cannot be used on
+servers that run without user interaction.
+=head1 RETURN VALUES
+RAND_status() and RAND_event() return 1 if the PRNG has been seeded
+with enough data, 0 otherwise.
+The other functions do not return values.
+=head1 SEE ALSO
+L<rand(3)|rand(3)>, L<RAND_egd(3)|RAND_egd(3)>,
+L<RAND_load_file(3)|RAND_load_file(3)>, L<RAND_cleanup(3)|RAND_cleanup(3)>
+=head1 HISTORY
+RAND_seed() and RAND_screen() are available in all versions of SSLeay
+and OpenSSL. RAND_add() and RAND_status() have been added in OpenSSL
+0.9.5, RAND_event() in OpenSSL 0.9.5a.
+=cut
diff --git a/src/lib/libcrypto/doc/RAND_bytes.pod b/src/lib/libcrypto/doc/RAND_bytes.pod
new file mode 100644
index 0000000000..1a9b91e281
--- /dev/null
+++ b/src/lib/libcrypto/doc/RAND_bytes.pod
@@ -0,0 +1,50 @@
+=pod
+=head1 NAME
+RAND_bytes, RAND_pseudo_bytes - generate random data
+=head1 SYNOPSIS
+ #include <openssl/rand.h>
+ int RAND_bytes(unsigned char *buf, int num);
+ int RAND_pseudo_bytes(unsigned char *buf, int num);
+=head1 DESCRIPTION
+RAND_bytes() puts B<num> cryptographically strong pseudo-random bytes
+into B<buf>. An error occurs if the PRNG has not been seeded with
+enough randomness to ensure an unpredictable byte sequence.
+RAND_pseudo_bytes() puts B<num> pseudo-random bytes into B<buf>.
+Pseudo-random byte sequences generated by RAND_pseudo_bytes() will be
+unique if they are of sufficient length, but are not necessarily
+unpredictable. They can be used for non-cryptographic purposes and for
+certain purposes in cryptographic protocols, but usually not for key
+generation etc.
+The contents of B<buf> is mixed into the entropy pool before retrieving
+the new pseudo-random bytes unless disabled at compile time (see FAQ).
+=head1 RETURN VALUES
+RAND_bytes() returns 1 on success, 0 otherwise. The error code can be
+obtained by L<ERR_get_error(3)|ERR_get_error(3)>. RAND_pseudo_bytes() returns 1 if the
+bytes generated are cryptographically strong, 0 otherwise. Both
+functions return -1 if they are not supported by the current RAND
+method.
+=head1 SEE ALSO
+L<rand(3)|rand(3)>, L<ERR_get_error(3)|ERR_get_error(3)>,
+L<RAND_add(3)|RAND_add(3)>
+=head1 HISTORY
+RAND_bytes() is available in all versions of SSLeay and OpenSSL.  It
+has a return value since OpenSSL 0.9.5. RAND_pseudo_bytes() was added
+in OpenSSL 0.9.5.
+=cut
diff --git a/src/lib/libcrypto/doc/RAND_cleanup.pod b/src/lib/libcrypto/doc/RAND_cleanup.pod
new file mode 100644
index 0000000000..3a8f0749a8
--- /dev/null
+++ b/src/lib/libcrypto/doc/RAND_cleanup.pod
@@ -0,0 +1,29 @@
+=pod
+=head1 NAME
+RAND_cleanup - erase the PRNG state
+=head1 SYNOPSIS
+ #include <openssl/rand.h>
+ void RAND_cleanup(void);
+=head1 DESCRIPTION
+RAND_cleanup() erases the memory used by the PRNG.
+=head1 RETURN VALUE
+RAND_cleanup() returns no value.
+=head1 SEE ALSO
+L<rand(3)|rand(3)>
+=head1 HISTORY
+RAND_cleanup() is available in all versions of SSLeay and OpenSSL.
+=cut
diff --git a/src/lib/libcrypto/doc/RAND_load_file.pod b/src/lib/libcrypto/doc/RAND_load_file.pod
new file mode 100644
index 0000000000..d8c134e621
--- /dev/null
+++ b/src/lib/libcrypto/doc/RAND_load_file.pod
@@ -0,0 +1,53 @@
+=pod
+=head1 NAME
+RAND_load_file, RAND_write_file, RAND_file_name - PRNG seed file
+=head1 SYNOPSIS
+ #include <openssl/rand.h>
+ const char *RAND_file_name(char *buf, size_t num);
+ int RAND_load_file(const char *filename, long max_bytes);
+ int RAND_write_file(const char *filename);
+=head1 DESCRIPTION
+RAND_file_name() generates a default path for the random seed
+file. B<buf> points to a buffer of size B<num> in which to store the
+filename. The seed file is $RANDFILE if that environment variable is
+set, $HOME/.rnd otherwise. If $HOME is not set either, or B<num> is
+too small for the path name, an error occurs.
+RAND_load_file() reads a number of bytes from file B<filename> and
+adds them to the PRNG. If B<max_bytes> is non-negative,
+up to to B<max_bytes> are read; starting with OpenSSL 0.9.5,
+if B<max_bytes> is -1, the complete file is read.
+RAND_write_file() writes a number of random bytes (currently 1024) to
+file B<filename> which can be used to initialize the PRNG by calling
+RAND_load_file() in a later session.
+=head1 RETURN VALUES
+RAND_load_file() returns the number of bytes read.
+RAND_write_file() returns the number of bytes written, and -1 if the
+bytes written were generated without appropriate seed.
+RAND_file_name() returns a pointer to B<buf> on success, and NULL on
+error.
+=head1 SEE ALSO
+L<rand(3)|rand(3)>, L<RAND_add(3)|RAND_add(3)>, L<RAND_cleanup(3)|RAND_cleanup(3)>
+=head1 HISTORY
+RAND_load_file(), RAND_write_file() and RAND_file_name() are available in
+all versions of SSLeay and OpenSSL.
+=cut
diff --git a/src/lib/libcrypto/doc/RAND_set_rand_method.pod b/src/lib/libcrypto/doc/RAND_set_rand_method.pod
new file mode 100644
index 0000000000..e5b780fad0
--- /dev/null
+++ b/src/lib/libcrypto/doc/RAND_set_rand_method.pod
@@ -0,0 +1,83 @@
+=pod
+=head1 NAME
+RAND_set_rand_method, RAND_get_rand_method, RAND_SSLeay - select RAND method
+=head1 SYNOPSIS
+ #include <openssl/rand.h>
+ void RAND_set_rand_method(const RAND_METHOD *meth);
+ const RAND_METHOD *RAND_get_rand_method(void);
+ RAND_METHOD *RAND_SSLeay(void);
+=head1 DESCRIPTION
+A B<RAND_METHOD> specifies the functions that OpenSSL uses for random number
+generation. By modifying the method, alternative implementations such as
+hardware RNGs may be used. IMPORTANT: See the NOTES section for important
+information about how these RAND API functions are affected by the use of
+B<ENGINE> API calls.
+Initially, the default RAND_METHOD is the OpenSSL internal implementation, as
+returned by RAND_SSLeay().
+RAND_set_default_method() makes B<meth> the method for PRNG use. B<NB>: This is
+true only whilst no ENGINE has been set as a default for RAND, so this function
+is no longer recommended.
+RAND_get_default_method() returns a pointer to the current RAND_METHOD.
+However, the meaningfulness of this result is dependent on whether the ENGINE
+API is being used, so this function is no longer recommended.
+=head1 THE RAND_METHOD STRUCTURE
+ typedef struct rand_meth_st
+ {
+        void (*seed)(const void *buf, int num);
+        int (*bytes)(unsigned char *buf, int num);
+        void (*cleanup)(void);
+        void (*add)(const void *buf, int num, int entropy);
+        int (*pseudorand)(unsigned char *buf, int num);
+        int (*status)(void);
+ } RAND_METHOD;
+The components point to the implementation of RAND_seed(),
+RAND_bytes(), RAND_cleanup(), RAND_add(), RAND_pseudo_rand()
+and RAND_status().
+Each component may be NULL if the function is not implemented.
+=head1 RETURN VALUES
+RAND_set_rand_method() returns no value. RAND_get_rand_method() and
+RAND_SSLeay() return pointers to the respective methods.
+=head1 NOTES
+As of version 0.9.7, RAND_METHOD implementations are grouped together with other
+algorithmic APIs (eg. RSA_METHOD, EVP_CIPHER, etc) in B<ENGINE> modules. If a
+default ENGINE is specified for RAND functionality using an ENGINE API function,
+that will override any RAND defaults set using the RAND API (ie.
+RAND_set_rand_method()). For this reason, the ENGINE API is the recommended way
+to control default implementations for use in RAND and other cryptographic
+algorithms.
+=head1 SEE ALSO
+L<rand(3)|rand(3)>, L<engine(3)|engine(3)>
+=head1 HISTORY
+RAND_set_rand_method(), RAND_get_rand_method() and RAND_SSLeay() are
+available in all versions of OpenSSL.
+In the engine version of version 0.9.6, RAND_set_rand_method() was altered to
+take an ENGINE pointer as its argument. As of version 0.9.7, that has been
+reverted as the ENGINE API transparently overrides RAND defaults if used,
+otherwise RAND API functions work as before. RAND_set_rand_engine() was also
+introduced in version 0.9.7.
+=cut
diff --git a/src/lib/libcrypto/doc/RSA_blinding_on.pod b/src/lib/libcrypto/doc/RSA_blinding_on.pod
new file mode 100644
index 0000000000..fd2c69abd8
--- /dev/null
+++ b/src/lib/libcrypto/doc/RSA_blinding_on.pod
@@ -0,0 +1,43 @@
+=pod
+=head1 NAME
+RSA_blinding_on, RSA_blinding_off - protect the RSA operation from timing attacks
+=head1 SYNOPSIS
+ #include <openssl/rsa.h>
+ int RSA_blinding_on(RSA *rsa, BN_CTX *ctx);
+ void RSA_blinding_off(RSA *rsa);
+=head1 DESCRIPTION
+RSA is vulnerable to timing attacks. In a setup where attackers can
+measure the time of RSA decryption or signature operations, blinding
+must be used to protect the RSA operation from that attack.
+RSA_blinding_on() turns blinding on for key B<rsa> and generates a
+random blinding factor. B<ctx> is B<NULL> or a pre-allocated and
+initialized B<BN_CTX>. The random number generator must be seeded
+prior to calling RSA_blinding_on().
+RSA_blinding_off() turns blinding off and frees the memory used for
+the blinding factor.
+=head1 RETURN VALUES
+RSA_blinding_on() returns 1 on success, and 0 if an error occurred.
+RSA_blinding_off() returns no value.
+=head1 SEE ALSO
+L<rsa(3)|rsa(3)>, L<rand(3)|rand(3)>
+=head1 HISTORY
+RSA_blinding_on() and RSA_blinding_off() appeared in SSLeay 0.9.0.
+=cut
diff --git a/src/lib/libcrypto/doc/RSA_check_key.pod b/src/lib/libcrypto/doc/RSA_check_key.pod
new file mode 100644
index 0000000000..a5198f3db5
--- /dev/null
+++ b/src/lib/libcrypto/doc/RSA_check_key.pod
@@ -0,0 +1,67 @@
+=pod
+=head1 NAME
+RSA_check_key - validate private RSA keys
+=head1 SYNOPSIS
+ #include <openssl/rsa.h>
+ int RSA_check_key(RSA *rsa);
+=head1 DESCRIPTION
+This function validates RSA keys. It checks that B<p> and B<q> are
+in fact prime, and that B<n = p*q>.
+It also checks that B<d*e = 1 mod (p-1*q-1)>,
+and that B<dmp1>, B<dmq1> and B<iqmp> are set correctly or are B<NULL>.
+As such, this function can not be used with any arbitrary RSA key object,
+even if it is otherwise fit for regular RSA operation. See B<NOTES> for more
+information.
+=head1 RETURN VALUE
+RSA_check_key() returns 1 if B<rsa> is a valid RSA key, and 0 otherwise.
+-1 is returned if an error occurs while checking the key.
+If the key is invalid or an error occurred, the reason code can be
+obtained using L<ERR_get_error(3)|ERR_get_error(3)>.
+=head1 NOTES
+This function does not work on RSA public keys that have only the modulus
+and public exponent elements populated. It performs integrity checks on all
+the RSA key material, so the RSA key structure must contain all the private
+key data too.
+Unlike most other RSA functions, this function does B<not> work
+transparently with any underlying ENGINE implementation because it uses the
+key data in the RSA structure directly. An ENGINE implementation can
+override the way key data is stored and handled, and can even provide
+support for HSM keys - in which case the RSA structure may contain B<no>
+key data at all! If the ENGINE in question is only being used for
+acceleration or analysis purposes, then in all likelihood the RSA key data
+is complete and untouched, but this can't be assumed in the general case.
+=head1 BUGS
+A method of verifying the RSA key using opaque RSA API functions might need
+to be considered. Right now RSA_check_key() simply uses the RSA structure
+elements directly, bypassing the RSA_METHOD table altogether (and
+completely violating encapsulation and object-orientation in the process).
+The best fix will probably be to introduce a "check_key()" handler to the
+RSA_METHOD function table so that alternative implementations can also
+provide their own verifiers.
+=head1 SEE ALSO
+L<rsa(3)|rsa(3)>, L<ERR_get_error(3)|ERR_get_error(3)>
+=head1 HISTORY
+RSA_check_key() appeared in OpenSSL 0.9.4.
+=cut
diff --git a/src/lib/libcrypto/doc/RSA_generate_key.pod b/src/lib/libcrypto/doc/RSA_generate_key.pod
new file mode 100644
index 0000000000..52dbb14a53
--- /dev/null
+++ b/src/lib/libcrypto/doc/RSA_generate_key.pod
@@ -0,0 +1,69 @@
+=pod
+=head1 NAME
+RSA_generate_key - generate RSA key pair
+=head1 SYNOPSIS
+ #include <openssl/rsa.h>
+ RSA *RSA_generate_key(int num, unsigned long e,
+    void (*callback)(int,int,void *), void *cb_arg);
+=head1 DESCRIPTION
+RSA_generate_key() generates a key pair and returns it in a newly
+allocated B<RSA> structure. The pseudo-random number generator must
+be seeded prior to calling RSA_generate_key().
+The modulus size will be B<num> bits, and the public exponent will be
+B<e>. Key sizes with B<num> E<lt> 1024 should be considered insecure.
+The exponent is an odd number, typically 3, 17 or 65537.
+A callback function may be used to provide feedback about the
+progress of the key generation. If B<callback> is not B<NULL>, it
+will be called as follows:
+=over 4
+=item *
+While a random prime number is generated, it is called as
+described in L<BN_generate_prime(3)|BN_generate_prime(3)>.
+=item *
+When the n-th randomly generated prime is rejected as not
+suitable for the key, B<callback(2, n, cb_arg)> is called.
+=item *
+When a random p has been found with p-1 relatively prime to B<e>,
+it is called as B<callback(3, 0, cb_arg)>.
+=back
+The process is then repeated for prime q with B<callback(3, 1, cb_arg)>.
+=head1 RETURN VALUE
+If key generation fails, RSA_generate_key() returns B<NULL>; the
+error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
+=head1 BUGS
+B<callback(2, x, cb_arg)> is used with two different meanings.
+RSA_generate_key() goes into an infinite loop for illegal input values.
+=head1 SEE ALSO
+L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>, L<rsa(3)|rsa(3)>,
+L<RSA_free(3)|RSA_free(3)>
+=head1 HISTORY
+The B<cb_arg> argument was added in SSLeay 0.9.0.
+=cut
diff --git a/src/lib/libcrypto/doc/RSA_get_ex_new_index.pod b/src/lib/libcrypto/doc/RSA_get_ex_new_index.pod
new file mode 100644
index 0000000000..7d0fd1f91d
--- /dev/null
+++ b/src/lib/libcrypto/doc/RSA_get_ex_new_index.pod
@@ -0,0 +1,120 @@
+=pod
+=head1 NAME
+RSA_get_ex_new_index, RSA_set_ex_data, RSA_get_ex_data - add application specific data to RSA structures
+=head1 SYNOPSIS
+ #include <openssl/rsa.h>
+ int RSA_get_ex_new_index(long argl, void *argp,
+                CRYPTO_EX_new *new_func,
+                CRYPTO_EX_dup *dup_func,
+                CRYPTO_EX_free *free_func);
+ int RSA_set_ex_data(RSA *r, int idx, void *arg);
+ void *RSA_get_ex_data(RSA *r, int idx);
+ typedef int CRYPTO_EX_new(void *parent, void *ptr, CRYPTO_EX_DATA *ad,
+                           int idx, long argl, void *argp);
+ typedef void CRYPTO_EX_free(void *parent, void *ptr, CRYPTO_EX_DATA *ad,
+                             int idx, long argl, void *argp);
+ typedef int CRYPTO_EX_dup(CRYPTO_EX_DATA *to, CRYPTO_EX_DATA *from, void *from_d,
+                           int idx, long argl, void *argp);
+=head1 DESCRIPTION
+Several OpenSSL structures can have application specific data attached to them.
+This has several potential uses, it can be used to cache data associated with
+a structure (for example the hash of some part of the structure) or some
+additional data (for example a handle to the data in an external library).
+Since the application data can be anything at all it is passed and retrieved
+as a B<void *> type.
+The B<RSA_get_ex_new_index()> function is initially called to "register" some
+new application specific data. It takes three optional function pointers which
+are called when the parent structure (in this case an RSA structure) is
+initially created, when it is copied and when it is freed up. If any or all of
+these function pointer arguments are not used they should be set to NULL. The
+precise manner in which these function pointers are called is described in more
+detail below. B<RSA_get_ex_new_index()> also takes additional long and pointer
+parameters which will be passed to the supplied functions but which otherwise
+have no special meaning. It returns an B<index> which should be stored
+(typically in a static variable) and passed used in the B<idx> parameter in
+the remaining functions. Each successful call to B<RSA_get_ex_new_index()>
+will return an index greater than any previously returned, this is important
+because the optional functions are called in order of increasing index value.
+B<RSA_set_ex_data()> is used to set application specific data, the data is
+supplied in the B<arg> parameter and its precise meaning is up to the
+application.
+B<RSA_get_ex_data()> is used to retrieve application specific data. The data
+is returned to the application, this will be the same value as supplied to
+a previous B<RSA_set_ex_data()> call.
+B<new_func()> is called when a structure is initially allocated (for example
+with B<RSA_new()>. The parent structure members will not have any meaningful
+values at this point. This function will typically be used to allocate any
+application specific structure.
+B<free_func()> is called when a structure is being freed up. The dynamic parent
+structure members should not be accessed because they will be freed up when
+this function is called.
+B<new_func()> and B<free_func()> take the same parameters. B<parent> is a
+pointer to the parent RSA structure. B<ptr> is a the application specific data
+(this wont be of much use in B<new_func()>. B<ad> is a pointer to the
+B<CRYPTO_EX_DATA> structure from the parent RSA structure: the functions
+B<CRYPTO_get_ex_data()> and B<CRYPTO_set_ex_data()> can be called to manipulate
+it. The B<idx> parameter is the index: this will be the same value returned by
+B<RSA_get_ex_new_index()> when the functions were initially registered. Finally
+the B<argl> and B<argp> parameters are the values originally passed to the same
+corresponding parameters when B<RSA_get_ex_new_index()> was called.
+B<dup_func()> is called when a structure is being copied. Pointers to the
+destination and source B<CRYPTO_EX_DATA> structures are passed in the B<to> and
+B<from> parameters respectively. The B<from_d> parameter is passed a pointer to
+the source application data when the function is called, when the function returns
+the value is copied to the destination: the application can thus modify the data
+pointed to by B<from_d> and have different values in the source and destination.
+The B<idx>, B<argl> and B<argp> parameters are the same as those in B<new_func()>
+and B<free_func()>.
+=head1 RETURN VALUES
+B<RSA_get_ex_new_index()> returns a new index or -1 on failure (note 0 is a valid
+index value).
+B<RSA_set_ex_data()> returns 1 on success or 0 on failure.
+B<RSA_get_ex_data()> returns the application data or 0 on failure. 0 may also
+be valid application data but currently it can only fail if given an invalid B<idx>
+parameter.
+B<new_func()> and B<dup_func()> should return 0 for failure and 1 for success.
+On failure an error code can be obtained from L<ERR_get_error(3)|ERR_get_error(3)>.
+=head1 BUGS
+B<dup_func()> is currently never called.
+The return value of B<new_func()> is ignored.
+The B<new_func()> function isn't very useful because no meaningful values are
+present in the parent RSA structure when it is called.
+=head1 SEE ALSO
+L<rsa(3)|rsa(3)>, L<CRYPTO_set_ex_data(3)|CRYPTO_set_ex_data(3)>
+=head1 HISTORY
+RSA_get_ex_new_index(), RSA_set_ex_data() and RSA_get_ex_data() are
+available since SSLeay 0.9.0.
+=cut
diff --git a/src/lib/libcrypto/doc/RSA_new.pod b/src/lib/libcrypto/doc/RSA_new.pod
new file mode 100644
index 0000000000..3d15b92824
--- /dev/null
+++ b/src/lib/libcrypto/doc/RSA_new.pod
@@ -0,0 +1,41 @@
+=pod
+=head1 NAME
+RSA_new, RSA_free - allocate and free RSA objects
+=head1 SYNOPSIS
+ #include <openssl/rsa.h>
+ RSA * RSA_new(void);
+ void RSA_free(RSA *rsa);
+=head1 DESCRIPTION
+RSA_new() allocates and initializes an B<RSA> structure. It is equivalent to
+calling RSA_new_method(NULL).
+RSA_free() frees the B<RSA> structure and its components. The key is
+erased before the memory is returned to the system.
+=head1 RETURN VALUES
+If the allocation fails, RSA_new() returns B<NULL> and sets an error
+code that can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>. Otherwise it returns
+a pointer to the newly allocated structure.
+RSA_free() returns no value.
+=head1 SEE ALSO
+L<ERR_get_error(3)|ERR_get_error(3)>, L<rsa(3)|rsa(3)>,
+L<RSA_generate_key(3)|RSA_generate_key(3)>,
+L<RSA_new_method(3)|RSA_new_method(3)>
+=head1 HISTORY
+RSA_new() and RSA_free() are available in all versions of SSLeay and OpenSSL.
+=cut
diff --git a/src/lib/libcrypto/doc/RSA_padding_add_PKCS1_type_1.pod b/src/lib/libcrypto/doc/RSA_padding_add_PKCS1_type_1.pod
new file mode 100644
index 0000000000..b8f678fe72
--- /dev/null
+++ b/src/lib/libcrypto/doc/RSA_padding_add_PKCS1_type_1.pod
@@ -0,0 +1,124 @@
+=pod
+=head1 NAME
+RSA_padding_add_PKCS1_type_1, RSA_padding_check_PKCS1_type_1,
+RSA_padding_add_PKCS1_type_2, RSA_padding_check_PKCS1_type_2,
+RSA_padding_add_PKCS1_OAEP, RSA_padding_check_PKCS1_OAEP,
+RSA_padding_add_SSLv23, RSA_padding_check_SSLv23,
+RSA_padding_add_none, RSA_padding_check_none - asymmetric encryption
+padding
+=head1 SYNOPSIS
+ #include <openssl/rsa.h>
+ int RSA_padding_add_PKCS1_type_1(unsigned char *to, int tlen,
+    unsigned char *f, int fl);
+ int RSA_padding_check_PKCS1_type_1(unsigned char *to, int tlen,
+    unsigned char *f, int fl, int rsa_len);
+ int RSA_padding_add_PKCS1_type_2(unsigned char *to, int tlen,
+    unsigned char *f, int fl);
+ int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen,
+    unsigned char *f, int fl, int rsa_len);
+ int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen,
+    unsigned char *f, int fl, unsigned char *p, int pl);
+ int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen,
+    unsigned char *f, int fl, int rsa_len, unsigned char *p, int pl);
+ int RSA_padding_add_SSLv23(unsigned char *to, int tlen,
+    unsigned char *f, int fl);
+ int RSA_padding_check_SSLv23(unsigned char *to, int tlen,
+    unsigned char *f, int fl, int rsa_len);
+ int RSA_padding_add_none(unsigned char *to, int tlen,
+    unsigned char *f, int fl);
+ int RSA_padding_check_none(unsigned char *to, int tlen,
+    unsigned char *f, int fl, int rsa_len);
+=head1 DESCRIPTION
+The RSA_padding_xxx_xxx() functions are called from the RSA encrypt,
+decrypt, sign and verify functions. Normally they should not be called
+from application programs.
+However, they can also be called directly to implement padding for other
+asymmetric ciphers. RSA_padding_add_PKCS1_OAEP() and
+RSA_padding_check_PKCS1_OAEP() may be used in an application combined
+with B<RSA_NO_PADDING> in order to implement OAEP with an encoding
+parameter.
+RSA_padding_add_xxx() encodes B<fl> bytes from B<f> so as to fit into
+B<tlen> bytes and stores the result at B<to>. An error occurs if B<fl>
+does not meet the size requirements of the encoding method.
+The following encoding methods are implemented:
+=over 4
+=item PKCS1_type_1
+PKCS #1 v2.0 EMSA-PKCS1-v1_5 (PKCS #1 v1.5 block type 1); used for signatures
+=item PKCS1_type_2
+PKCS #1 v2.0 EME-PKCS1-v1_5 (PKCS #1 v1.5 block type 2)
+=item PKCS1_OAEP
+PKCS #1 v2.0 EME-OAEP
+=item SSLv23
+PKCS #1 EME-PKCS1-v1_5 with SSL-specific modification
+=item none
+simply copy the data
+=back
+The random number generator must be seeded prior to calling
+RSA_padding_add_xxx().
+RSA_padding_check_xxx() verifies that the B<fl> bytes at B<f> contain
+a valid encoding for a B<rsa_len> byte RSA key in the respective
+encoding method and stores the recovered data of at most B<tlen> bytes
+(for B<RSA_NO_PADDING>: of size B<tlen>)
+at B<to>.
+For RSA_padding_xxx_OAEP(), B<p> points to the encoding parameter
+of length B<pl>. B<p> may be B<NULL> if B<pl> is 0.
+=head1 RETURN VALUES
+The RSA_padding_add_xxx() functions return 1 on success, 0 on error.
+The RSA_padding_check_xxx() functions return the length of the
+recovered data, -1 on error. Error codes can be obtained by calling
+L<ERR_get_error(3)|ERR_get_error(3)>.
+=head1 SEE ALSO
+L<RSA_public_encrypt(3)|RSA_public_encrypt(3)>,
+L<RSA_private_decrypt(3)|RSA_private_decrypt(3)>,
+L<RSA_sign(3)|RSA_sign(3)>, L<RSA_verify(3)|RSA_verify(3)>
+=head1 HISTORY
+RSA_padding_add_PKCS1_type_1(), RSA_padding_check_PKCS1_type_1(),
+RSA_padding_add_PKCS1_type_2(), RSA_padding_check_PKCS1_type_2(),
+RSA_padding_add_SSLv23(), RSA_padding_check_SSLv23(),
+RSA_padding_add_none() and RSA_padding_check_none() appeared in
+SSLeay 0.9.0.
+RSA_padding_add_PKCS1_OAEP() and RSA_padding_check_PKCS1_OAEP() were
+added in OpenSSL 0.9.2b.
+=cut
diff --git a/src/lib/libcrypto/doc/RSA_print.pod b/src/lib/libcrypto/doc/RSA_print.pod
new file mode 100644
index 0000000000..c971e91f4d
--- /dev/null
+++ b/src/lib/libcrypto/doc/RSA_print.pod
@@ -0,0 +1,49 @@
+=pod
+=head1 NAME
+RSA_print, RSA_print_fp,
+DSAparams_print, DSAparams_print_fp, DSA_print, DSA_print_fp,
+DHparams_print, DHparams_print_fp - print cryptographic parameters
+=head1 SYNOPSIS
+ #include <openssl/rsa.h>
+ int RSA_print(BIO *bp, RSA *x, int offset);
+ int RSA_print_fp(FILE *fp, RSA *x, int offset);
+ #include <openssl/dsa.h>
+ int DSAparams_print(BIO *bp, DSA *x);
+ int DSAparams_print_fp(FILE *fp, DSA *x);
+ int DSA_print(BIO *bp, DSA *x, int offset);
+ int DSA_print_fp(FILE *fp, DSA *x, int offset);
+ #include <openssl/dh.h>
+ int DHparams_print(BIO *bp, DH *x);
+ int DHparams_print_fp(FILE *fp, DH *x);
+=head1 DESCRIPTION
+A human-readable hexadecimal output of the components of the RSA
+key, DSA parameters or key or DH parameters is printed to B<bp> or B<fp>.
+The output lines are indented by B<offset> spaces.
+=head1 RETURN VALUES
+These functions return 1 on success, 0 on error.
+=head1 SEE ALSO
+L<dh(3)|dh(3)>, L<dsa(3)|dsa(3)>, L<rsa(3)|rsa(3)>, L<BN_bn2bin(3)|BN_bn2bin(3)>
+=head1 HISTORY
+RSA_print(), RSA_print_fp(), DSA_print(), DSA_print_fp(), DH_print(),
+DH_print_fp() are available in all versions of SSLeay and OpenSSL.
+DSAparams_print() and DSAparams_print_fp() were added in SSLeay 0.8.
+=cut
diff --git a/src/lib/libcrypto/doc/RSA_private_encrypt.pod b/src/lib/libcrypto/doc/RSA_private_encrypt.pod
new file mode 100644
index 0000000000..746a80c79e
--- /dev/null
+++ b/src/lib/libcrypto/doc/RSA_private_encrypt.pod
@@ -0,0 +1,70 @@
+=pod
+=head1 NAME
+RSA_private_encrypt, RSA_public_decrypt - low level signature operations
+=head1 SYNOPSIS
+ #include <openssl/rsa.h>
+ int RSA_private_encrypt(int flen, unsigned char *from,
+    unsigned char *to, RSA *rsa, int padding);
+ int RSA_public_decrypt(int flen, unsigned char *from, 
+    unsigned char *to, RSA *rsa, int padding);
+=head1 DESCRIPTION
+These functions handle RSA signatures at a low level.
+RSA_private_encrypt() signs the B<flen> bytes at B<from> (usually a
+message digest with an algorithm identifier) using the private key
+B<rsa> and stores the signature in B<to>. B<to> must point to
+B<RSA_size(rsa)> bytes of memory.
+B<padding> denotes one of the following modes:
+=over 4
+=item RSA_PKCS1_PADDING
+PKCS #1 v1.5 padding. This function does not handle the
+B<algorithmIdentifier> specified in PKCS #1. When generating or
+verifying PKCS #1 signatures, L<RSA_sign(3)|RSA_sign(3)> and L<RSA_verify(3)|RSA_verify(3)> should be
+used.
+=item RSA_NO_PADDING
+Raw RSA signature. This mode should I<only> be used to implement
+cryptographically sound padding modes in the application code.
+Signing user data directly with RSA is insecure.
+=back
+RSA_public_decrypt() recovers the message digest from the B<flen>
+bytes long signature at B<from> using the signer's public key
+B<rsa>. B<to> must point to a memory section large enough to hold the
+message digest (which is smaller than B<RSA_size(rsa) -
+11>). B<padding> is the padding mode that was used to sign the data.
+=head1 RETURN VALUES
+RSA_private_encrypt() returns the size of the signature (i.e.,
+RSA_size(rsa)). RSA_public_decrypt() returns the size of the
+recovered message digest.
+On error, -1 is returned; the error codes can be
+obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
+=head1 SEE ALSO
+L<ERR_get_error(3)|ERR_get_error(3)>, L<rsa(3)|rsa(3)>,
+L<RSA_sign(3)|RSA_sign(3)>, L<RSA_verify(3)|RSA_verify(3)>
+=head1 HISTORY
+The B<padding> argument was added in SSLeay 0.8. RSA_NO_PADDING is
+available since SSLeay 0.9.0.
+=cut
diff --git a/src/lib/libcrypto/doc/RSA_public_encrypt.pod b/src/lib/libcrypto/doc/RSA_public_encrypt.pod
new file mode 100644
index 0000000000..ab0fe3b2cd
--- /dev/null
+++ b/src/lib/libcrypto/doc/RSA_public_encrypt.pod
@@ -0,0 +1,84 @@
+=pod
+=head1 NAME
+RSA_public_encrypt, RSA_private_decrypt - RSA public key cryptography
+=head1 SYNOPSIS
+ #include <openssl/rsa.h>
+ int RSA_public_encrypt(int flen, unsigned char *from,
+    unsigned char *to, RSA *rsa, int padding);
+ int RSA_private_decrypt(int flen, unsigned char *from,
+     unsigned char *to, RSA *rsa, int padding);
+=head1 DESCRIPTION
+RSA_public_encrypt() encrypts the B<flen> bytes at B<from> (usually a
+session key) using the public key B<rsa> and stores the ciphertext in
+B<to>. B<to> must point to RSA_size(B<rsa>) bytes of memory.
+B<padding> denotes one of the following modes:
+=over 4
+=item RSA_PKCS1_PADDING
+PKCS #1 v1.5 padding. This currently is the most widely used mode.
+=item RSA_PKCS1_OAEP_PADDING
+EME-OAEP as defined in PKCS #1 v2.0 with SHA-1, MGF1 and an empty
+encoding parameter. This mode is recommended for all new applications.
+=item RSA_SSLV23_PADDING
+PKCS #1 v1.5 padding with an SSL-specific modification that denotes
+that the server is SSL3 capable.
+=item RSA_NO_PADDING
+Raw RSA encryption. This mode should I<only> be used to implement
+cryptographically sound padding modes in the application code.
+Encrypting user data directly with RSA is insecure.
+=back
+B<flen> must be less than RSA_size(B<rsa>) - 11 for the PKCS #1 v1.5
+based padding modes, less than RSA_size(B<rsa>) - 41 for
+RSA_PKCS1_OAEP_PADDING and exactly RSA_size(B<rsa>) for RSA_NO_PADDING.
+The random number generator must be seeded prior to calling
+RSA_public_encrypt().
+RSA_private_decrypt() decrypts the B<flen> bytes at B<from> using the
+private key B<rsa> and stores the plaintext in B<to>. B<to> must point
+to a memory section large enough to hold the decrypted data (which is
+smaller than RSA_size(B<rsa>)). B<padding> is the padding mode that
+was used to encrypt the data.
+=head1 RETURN VALUES
+RSA_public_encrypt() returns the size of the encrypted data (i.e.,
+RSA_size(B<rsa>)). RSA_private_decrypt() returns the size of the
+recovered plaintext.
+On error, -1 is returned; the error codes can be
+obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
+=head1 CONFORMING TO
+SSL, PKCS #1 v2.0
+=head1 SEE ALSO
+L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>, L<rsa(3)|rsa(3)>,
+L<RSA_size(3)|RSA_size(3)>
+=head1 HISTORY
+The B<padding> argument was added in SSLeay 0.8. RSA_NO_PADDING is
+available since SSLeay 0.9.0, OAEP was added in OpenSSL 0.9.2b.
+=cut
diff --git a/src/lib/libcrypto/doc/RSA_set_method.pod b/src/lib/libcrypto/doc/RSA_set_method.pod
new file mode 100644
index 0000000000..2c963d7e5b
--- /dev/null
+++ b/src/lib/libcrypto/doc/RSA_set_method.pod
@@ -0,0 +1,202 @@
+=pod
+=head1 NAME
+RSA_set_default_method, RSA_get_default_method, RSA_set_method,
+RSA_get_method, RSA_PKCS1_SSLeay, RSA_null_method, RSA_flags,
+RSA_new_method - select RSA method
+=head1 SYNOPSIS
+ #include <openssl/rsa.h>
+ void RSA_set_default_method(const RSA_METHOD *meth);
+ RSA_METHOD *RSA_get_default_method(void);
+ int RSA_set_method(RSA *rsa, const RSA_METHOD *meth);
+ RSA_METHOD *RSA_get_method(const RSA *rsa);
+ RSA_METHOD *RSA_PKCS1_SSLeay(void);
+ RSA_METHOD *RSA_null_method(void);
+ int RSA_flags(const RSA *rsa);
+ RSA *RSA_new_method(RSA_METHOD *method);
+=head1 DESCRIPTION
+An B<RSA_METHOD> specifies the functions that OpenSSL uses for RSA
+operations. By modifying the method, alternative implementations such as
+hardware accelerators may be used. IMPORTANT: See the NOTES section for
+important information about how these RSA API functions are affected by the
+use of B<ENGINE> API calls.
+Initially, the default RSA_METHOD is the OpenSSL internal implementation,
+as returned by RSA_PKCS1_SSLeay().
+RSA_set_default_method() makes B<meth> the default method for all RSA
+structures created later. B<NB>: This is true only whilst no ENGINE has
+been set as a default for RSA, so this function is no longer recommended.
+RSA_get_default_method() returns a pointer to the current default
+RSA_METHOD. However, the meaningfulness of this result is dependent on
+whether the ENGINE API is being used, so this function is no longer 
+recommended.
+RSA_set_method() selects B<meth> to perform all operations using the key
+B<rsa>. This will replace the RSA_METHOD used by the RSA key and if the
+previous method was supplied by an ENGINE, the handle to that ENGINE will
+be released during the change. It is possible to have RSA keys that only
+work with certain RSA_METHOD implementations (eg. from an ENGINE module
+that supports embedded hardware-protected keys), and in such cases
+attempting to change the RSA_METHOD for the key can have unexpected
+results.
+RSA_get_method() returns a pointer to the RSA_METHOD being used by B<rsa>.
+This method may or may not be supplied by an ENGINE implementation, but if
+it is, the return value can only be guaranteed to be valid as long as the
+RSA key itself is valid and does not have its implementation changed by
+RSA_set_method().
+RSA_flags() returns the B<flags> that are set for B<rsa>'s current
+RSA_METHOD. See the BUGS section.
+RSA_new_method() allocates and initializes an RSA structure so that
+B<engine> will be used for the RSA operations. If B<engine> is NULL, the
+default ENGINE for RSA operations is used, and if no default ENGINE is set,
+the RSA_METHOD controlled by RSA_set_default_method() is used.
+RSA_flags() returns the B<flags> that are set for B<rsa>'s current method.
+RSA_new_method() allocates and initializes an B<RSA> structure so that
+B<method> will be used for the RSA operations. If B<method> is B<NULL>,
+the default method is used.
+=head1 THE RSA_METHOD STRUCTURE
+ typedef struct rsa_meth_st
+ {
+     /* name of the implementation */
+        const char *name;
+     /* encrypt */
+        int (*rsa_pub_enc)(int flen, unsigned char *from,
+          unsigned char *to, RSA *rsa, int padding);
+     /* verify arbitrary data */
+        int (*rsa_pub_dec)(int flen, unsigned char *from,
+          unsigned char *to, RSA *rsa, int padding);
+     /* sign arbitrary data */
+        int (*rsa_priv_enc)(int flen, unsigned char *from,
+          unsigned char *to, RSA *rsa, int padding);
+     /* decrypt */
+        int (*rsa_priv_dec)(int flen, unsigned char *from,
+          unsigned char *to, RSA *rsa, int padding);
+     /* compute r0 = r0 ^ I mod rsa->n (May be NULL for some
+                                        implementations) */
+        int (*rsa_mod_exp)(BIGNUM *r0, BIGNUM *I, RSA *rsa);
+     /* compute r = a ^ p mod m (May be NULL for some implementations) */
+        int (*bn_mod_exp)(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
+          const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+     /* called at RSA_new */
+        int (*init)(RSA *rsa);
+     /* called at RSA_free */
+        int (*finish)(RSA *rsa);
+     /* RSA_FLAG_EXT_PKEY        - rsa_mod_exp is called for private key
+      *                            operations, even if p,q,dmp1,dmq1,iqmp
+      *                            are NULL
+      * RSA_FLAG_SIGN_VER        - enable rsa_sign and rsa_verify
+      * RSA_METHOD_FLAG_NO_CHECK - don't check pub/private match
+      */
+        int flags;
+        char *app_data; /* ?? */
+     /* sign. For backward compatibility, this is used only
+      * if (flags & RSA_FLAG_SIGN_VER)
+      */
+        int (*rsa_sign)(int type, unsigned char *m, unsigned int m_len,
+           unsigned char *sigret, unsigned int *siglen, RSA *rsa);
+     /* verify. For backward compatibility, this is used only
+      * if (flags & RSA_FLAG_SIGN_VER)
+      */
+        int (*rsa_verify)(int type, unsigned char *m, unsigned int m_len,
+           unsigned char *sigbuf, unsigned int siglen, RSA *rsa);
+ } RSA_METHOD;
+=head1 RETURN VALUES
+RSA_PKCS1_SSLeay(), RSA_PKCS1_null_method(), RSA_get_default_method()
+and RSA_get_method() return pointers to the respective RSA_METHODs.
+RSA_set_default_method() returns no value.
+RSA_set_method() returns a pointer to the old RSA_METHOD implementation
+that was replaced. However, this return value should probably be ignored
+because if it was supplied by an ENGINE, the pointer could be invalidated
+at any time if the ENGINE is unloaded (in fact it could be unloaded as a
+result of the RSA_set_method() function releasing its handle to the
+ENGINE). For this reason, the return type may be replaced with a B<void>
+declaration in a future release.
+RSA_new_method() returns NULL and sets an error code that can be obtained
+by L<ERR_get_error(3)|ERR_get_error(3)> if the allocation fails. Otherwise
+it returns a pointer to the newly allocated structure.
+=head1 NOTES
+As of version 0.9.7, RSA_METHOD implementations are grouped together with
+other algorithmic APIs (eg. DSA_METHOD, EVP_CIPHER, etc) into B<ENGINE>
+modules. If a default ENGINE is specified for RSA functionality using an
+ENGINE API function, that will override any RSA defaults set using the RSA
+API (ie.  RSA_set_default_method()). For this reason, the ENGINE API is the
+recommended way to control default implementations for use in RSA and other
+cryptographic algorithms.
+=head1 BUGS
+The behaviour of RSA_flags() is a mis-feature that is left as-is for now
+to avoid creating compatibility problems. RSA functionality, such as the
+encryption functions, are controlled by the B<flags> value in the RSA key
+itself, not by the B<flags> value in the RSA_METHOD attached to the RSA key
+(which is what this function returns). If the flags element of an RSA key
+is changed, the changes will be honoured by RSA functionality but will not
+be reflected in the return value of the RSA_flags() function - in effect
+RSA_flags() behaves more like an RSA_default_flags() function (which does
+not currently exist).
+=head1 SEE ALSO
+L<rsa(3)|rsa(3)>, L<RSA_new(3)|RSA_new(3)>
+=head1 HISTORY
+RSA_new_method() and RSA_set_default_method() appeared in SSLeay 0.8.
+RSA_get_default_method(), RSA_set_method() and RSA_get_method() as
+well as the rsa_sign and rsa_verify components of RSA_METHOD were
+added in OpenSSL 0.9.4.
+RSA_set_default_openssl_method() and RSA_get_default_openssl_method()
+replaced RSA_set_default_method() and RSA_get_default_method()
+respectively, and RSA_set_method() and RSA_new_method() were altered to use
+B<ENGINE>s rather than B<RSA_METHOD>s during development of the engine
+version of OpenSSL 0.9.6. For 0.9.7, the handling of defaults in the ENGINE
+API was restructured so that this change was reversed, and behaviour of the
+other functions resembled more closely the previous behaviour. The
+behaviour of defaults in the ENGINE API now transparently overrides the
+behaviour of defaults in the RSA API without requiring changing these
+function prototypes.
+=cut
diff --git a/src/lib/libcrypto/doc/RSA_sign.pod b/src/lib/libcrypto/doc/RSA_sign.pod
new file mode 100644
index 0000000000..8553be8e99
--- /dev/null
+++ b/src/lib/libcrypto/doc/RSA_sign.pod
@@ -0,0 +1,62 @@
+=pod
+=head1 NAME
+RSA_sign, RSA_verify - RSA signatures
+=head1 SYNOPSIS
+ #include <openssl/rsa.h>
+ int RSA_sign(int type, const unsigned char *m, unsigned int m_len,
+    unsigned char *sigret, unsigned int *siglen, RSA *rsa);
+ int RSA_verify(int type, const unsigned char *m, unsigned int m_len,
+    unsigned char *sigbuf, unsigned int siglen, RSA *rsa);
+=head1 DESCRIPTION
+RSA_sign() signs the message digest B<m> of size B<m_len> using the
+private key B<rsa> as specified in PKCS #1 v2.0. It stores the
+signature in B<sigret> and the signature size in B<siglen>. B<sigret>
+must point to RSA_size(B<rsa>) bytes of memory.
+B<type> denotes the message digest algorithm that was used to generate
+B<m>. It usually is one of B<NID_sha1>, B<NID_ripemd160> and B<NID_md5>;
+see L<objects(3)|objects(3)> for details. If B<type> is B<NID_md5_sha1>,
+an SSL signature (MD5 and SHA1 message digests with PKCS #1 padding
+and no algorithm identifier) is created.
+RSA_verify() verifies that the signature B<sigbuf> of size B<siglen>
+matches a given message digest B<m> of size B<m_len>. B<type> denotes
+the message digest algorithm that was used to generate the signature.
+B<rsa> is the signer's public key.
+=head1 RETURN VALUES
+RSA_sign() returns 1 on success, 0 otherwise.  RSA_verify() returns 1
+on successful verification, 0 otherwise.
+The error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
+=head1 BUGS
+Certain signatures with an improper algorithm identifier are accepted
+for compatibility with SSLeay 0.4.5 :-)
+=head1 CONFORMING TO
+SSL, PKCS #1 v2.0
+=head1 SEE ALSO
+L<ERR_get_error(3)|ERR_get_error(3)>, L<objects(3)|objects(3)>,
+L<rsa(3)|rsa(3)>, L<RSA_private_encrypt(3)|RSA_private_encrypt(3)>,
+L<RSA_public_decrypt(3)|RSA_public_decrypt(3)> 
+=head1 HISTORY
+RSA_sign() and RSA_verify() are available in all versions of SSLeay
+and OpenSSL.
+=cut
diff --git a/src/lib/libcrypto/doc/RSA_sign_ASN1_OCTET_STRING.pod b/src/lib/libcrypto/doc/RSA_sign_ASN1_OCTET_STRING.pod
new file mode 100644
index 0000000000..e70380bbfc
--- /dev/null
+++ b/src/lib/libcrypto/doc/RSA_sign_ASN1_OCTET_STRING.pod
@@ -0,0 +1,59 @@
+=pod
+=head1 NAME
+RSA_sign_ASN1_OCTET_STRING, RSA_verify_ASN1_OCTET_STRING - RSA signatures
+=head1 SYNOPSIS
+ #include <openssl/rsa.h>
+ int RSA_sign_ASN1_OCTET_STRING(int dummy, unsigned char *m,
+    unsigned int m_len, unsigned char *sigret, unsigned int *siglen,
+    RSA *rsa);
+ int RSA_verify_ASN1_OCTET_STRING(int dummy, unsigned char *m,
+    unsigned int m_len, unsigned char *sigbuf, unsigned int siglen,
+    RSA *rsa);
+=head1 DESCRIPTION
+RSA_sign_ASN1_OCTET_STRING() signs the octet string B<m> of size
+B<m_len> using the private key B<rsa> represented in DER using PKCS #1
+padding. It stores the signature in B<sigret> and the signature size
+in B<siglen>. B<sigret> must point to B<RSA_size(rsa)> bytes of
+memory.
+B<dummy> is ignored.
+The random number generator must be seeded prior to calling RSA_sign_ASN1_OCTET_STRING().
+RSA_verify_ASN1_OCTET_STRING() verifies that the signature B<sigbuf>
+of size B<siglen> is the DER representation of a given octet string
+B<m> of size B<m_len>. B<dummy> is ignored. B<rsa> is the signer's
+public key.
+=head1 RETURN VALUES
+RSA_sign_ASN1_OCTET_STRING() returns 1 on success, 0 otherwise.
+RSA_verify_ASN1_OCTET_STRING() returns 1 on successful verification, 0
+otherwise.
+The error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
+=head1 BUGS
+These functions serve no recognizable purpose.
+=head1 SEE ALSO
+L<ERR_get_error(3)|ERR_get_error(3)>, L<objects(3)|objects(3)>,
+L<rand(3)|rand(3)>, L<rsa(3)|rsa(3)>, L<RSA_sign(3)|RSA_sign(3)>,
+L<RSA_verify(3)|RSA_verify(3)>
+=head1 HISTORY
+RSA_sign_ASN1_OCTET_STRING() and RSA_verify_ASN1_OCTET_STRING() were
+added in SSLeay 0.8.
+=cut
diff --git a/src/lib/libcrypto/doc/RSA_size.pod b/src/lib/libcrypto/doc/RSA_size.pod
new file mode 100644
index 0000000000..5b7f835f95
--- /dev/null
+++ b/src/lib/libcrypto/doc/RSA_size.pod
@@ -0,0 +1,33 @@
+=pod
+=head1 NAME
+RSA_size - get RSA modulus size
+=head1 SYNOPSIS
+ #include <openssl/rsa.h>
+ int RSA_size(const RSA *rsa);
+=head1 DESCRIPTION
+This function returns the RSA modulus size in bytes. It can be used to
+determine how much memory must be allocated for an RSA encrypted
+value.
+B<rsa-E<gt>n> must not be B<NULL>.
+=head1 RETURN VALUE
+The size in bytes.
+=head1 SEE ALSO
+L<rsa(3)|rsa(3)>
+=head1 HISTORY
+RSA_size() is available in all versions of SSLeay and OpenSSL.
+=cut
diff --git a/src/lib/libcrypto/doc/SMIME_read_CMS.pod b/src/lib/libcrypto/doc/SMIME_read_CMS.pod
new file mode 100644
index 0000000000..acc5524c14
--- /dev/null
+++ b/src/lib/libcrypto/doc/SMIME_read_CMS.pod
@@ -0,0 +1,70 @@
+=pod
+=head1 NAME
+ SMIME_read_CMS - parse S/MIME message.
+=head1 SYNOPSIS
+ #include <openssl/cms.h>
+ CMS_ContentInfo *SMIME_read_CMS(BIO *in, BIO **bcont);
+=head1 DESCRIPTION
+SMIME_read_CMS() parses a message in S/MIME format.
+B<in> is a BIO to read the message from.
+If cleartext signing is used then the content is saved in a memory bio which is
+written to B<*bcont>, otherwise B<*bcont> is set to NULL.
+The parsed CMS_ContentInfo structure is returned or NULL if an
+error occurred.
+=head1 NOTES
+If B<*bcont> is not NULL then the message is clear text signed. B<*bcont> can
+then be passed to CMS_verify() with the B<CMS_DETACHED> flag set.
+Otherwise the type of the returned structure can be determined
+using CMS_get0_type().
+To support future functionality if B<bcont> is not NULL B<*bcont> should be
+initialized to NULL. For example:
+ BIO *cont = NULL;
+ CMS_ContentInfo *cms;
+ cms = SMIME_read_CMS(in, &cont);
+=head1 BUGS
+The MIME parser used by SMIME_read_CMS() is somewhat primitive.  While it will
+handle most S/MIME messages more complex compound formats may not work.
+The parser assumes that the CMS_ContentInfo structure is always base64 encoded
+and will not handle the case where it is in binary format or uses quoted
+printable format.
+The use of a memory BIO to hold the signed content limits the size of message
+which can be processed due to memory restraints: a streaming single pass option
+should be available.
+=head1 RETURN VALUES
+SMIME_read_CMS() returns a valid B<CMS_ContentInfo> structure or B<NULL>
+if an error occurred. The error can be obtained from ERR_get_error(3).
+=head1 SEE ALSO
+L<ERR_get_error(3)|ERR_get_error(3)>, L<CMS_type(3)|CMS_type(3)>
+L<SMIME_read_CMS(3)|SMIME_read_CMS(3)>, L<CMS_sign(3)|CMS_sign(3)>,
+L<CMS_verify(3)|CMS_verify(3)>, L<CMS_encrypt(3)|CMS_encrypt(3)>
+L<CMS_decrypt(3)|CMS_decrypt(3)>
+=head1 HISTORY
+SMIME_read_CMS() was added to OpenSSL 0.9.8
+=cut
diff --git a/src/lib/libcrypto/doc/SMIME_read_PKCS7.pod b/src/lib/libcrypto/doc/SMIME_read_PKCS7.pod
new file mode 100644
index 0000000000..9d46715941
--- /dev/null
+++ b/src/lib/libcrypto/doc/SMIME_read_PKCS7.pod
@@ -0,0 +1,73 @@
+=pod
+=head1 NAME
+SMIME_read_PKCS7 - parse S/MIME message.
+=head1 SYNOPSIS
+ #include <openssl/pkcs7.h>
+ PKCS7 *SMIME_read_PKCS7(BIO *in, BIO **bcont);
+=head1 DESCRIPTION
+SMIME_read_PKCS7() parses a message in S/MIME format.
+B<in> is a BIO to read the message from.
+If cleartext signing is used then the content is saved in
+a memory bio which is written to B<*bcont>, otherwise
+B<*bcont> is set to B<NULL>.
+The parsed PKCS#7 structure is returned or B<NULL> if an
+error occurred.
+=head1 NOTES
+If B<*bcont> is not B<NULL> then the message is clear text
+signed. B<*bcont> can then be passed to PKCS7_verify() with
+the B<PKCS7_DETACHED> flag set.
+Otherwise the type of the returned structure can be determined
+using PKCS7_type().
+To support future functionality if B<bcont> is not B<NULL>
+B<*bcont> should be initialized to B<NULL>. For example:
+ BIO *cont = NULL;
+ PKCS7 *p7;
+ p7 = SMIME_read_PKCS7(in, &cont);
+=head1 BUGS
+The MIME parser used by SMIME_read_PKCS7() is somewhat primitive.
+While it will handle most S/MIME messages more complex compound
+formats may not work.
+The parser assumes that the PKCS7 structure is always base64
+encoded and will not handle the case where it is in binary format
+or uses quoted printable format.
+The use of a memory BIO to hold the signed content limits the size
+of message which can be processed due to memory restraints: a
+streaming single pass option should be available.
+=head1 RETURN VALUES
+SMIME_read_PKCS7() returns a valid B<PKCS7> structure or B<NULL>
+is an error occurred. The error can be obtained from ERR_get_error(3).
+=head1 SEE ALSO
+L<ERR_get_error(3)|ERR_get_error(3)>, L<PKCS7_type(3)|PKCS7_type(3)>
+L<SMIME_read_PKCS7(3)|SMIME_read_PKCS7(3)>, L<PKCS7_sign(3)|PKCS7_sign(3)>,
+L<PKCS7_verify(3)|PKCS7_verify(3)>, L<PKCS7_encrypt(3)|PKCS7_encrypt(3)>
+L<PKCS7_decrypt(3)|PKCS7_decrypt(3)>
+=head1 HISTORY
+SMIME_read_PKCS7() was added to OpenSSL 0.9.5
+=cut
diff --git a/src/lib/libcrypto/doc/SMIME_write_CMS.pod b/src/lib/libcrypto/doc/SMIME_write_CMS.pod
new file mode 100644
index 0000000000..04bedfb429
--- /dev/null
+++ b/src/lib/libcrypto/doc/SMIME_write_CMS.pod
@@ -0,0 +1,64 @@
+=pod
+=head1 NAME
+ SMIME_write_CMS - convert CMS structure to S/MIME format.
+=head1 SYNOPSIS
+ #include <openssl/cms.h>
+ int SMIME_write_CMS(BIO *out, CMS_ContentInfo *cms, BIO *data, int flags);
+=head1 DESCRIPTION
+SMIME_write_CMS() adds the appropriate MIME headers to a CMS
+structure to produce an S/MIME message.
+B<out> is the BIO to write the data to. B<cms> is the appropriate
+B<CMS_ContentInfo> structure. If streaming is enabled then the content must be
+supplied in the B<data> argument. B<flags> is an optional set of flags.
+=head1 NOTES
+The following flags can be passed in the B<flags> parameter.
+If B<CMS_DETACHED> is set then cleartext signing will be used, this option only
+makes sense for SignedData where B<CMS_DETACHED> is also set when CMS_sign() is
+called.
+If the B<CMS_TEXT> flag is set MIME headers for type B<text/plain> are added to
+the content, this only makes sense if B<CMS_DETACHED> is also set.
+If the B<CMS_STREAM> flag is set streaming is performed. This flag should only
+be set if B<CMS_STREAM> was also set in the previous call to a CMS_ContentInfo
+creation function.
+If cleartext signing is being used and B<CMS_STREAM> not set then the data must
+be read twice: once to compute the signature in CMS_sign() and once to output
+the S/MIME message.
+If streaming is performed the content is output in BER format using indefinite
+length constructed encoding except in the case of signed data with detached
+content where the content is absent and DER format is used.
+=head1 BUGS
+SMIME_write_CMS() always base64 encodes CMS structures, there should be an
+option to disable this.
+=head1 RETURN VALUES
+SMIME_write_CMS() returns 1 for success or 0 for failure.
+=head1 SEE ALSO
+L<ERR_get_error(3)|ERR_get_error(3)>, L<CMS_sign(3)|CMS_sign(3)>,
+L<CMS_verify(3)|CMS_verify(3)>, L<CMS_encrypt(3)|CMS_encrypt(3)>
+L<CMS_decrypt(3)|CMS_decrypt(3)>
+=head1 HISTORY
+SMIME_write_CMS() was added to OpenSSL 0.9.8
+=cut
diff --git a/src/lib/libcrypto/doc/SMIME_write_PKCS7.pod b/src/lib/libcrypto/doc/SMIME_write_PKCS7.pod
new file mode 100644
index 0000000000..ca6bd02763
--- /dev/null
+++ b/src/lib/libcrypto/doc/SMIME_write_PKCS7.pod
@@ -0,0 +1,65 @@
+=pod
+=head1 NAME
+SMIME_write_PKCS7 - convert PKCS#7 structure to S/MIME format.
+=head1 SYNOPSIS
+ #include <openssl/pkcs7.h>
+ int SMIME_write_PKCS7(BIO *out, PKCS7 *p7, BIO *data, int flags);
+=head1 DESCRIPTION
+SMIME_write_PKCS7() adds the appropriate MIME headers to a PKCS#7
+structure to produce an S/MIME message.
+B<out> is the BIO to write the data to. B<p7> is the appropriate B<PKCS7>
+structure. If streaming is enabled then the content must be supplied in the
+B<data> argument. B<flags> is an optional set of flags.
+=head1 NOTES
+The following flags can be passed in the B<flags> parameter.
+If B<PKCS7_DETACHED> is set then cleartext signing will be used,
+this option only makes sense for signedData where B<PKCS7_DETACHED>
+is also set when PKCS7_sign() is also called.
+If the B<PKCS7_TEXT> flag is set MIME headers for type B<text/plain>
+are added to the content, this only makes sense if B<PKCS7_DETACHED>
+is also set.
+If the B<PKCS7_STREAM> flag is set streaming is performed. This flag should
+only be set if B<PKCS7_STREAM> was also set in the previous call to
+PKCS7_sign() or B<PKCS7_encrypt()>.
+If cleartext signing is being used and B<PKCS7_STREAM> not set then
+the data must be read twice: once to compute the signature in PKCS7_sign()
+and once to output the S/MIME message.
+If streaming is performed the content is output in BER format using indefinite
+length constructuted encoding except in the case of signed data with detached
+content where the content is absent and DER format is used.
+=head1 BUGS
+SMIME_write_PKCS7() always base64 encodes PKCS#7 structures, there
+should be an option to disable this.
+=head1 RETURN VALUES
+SMIME_write_PKCS7() returns 1 for success or 0 for failure.
+=head1 SEE ALSO
+L<ERR_get_error(3)|ERR_get_error(3)>, L<PKCS7_sign(3)|PKCS7_sign(3)>,
+L<PKCS7_verify(3)|PKCS7_verify(3)>, L<PKCS7_encrypt(3)|PKCS7_encrypt(3)>
+L<PKCS7_decrypt(3)|PKCS7_decrypt(3)>
+=head1 HISTORY
+SMIME_write_PKCS7() was added to OpenSSL 0.9.5
+=cut
diff --git a/src/lib/libcrypto/doc/X509_NAME_ENTRY_get_object.pod b/src/lib/libcrypto/doc/X509_NAME_ENTRY_get_object.pod
new file mode 100644
index 0000000000..41902c0d45
--- /dev/null
+++ b/src/lib/libcrypto/doc/X509_NAME_ENTRY_get_object.pod
@@ -0,0 +1,74 @@
+=pod
+=head1 NAME
+X509_NAME_ENTRY_get_object, X509_NAME_ENTRY_get_data,
+X509_NAME_ENTRY_set_object, X509_NAME_ENTRY_set_data,
+X509_NAME_ENTRY_create_by_txt, X509_NAME_ENTRY_create_by_NID,
+X509_NAME_ENTRY_create_by_OBJ - X509_NAME_ENTRY utility functions
+=head1 SYNOPSIS
+ #include <openssl/x509.h>
+ ASN1_OBJECT * X509_NAME_ENTRY_get_object(X509_NAME_ENTRY *ne);
+ ASN1_STRING * X509_NAME_ENTRY_get_data(X509_NAME_ENTRY *ne);
+ int X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *ne, ASN1_OBJECT *obj);
+ int X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type, const unsigned char *bytes, int len);
+ X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_txt(X509_NAME_ENTRY **ne, const char *field, int type, const unsigned char *bytes, int len);
+ X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(X509_NAME_ENTRY **ne, int nid, int type,unsigned char *bytes, int len);
+ X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne, ASN1_OBJECT *obj, int type, const unsigned char *bytes, int len);
+=head1 DESCRIPTION
+X509_NAME_ENTRY_get_object() retrieves the field name of B<ne> in
+and B<ASN1_OBJECT> structure.
+X509_NAME_ENTRY_get_data() retrieves the field value of B<ne> in
+and B<ASN1_STRING> structure.
+X509_NAME_ENTRY_set_object() sets the field name of B<ne> to B<obj>.
+X509_NAME_ENTRY_set_data() sets the field value of B<ne> to string type
+B<type> and value determined by B<bytes> and B<len>.
+X509_NAME_ENTRY_create_by_txt(), X509_NAME_ENTRY_create_by_NID()
+and X509_NAME_ENTRY_create_by_OBJ() create and return an 
+B<X509_NAME_ENTRY> structure.
+=head1 NOTES
+X509_NAME_ENTRY_get_object() and X509_NAME_ENTRY_get_data() can be
+used to examine an B<X509_NAME_ENTRY> function as returned by 
+X509_NAME_get_entry() for example.
+X509_NAME_ENTRY_create_by_txt(), X509_NAME_ENTRY_create_by_NID(),
+and X509_NAME_ENTRY_create_by_OBJ() create and return an 
+X509_NAME_ENTRY_create_by_txt(), X509_NAME_ENTRY_create_by_OBJ(),
+X509_NAME_ENTRY_create_by_NID() and X509_NAME_ENTRY_set_data()
+are seldom used in practice because B<X509_NAME_ENTRY> structures
+are almost always part of B<X509_NAME> structures and the
+corresponding B<X509_NAME> functions are typically used to
+create and add new entries in a single operation.
+The arguments of these functions support similar options to the similarly
+named ones of the corresponding B<X509_NAME> functions such as
+X509_NAME_add_entry_by_txt(). So for example B<type> can be set to
+B<MBSTRING_ASC> but in the case of X509_set_data() the field name must be
+set first so the relevant field information can be looked up internally.
+=head1 RETURN VALUES
+=head1 SEE ALSO
+L<ERR_get_error(3)|ERR_get_error(3)>, L<d2i_X509_NAME(3)|d2i_X509_NAME(3)>,
+L<OBJ_nid2obj(3),OBJ_nid2obj(3)>
+=head1 HISTORY
+TBA
+=cut
diff --git a/src/lib/libcrypto/doc/X509_NAME_add_entry_by_txt.pod b/src/lib/libcrypto/doc/X509_NAME_add_entry_by_txt.pod
new file mode 100644
index 0000000000..1afd008cb3
--- /dev/null
+++ b/src/lib/libcrypto/doc/X509_NAME_add_entry_by_txt.pod
@@ -0,0 +1,116 @@
+=pod
+=head1 NAME
+X509_NAME_add_entry_by_txt, X509_NAME_add_entry_by_OBJ, X509_NAME_add_entry_by_NID,
+X509_NAME_add_entry, X509_NAME_delete_entry - X509_NAME modification functions
+=head1 SYNOPSIS
+ #include <openssl/x509.h>
+ int X509_NAME_add_entry_by_txt(X509_NAME *name, const char *field, int type, const unsigned char *bytes, int len, int loc, int set);
+ int X509_NAME_add_entry_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, int type, unsigned char *bytes, int len, int loc, int set);
+ int X509_NAME_add_entry_by_NID(X509_NAME *name, int nid, int type, unsigned char *bytes, int len, int loc, int set);
+ int X509_NAME_add_entry(X509_NAME *name,X509_NAME_ENTRY *ne, int loc, int set);
+ X509_NAME_ENTRY *X509_NAME_delete_entry(X509_NAME *name, int loc);
+=head1 DESCRIPTION
+X509_NAME_add_entry_by_txt(), X509_NAME_add_entry_by_OBJ() and
+X509_NAME_add_entry_by_NID() add a field whose name is defined
+by a string B<field>, an object B<obj> or a NID B<nid> respectively.
+The field value to be added is in B<bytes> of length B<len>. If
+B<len> is -1 then the field length is calculated internally using
+strlen(bytes).
+The type of field is determined by B<type> which can either be a
+definition of the type of B<bytes> (such as B<MBSTRING_ASC>) or a
+standard ASN1 type (such as B<V_ASN1_IA5STRING>). The new entry is
+added to a position determined by B<loc> and B<set>.
+X509_NAME_add_entry() adds a copy of B<X509_NAME_ENTRY> structure B<ne>
+to B<name>. The new entry is added to a position determined by B<loc>
+and B<set>. Since a copy of B<ne> is added B<ne> must be freed up after
+the call.
+X509_NAME_delete_entry() deletes an entry from B<name> at position
+B<loc>. The deleted entry is returned and must be freed up.
+=head1 NOTES
+The use of string types such as B<MBSTRING_ASC> or B<MBSTRING_UTF8>
+is strongly recommened for the B<type> parameter. This allows the
+internal code to correctly determine the type of the field and to
+apply length checks according to the relevant standards. This is
+done using ASN1_STRING_set_by_NID().
+If instead an ASN1 type is used no checks are performed and the
+supplied data in B<bytes> is used directly.
+In X509_NAME_add_entry_by_txt() the B<field> string represents
+the field name using OBJ_txt2obj(field, 0).
+The B<loc> and B<set> parameters determine where a new entry should
+be added. For almost all applications B<loc> can be set to -1 and B<set>
+to 0. This adds a new entry to the end of B<name> as a single valued
+RelativeDistinguishedName (RDN).
+B<loc> actually determines the index where the new entry is inserted:
+if it is -1 it is appended. 
+B<set> determines how the new type is added. If it is zero a
+new RDN is created.
+If B<set> is -1 or 1 it is added to the previous or next RDN
+structure respectively. This will then be a multivalued RDN:
+since multivalues RDNs are very seldom used B<set> is almost
+always set to zero.
+=head1 EXAMPLES
+Create an B<X509_NAME> structure:
+"C=UK, O=Disorganized Organization, CN=Joe Bloggs"
+ X509_NAME *nm;
+ nm = X509_NAME_new();
+ if (nm == NULL)
+        /* Some error */
+ if (!X509_NAME_add_entry_by_txt(nm, MBSTRING_ASC,
+                        "C", "UK", -1, -1, 0))
+        /* Error */
+ if (!X509_NAME_add_entry_by_txt(nm, MBSTRING_ASC,
+                        "O", "Disorganized Organization", -1, -1, 0))
+        /* Error */
+ if (!X509_NAME_add_entry_by_txt(nm, MBSTRING_ASC,
+                        "CN", "Joe Bloggs", -1, -1, 0))
+        /* Error */
+=head1 RETURN VALUES
+X509_NAME_add_entry_by_txt(), X509_NAME_add_entry_by_OBJ(),
+X509_NAME_add_entry_by_NID() and X509_NAME_add_entry() return 1 for
+success of 0 if an error occurred.
+X509_NAME_delete_entry() returns either the deleted B<X509_NAME_ENTRY>
+structure of B<NULL> if an error occurred.
+=head1 BUGS
+B<type> can still be set to B<V_ASN1_APP_CHOOSE> to use a
+different algorithm to determine field types. Since this form does
+not understand multicharacter types, performs no length checks and
+can result in invalid field types its use is strongly discouraged.
+=head1 SEE ALSO
+L<ERR_get_error(3)|ERR_get_error(3)>, L<d2i_X509_NAME(3)|d2i_X509_NAME(3)>
+=head1 HISTORY
+=cut
diff --git a/src/lib/libcrypto/doc/X509_NAME_get_index_by_NID.pod b/src/lib/libcrypto/doc/X509_NAME_get_index_by_NID.pod
new file mode 100644
index 0000000000..3b1f9ff43b
--- /dev/null
+++ b/src/lib/libcrypto/doc/X509_NAME_get_index_by_NID.pod
@@ -0,0 +1,108 @@
+=pod
+=head1 NAME
+X509_NAME_get_index_by_NID, X509_NAME_get_index_by_OBJ, X509_NAME_get_entry,
+X509_NAME_entry_count, X509_NAME_get_text_by_NID, X509_NAME_get_text_by_OBJ -
+X509_NAME lookup and enumeration functions
+=head1 SYNOPSIS
+ #include <openssl/x509.h>
+ int X509_NAME_get_index_by_NID(X509_NAME *name,int nid,int lastpos);
+ int X509_NAME_get_index_by_OBJ(X509_NAME *name,ASN1_OBJECT *obj, int lastpos);
+ int X509_NAME_entry_count(X509_NAME *name);
+ X509_NAME_ENTRY *X509_NAME_get_entry(X509_NAME *name, int loc);
+ int X509_NAME_get_text_by_NID(X509_NAME *name, int nid, char *buf,int len);
+ int X509_NAME_get_text_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, char *buf,int len);
+=head1 DESCRIPTION
+These functions allow an B<X509_NAME> structure to be examined. The
+B<X509_NAME> structure is the same as the B<Name> type defined in
+RFC2459 (and elsewhere) and used for example in certificate subject
+and issuer names.
+X509_NAME_get_index_by_NID() and X509_NAME_get_index_by_OBJ() retrieve
+the next index matching B<nid> or B<obj> after B<lastpos>. B<lastpos>
+should initially be set to -1. If there are no more entries -1 is returned.
+X509_NAME_entry_count() returns the total number of entries in B<name>.
+X509_NAME_get_entry() retrieves the B<X509_NAME_ENTRY> from B<name>
+corresponding to index B<loc>. Acceptable values for B<loc> run from
+0 to (X509_NAME_entry_count(name) - 1). The value returned is an
+internal pointer which must not be freed.
+X509_NAME_get_text_by_NID(), X509_NAME_get_text_by_OBJ() retrieve
+the "text" from the first entry in B<name> which matches B<nid> or
+B<obj>, if no such entry exists -1 is returned. At most B<len> bytes
+will be written and the text written to B<buf> will be null
+terminated. The length of the output string written is returned
+excluding the terminating null. If B<buf> is <NULL> then the amount
+of space needed in B<buf> (excluding the final null) is returned. 
+=head1 NOTES
+X509_NAME_get_text_by_NID() and X509_NAME_get_text_by_OBJ() are
+legacy functions which have various limitations which make them
+of minimal use in practice. They can only find the first matching
+entry and will copy the contents of the field verbatim: this can
+be highly confusing if the target is a muticharacter string type
+like a BMPString or a UTF8String.
+For a more general solution X509_NAME_get_index_by_NID() or
+X509_NAME_get_index_by_OBJ() should be used followed by
+X509_NAME_get_entry() on any matching indices and then the
+various B<X509_NAME_ENTRY> utility functions on the result.
+=head1 EXAMPLES
+Process all entries:
+ int i;
+ X509_NAME_ENTRY *e;
+ for (i = 0; i < X509_NAME_entry_count(nm); i++)
+        {
+        e = X509_NAME_get_entry(nm, i);
+        /* Do something with e */
+        }
+Process all commonName entries:
+ int loc;
+ X509_NAME_ENTRY *e;
+ loc = -1;
+ for (;;)
+        {
+        lastpos = X509_NAME_get_index_by_NID(nm, NID_commonName, lastpos);
+        if (lastpos == -1)
+                break;
+        e = X509_NAME_get_entry(nm, lastpos);
+        /* Do something with e */
+        }
+=head1 RETURN VALUES
+X509_NAME_get_index_by_NID() and X509_NAME_get_index_by_OBJ()
+return the index of the next matching entry or -1 if not found.
+X509_NAME_entry_count() returns the total number of entries.
+X509_NAME_get_entry() returns an B<X509_NAME> pointer to the
+requested entry or B<NULL> if the index is invalid.
+=head1 SEE ALSO
+L<ERR_get_error(3)|ERR_get_error(3)>, L<d2i_X509_NAME(3)|d2i_X509_NAME(3)>
+=head1 HISTORY
+TBA
+=cut
diff --git a/src/lib/libcrypto/doc/X509_NAME_print_ex.pod b/src/lib/libcrypto/doc/X509_NAME_print_ex.pod
new file mode 100644
index 0000000000..2579a5dc9d
--- /dev/null
+++ b/src/lib/libcrypto/doc/X509_NAME_print_ex.pod
@@ -0,0 +1,105 @@
+=pod
+=head1 NAME
+X509_NAME_print_ex, X509_NAME_print_ex_fp, X509_NAME_print,
+X509_NAME_oneline - X509_NAME printing routines.
+=head1 SYNOPSIS
+ #include <openssl/x509.h>
+ int X509_NAME_print_ex(BIO *out, X509_NAME *nm, int indent, unsigned long flags);
+ int X509_NAME_print_ex_fp(FILE *fp, X509_NAME *nm, int indent, unsigned long flags);
+ char * X509_NAME_oneline(X509_NAME *a,char *buf,int size);
+ int X509_NAME_print(BIO *bp, X509_NAME *name, int obase);
+=head1 DESCRIPTION
+X509_NAME_print_ex() prints a human readable version of B<nm> to BIO B<out>. Each
+line (for multiline formats) is indented by B<indent> spaces. The output format
+can be extensively customised by use of the B<flags> parameter.
+X509_NAME_print_ex_fp() is identical to X509_NAME_print_ex() except the output is
+written to FILE pointer B<fp>.
+X509_NAME_oneline() prints an ASCII version of B<a> to B<buf>. At most B<size>
+bytes will be written. If B<buf> is B<NULL> then a buffer is dynamically allocated
+and returned, otherwise B<buf> is returned.
+X509_NAME_print() prints out B<name> to B<bp> indenting each line by B<obase> 
+characters. Multiple lines are used if the output (including indent) exceeds
+80 characters.
+=head1 NOTES
+The functions X509_NAME_oneline() and X509_NAME_print() are legacy functions which
+produce a non standard output form, they don't handle multi character fields and
+have various quirks and inconsistencies. Their use is strongly discouraged in new
+applications.
+Although there are a large number of possible flags for most purposes
+B<XN_FLAG_ONELINE>, B<XN_FLAG_MULTILINE> or B<XN_FLAG_RFC2253> will suffice.
+As noted on the L<ASN1_STRING_print_ex(3)|ASN1_STRING_print_ex(3)> manual page
+for UTF8 terminals the B<ASN1_STRFLGS_ESC_MSB> should be unset: so for example
+B<XN_FLAG_ONELINE & ~ASN1_STRFLGS_ESC_MSB> would be used.
+The complete set of the flags supported by X509_NAME_print_ex() is listed below.
+Several options can be ored together.
+The options B<XN_FLAG_SEP_COMMA_PLUS>, B<XN_FLAG_SEP_CPLUS_SPC>,
+B<XN_FLAG_SEP_SPLUS_SPC> and B<XN_FLAG_SEP_MULTILINE> determine the field separators
+to use. Two distinct separators are used between distinct RelativeDistinguishedName
+components and separate values in the same RDN for a multi-valued RDN. Multi-valued
+RDNs are currently very rare so the second separator will hardly ever be used.
+B<XN_FLAG_SEP_COMMA_PLUS> uses comma and plus as separators. B<XN_FLAG_SEP_CPLUS_SPC>
+uses comma and plus with spaces: this is more readable that plain comma and plus.
+B<XN_FLAG_SEP_SPLUS_SPC> uses spaced semicolon and plus. B<XN_FLAG_SEP_MULTILINE> uses
+spaced newline and plus respectively.
+If B<XN_FLAG_DN_REV> is set the whole DN is printed in reversed order.
+The fields B<XN_FLAG_FN_SN>, B<XN_FLAG_FN_LN>, B<XN_FLAG_FN_OID>,
+B<XN_FLAG_FN_NONE> determine how a field name is displayed. It will
+use the short name (e.g. CN) the long name (e.g. commonName) always
+use OID numerical form (normally OIDs are only used if the field name is not
+recognised) and no field name respectively.
+If B<XN_FLAG_SPC_EQ> is set then spaces will be placed around the '=' character
+separating field names and values.
+If B<XN_FLAG_DUMP_UNKNOWN_FIELDS> is set then the encoding of unknown fields is
+printed instead of the values.
+If B<XN_FLAG_FN_ALIGN> is set then field names are padded to 20 characters: this
+is only of use for multiline format.
+Additionally all the options supported by ASN1_STRING_print_ex() can be used to 
+control how each field value is displayed.
+In addition a number options can be set for commonly used formats.
+B<XN_FLAG_RFC2253> sets options which produce an output compatible with RFC2253 it
+is equivalent to:
+ B<ASN1_STRFLGS_RFC2253 | XN_FLAG_SEP_COMMA_PLUS | XN_FLAG_DN_REV | XN_FLAG_FN_SN | XN_FLAG_DUMP_UNKNOWN_FIELDS>
+B<XN_FLAG_ONELINE> is a more readable one line format which is the same as:
+ B<ASN1_STRFLGS_RFC2253 | ASN1_STRFLGS_ESC_QUOTE | XN_FLAG_SEP_CPLUS_SPC | XN_FLAG_SPC_EQ | XN_FLAG_FN_SN>
+B<XN_FLAG_MULTILINE> is a multiline format which is the same as:
+ B<ASN1_STRFLGS_ESC_CTRL | ASN1_STRFLGS_ESC_MSB | XN_FLAG_SEP_MULTILINE | XN_FLAG_SPC_EQ | XN_FLAG_FN_LN | XN_FLAG_FN_ALIGN>
+B<XN_FLAG_COMPAT> uses a format identical to X509_NAME_print(): in fact it calls X509_NAME_print() internally.
+=head1 SEE ALSO
+L<ASN1_STRING_print_ex(3)|ASN1_STRING_print_ex(3)>
+=head1 HISTORY
+TBA
+=cut
diff --git a/src/lib/libcrypto/doc/X509_STORE_CTX_get_error.pod b/src/lib/libcrypto/doc/X509_STORE_CTX_get_error.pod
new file mode 100644
index 0000000000..a883f6c097
--- /dev/null
+++ b/src/lib/libcrypto/doc/X509_STORE_CTX_get_error.pod
@@ -0,0 +1,303 @@
+=pod
+=head1 NAME
+X509_STORE_CTX_get_error, X509_STORE_CTX_set_error, X509_STORE_CTX_get_error_depth, X509_STORE_CTX_get_current_cert, X509_STORE_CTX_get1_chain, X509_verify_cert_error_string - get or set certificate verification status information
+=head1 SYNOPSIS
+ #include <openssl/x509.h>
+ #include <openssl/x509_vfy.h>
+ int    X509_STORE_CTX_get_error(X509_STORE_CTX *ctx);
+ void   X509_STORE_CTX_set_error(X509_STORE_CTX *ctx,int s);
+ int    X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx);
+ X509 * X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx);
+ STACK_OF(X509) *X509_STORE_CTX_get1_chain(X509_STORE_CTX *ctx);
+ const char *X509_verify_cert_error_string(long n);
+=head1 DESCRIPTION
+These functions are typically called after X509_verify_cert() has indicated
+an error or in a verification callback to determine the nature of an error.
+X509_STORE_CTX_get_error() returns the error code of B<ctx>, see
+the B<ERROR CODES> section for a full description of all error codes.
+X509_STORE_CTX_set_error() sets the error code of B<ctx> to B<s>. For example
+it might be used in a verification callback to set an error based on additional
+checks.
+X509_STORE_CTX_get_error_depth() returns the B<depth> of the error. This is a
+non-negative integer representing where in the certificate chain the error
+occurred. If it is zero it occured in the end entity certificate, one if
+it is the certificate which signed the end entity certificate and so on.
+X509_STORE_CTX_get_current_cert() returns the certificate in B<ctx> which
+caused the error or B<NULL> if no certificate is relevant.
+X509_STORE_CTX_get1_chain() returns a complete validate chain if a previous
+call to X509_verify_cert() is successful. If the call to X509_verify_cert()
+is B<not> successful the returned chain may be incomplete or invalid. The
+returned chain persists after the B<ctx> structure is freed, when it is
+no longer needed it should be free up using:
+  sk_X509_pop_free(chain, X509_free);
+X509_verify_cert_error_string() returns a human readable error string for
+verification error B<n>.
+=head1 RETURN VALUES
+X509_STORE_CTX_get_error() returns B<X509_V_OK> or an error code.
+X509_STORE_CTX_get_error_depth() returns a non-negative error depth.
+X509_STORE_CTX_get_current_cert() returns the cerificate which caused the
+error or B<NULL> if no certificate is relevant to the error.
+X509_verify_cert_error_string() returns a human readable error string for
+verification error B<n>.
+=head1 ERROR CODES
+A list of error codes and messages is shown below.  Some of the
+error codes are defined but currently never returned: these are described as
+"unused".
+=over 4
+=item B<X509_V_OK: ok>
+the operation was successful.
+=item B<X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: unable to get issuer certificate>
+the issuer certificate could not be found: this occurs if the issuer certificate
+of an untrusted certificate cannot be found.
+=item B<X509_V_ERR_UNABLE_TO_GET_CRL: unable to get certificate CRL>
+the CRL of a certificate could not be found.
+=item B<X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE: unable to decrypt certificate's signature>
+the certificate signature could not be decrypted. This means that the actual
+signature value could not be determined rather than it not matching the
+expected value, this is only meaningful for RSA keys.
+=item B<X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE: unable to decrypt CRL's signature>
+the CRL signature could not be decrypted: this means that the actual signature
+value could not be determined rather than it not matching the expected value.
+Unused.
+=item B<X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY: unable to decode issuer public key>
+the public key in the certificate SubjectPublicKeyInfo could not be read.
+=item B<X509_V_ERR_CERT_SIGNATURE_FAILURE: certificate signature failure>
+the signature of the certificate is invalid.
+=item B<X509_V_ERR_CRL_SIGNATURE_FAILURE: CRL signature failure>
+the signature of the certificate is invalid.
+=item B<X509_V_ERR_CERT_NOT_YET_VALID: certificate is not yet valid>
+the certificate is not yet valid: the notBefore date is after the current time.
+=item B<X509_V_ERR_CERT_HAS_EXPIRED: certificate has expired>
+the certificate has expired: that is the notAfter date is before the current time.
+=item B<X509_V_ERR_CRL_NOT_YET_VALID: CRL is not yet valid>
+the CRL is not yet valid.
+=item B<X509_V_ERR_CRL_HAS_EXPIRED: CRL has expired>
+the CRL has expired.
+=item B<X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: format error in certificate's notBefore field>
+the certificate notBefore field contains an invalid time.
+=item B<X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: format error in certificate's notAfter field>
+the certificate notAfter field contains an invalid time.
+=item B<X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD: format error in CRL's lastUpdate field>
+the CRL lastUpdate field contains an invalid time.
+=item B<X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD: format error in CRL's nextUpdate field>
+the CRL nextUpdate field contains an invalid time.
+=item B<X509_V_ERR_OUT_OF_MEM: out of memory>
+an error occurred trying to allocate memory. This should never happen.
+=item B<X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT: self signed certificate>
+the passed certificate is self signed and the same certificate cannot be found
+in the list of trusted certificates.
+=item B<X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN: self signed certificate in certificate chain>
+the certificate chain could be built up using the untrusted certificates but
+the root could not be found locally.
+=item B<X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY: unable to get local issuer certificate>
+the issuer certificate of a locally looked up certificate could not be found.
+This normally means the list of trusted certificates is not complete.
+=item B<X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE: unable to verify the first certificate>
+no signatures could be verified because the chain contains only one certificate
+and it is not self signed.
+=item B<X509_V_ERR_CERT_CHAIN_TOO_LONG: certificate chain too long>
+the certificate chain length is greater than the supplied maximum depth. Unused.
+=item B<X509_V_ERR_CERT_REVOKED: certificate revoked>
+the certificate has been revoked.
+=item B<X509_V_ERR_INVALID_CA: invalid CA certificate>
+a CA certificate is invalid. Either it is not a CA or its extensions are not
+consistent with the supplied purpose.
+=item B<X509_V_ERR_PATH_LENGTH_EXCEEDED: path length constraint exceeded>
+the basicConstraints pathlength parameter has been exceeded.
+=item B<X509_V_ERR_INVALID_PURPOSE: unsupported certificate purpose>
+the supplied certificate cannot be used for the specified purpose.
+=item B<X509_V_ERR_CERT_UNTRUSTED: certificate not trusted>
+the root CA is not marked as trusted for the specified purpose.
+=item B<X509_V_ERR_CERT_REJECTED: certificate rejected>
+the root CA is marked to reject the specified purpose.
+=item B<X509_V_ERR_SUBJECT_ISSUER_MISMATCH: subject issuer mismatch>
+the current candidate issuer certificate was rejected because its subject name
+did not match the issuer name of the current certificate. This is only set
+if issuer check debugging is enabled it is used for status notification and
+is B<not> in itself an error.
+=item B<X509_V_ERR_AKID_SKID_MISMATCH: authority and subject key identifier mismatch>
+the current candidate issuer certificate was rejected because its subject key
+identifier was present and did not match the authority key identifier current
+certificate. This is only set if issuer check debugging is enabled it is used
+for status notification and is B<not> in itself an error.
+=item B<X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH: authority and issuer serial number mismatch>
+the current candidate issuer certificate was rejected because its issuer name
+and serial number was present and did not match the authority key identifier of
+the current certificate. This is only set if issuer check debugging is enabled
+it is used for status notification and is B<not> in itself an error.
+=item B<X509_V_ERR_KEYUSAGE_NO_CERTSIGN:key usage does not include certificate signing>
+the current candidate issuer certificate was rejected because its keyUsage
+extension does not permit certificate signing. This is only set if issuer check
+debugging is enabled it is used for status notification and is B<not> in itself
+an error.
+=item B<X509_V_ERR_INVALID_EXTENSION: invalid or inconsistent certificate extension>
+A certificate extension had an invalid value (for example an incorrect
+encoding) or some value inconsistent with other extensions.
+=item B<X509_V_ERR_INVALID_POLICY_EXTENSION: invalid or inconsistent certificate policy extension>
+A certificate policies extension had an invalid value (for example an incorrect
+encoding) or some value inconsistent with other extensions. This error only
+occurs if policy processing is enabled.
+=item B<X509_V_ERR_NO_EXPLICIT_POLICY: no explicit policy>
+The verification flags were set to require and explicit policy but none was
+present.
+=item B<X509_V_ERR_DIFFERENT_CRL_SCOPE: Different CRL scope>
+The only CRLs that could be found did not match the scope of the certificate.
+=item B<X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE: Unsupported extension feature>
+Some feature of a certificate extension is not supported. Unused.
+=item B<X509_V_ERR_PERMITTED_VIOLATION: permitted subtree violation>
+A name constraint violation occured in the permitted subtrees.
+=item B<X509_V_ERR_EXCLUDED_VIOLATION: excluded subtree violation>
+A name constraint violation occured in the excluded subtrees.
+=item B<X509_V_ERR_SUBTREE_MINMAX: name constraints minimum and maximum not supported>
+A certificate name constraints extension included a minimum or maximum field:
+this is not supported.
+=item B<X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE: unsupported name constraint type>
+An unsupported name constraint type was encountered. OpenSSL currently only
+supports directory name, DNS name, email and URI types.
+=item B<X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX: unsupported or invalid name constraint syntax>
+The format of the name constraint is not recognised: for example an email
+address format of a form not mentioned in RFC3280. This could be caused by
+a garbage extension or some new feature not currently supported.
+=item B<X509_V_ERR_CRL_PATH_VALIDATION_ERROR: CRL path validation error>
+An error occured when attempting to verify the CRL path. This error can only
+happen if extended CRL checking is enabled.
+=item B<X509_V_ERR_APPLICATION_VERIFICATION: application verification failure>
+an application specific error. This will never be returned unless explicitly
+set by an application.
+=head1 NOTES
+The above functions should be used instead of directly referencing the fields
+in the B<X509_VERIFY_CTX> structure.
+In versions of OpenSSL before 1.0 the current certificate returned by
+X509_STORE_CTX_get_current_cert() was never B<NULL>. Applications should
+check the return value before printing out any debugging information relating
+to the current certificate.
+If an unrecognised error code is passed to X509_verify_cert_error_string() the
+numerical value of the unknown code is returned in a static buffer. This is not
+thread safe but will never happen unless an invalid code is passed.
+=head1 SEE ALSO
+L<X509_verify_cert(3)|X509_verify_cert(3)>
+=head1 HISTORY
+TBA
+=cut
diff --git a/src/lib/libcrypto/doc/X509_STORE_CTX_get_ex_new_index.pod b/src/lib/libcrypto/doc/X509_STORE_CTX_get_ex_new_index.pod
new file mode 100644
index 0000000000..8d6b9dda47
--- /dev/null
+++ b/src/lib/libcrypto/doc/X509_STORE_CTX_get_ex_new_index.pod
@@ -0,0 +1,41 @@
+=pod
+=head1 NAME
+X509_STORE_CTX_get_ex_new_index, X509_STORE_CTX_set_ex_data, X509_STORE_CTX_get_ex_data - add application specific data to X509_STORE_CTX structures
+=head1 SYNOPSIS
+ #include <openssl/x509_vfy.h>
+ int X509_STORE_CTX_get_ex_new_index(long argl, void *argp,
+                CRYPTO_EX_new *new_func,
+                CRYPTO_EX_dup *dup_func,
+                CRYPTO_EX_free *free_func);
+ int X509_STORE_CTX_set_ex_data(X509_STORE_CTX *d, int idx, void *arg);
+ char *X509_STORE_CTX_get_ex_data(X509_STORE_CTX *d, int idx);
+=head1 DESCRIPTION
+These functions handle application specific data in X509_STORE_CTX structures.
+Their usage is identical to that of RSA_get_ex_new_index(), RSA_set_ex_data()
+and RSA_get_ex_data() as described in L<RSA_get_ex_new_index(3)>.
+=head1 NOTES
+This mechanism is used internally by the B<ssl> library to store the B<SSL>
+structure associated with a verification operation in an B<X509_STORE_CTX>
+structure. 
+=head1 SEE ALSO
+L<RSA_get_ex_new_index(3)|RSA_get_ex_new_index(3)>
+=head1 HISTORY
+X509_STORE_CTX_get_ex_new_index(), X509_STORE_CTX_set_ex_data() and
+X509_STORE_CTX_get_ex_data() are available since OpenSSL 0.9.5.
+=cut
diff --git a/src/lib/libcrypto/doc/X509_STORE_CTX_new.pod b/src/lib/libcrypto/doc/X509_STORE_CTX_new.pod
new file mode 100644
index 0000000000..b17888f149
--- /dev/null
+++ b/src/lib/libcrypto/doc/X509_STORE_CTX_new.pod
@@ -0,0 +1,122 @@
+=pod
+=head1 NAME
+X509_STORE_CTX_new, X509_STORE_CTX_cleanup, X509_STORE_CTX_free, X509_STORE_CTX_init, X509_STORE_CTX_trusted_stack, X509_STORE_CTX_set_cert, X509_STORE_CTX_set_chain, X509_STORE_CTX_set0_crls, X509_STORE_CTX_get0_param, X509_STORE_CTX_set0_param, X509_STORE_CTX_set_default - X509_STORE_CTX initialisation
+=head1 SYNOPSIS
+ #include <openssl/x509_vfy.h>
+ X509_STORE_CTX *X509_STORE_CTX_new(void);
+ void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx);
+ void X509_STORE_CTX_free(X509_STORE_CTX *ctx);
+ int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store,
+                         X509 *x509, STACK_OF(X509) *chain);
+ void X509_STORE_CTX_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk);
+ void   X509_STORE_CTX_set_cert(X509_STORE_CTX *ctx,X509 *x);
+ void   X509_STORE_CTX_set_chain(X509_STORE_CTX *ctx,STACK_OF(X509) *sk);
+ void   X509_STORE_CTX_set0_crls(X509_STORE_CTX *ctx, STACK_OF(X509_CRL) *sk);
+ X509_VERIFY_PARAM *X509_STORE_CTX_get0_param(X509_STORE_CTX *ctx);
+ void X509_STORE_CTX_set0_param(X509_STORE_CTX *ctx, X509_VERIFY_PARAM *param);
+ int X509_STORE_CTX_set_default(X509_STORE_CTX *ctx, const char *name);
+=head1 DESCRIPTION
+These functions initialise an B<X509_STORE_CTX> structure for subsequent use
+by X509_verify_cert().
+X509_STORE_CTX_new() returns a newly initialised B<X509_STORE_CTX> structure.
+X509_STORE_CTX_cleanup() internally cleans up an B<X509_STORE_CTX> structure.
+The context can then be reused with an new call to X509_STORE_CTX_init().
+X509_STORE_CTX_free() completely frees up B<ctx>. After this call B<ctx>
+is no longer valid.
+X509_STORE_CTX_init() sets up B<ctx> for a subsequent verification operation.
+The trusted certificate store is set to B<store>, the end entity certificate
+to be verified is set to B<x509> and a set of additional certificates (which
+will be untrusted but may be used to build the chain) in B<chain>. Any or
+all of the B<store>, B<x509> and B<chain> parameters can be B<NULL>.
+X509_STORE_CTX_trusted_stack() sets the set of trusted certificates of B<ctx>
+to B<sk>. This is an alternative way of specifying trusted certificates 
+instead of using an B<X509_STORE>.
+X509_STORE_CTX_set_cert() sets the certificate to be vertified in B<ctx> to
+B<x>.
+X509_STORE_CTX_set_chain() sets the additional certificate chain used by B<ctx>
+to B<sk>.
+X509_STORE_CTX_set0_crls() sets a set of CRLs to use to aid certificate
+verification to B<sk>. These CRLs will only be used if CRL verification is
+enabled in the associated B<X509_VERIFY_PARAM> structure. This might be
+used where additional "useful" CRLs are supplied as part of a protocol,
+for example in a PKCS#7 structure.
+X509_VERIFY_PARAM *X509_STORE_CTX_get0_param() retrieves an intenal pointer
+to the verification parameters associated with B<ctx>.
+X509_STORE_CTX_set0_param() sets the intenal verification parameter pointer
+to B<param>. After this call B<param> should not be used.
+X509_STORE_CTX_set_default() looks up and sets the default verification
+method to B<name>. This uses the function X509_VERIFY_PARAM_lookup() to
+find an appropriate set of parameters from B<name>.
+=head1 NOTES
+The certificates and CRLs in a store are used internally and should B<not>
+be freed up until after the associated B<X509_STORE_CTX> is freed. Legacy
+applications might implicitly use an B<X509_STORE_CTX> like this:
+  X509_STORE_CTX ctx;
+  X509_STORE_CTX_init(&ctx, store, cert, chain);
+this is B<not> recommended in new applications they should instead do:
+  X509_STORE_CTX *ctx;
+  ctx = X509_STORE_CTX_new();
+  if (ctx == NULL)
+        /* Bad error */
+  X509_STORE_CTX_init(ctx, store, cert, chain);
+=head1 BUGS
+The certificates and CRLs in a context are used internally and should B<not>
+be freed up until after the associated B<X509_STORE_CTX> is freed. Copies
+should be made or reference counts increased instead.
+=head1 RETURN VALUES
+X509_STORE_CTX_new() returns an newly allocates context or B<NULL> is an
+error occurred.
+X509_STORE_CTX_init() returns 1 for success or 0 if an error occurred.
+X509_STORE_CTX_get0_param() returns a pointer to an B<X509_VERIFY_PARAM>
+structure or B<NULL> if an error occurred.
+X509_STORE_CTX_cleanup(), X509_STORE_CTX_free(), X509_STORE_CTX_trusted_stack(),
+X509_STORE_CTX_set_cert(), X509_STORE_CTX_set_chain(),
+X509_STORE_CTX_set0_crls() and X509_STORE_CTX_set0_param() do not return
+values.
+X509_STORE_CTX_set_default() returns 1 for success or 0 if an error occurred.
+=head1 SEE ALSO
+L<X509_verify_cert(3)|X509_verify_cert(3)>
+L<X509_VERIFY_PARAM_set_flags(3)|X509_VERIFY_PARAM_set_flags(3)>
+=head1 HISTORY
+X509_STORE_CTX_set0_crls() was first added to OpenSSL 1.0.0
+=cut
diff --git a/src/lib/libcrypto/doc/X509_STORE_CTX_set_verify_cb.pod b/src/lib/libcrypto/doc/X509_STORE_CTX_set_verify_cb.pod
new file mode 100644
index 0000000000..b9787a6ca6
--- /dev/null
+++ b/src/lib/libcrypto/doc/X509_STORE_CTX_set_verify_cb.pod
@@ -0,0 +1,161 @@
+=pod
+=head1 NAME
+X509_STORE_CTX_set_verify_cb - set verification callback
+=head1 SYNOPSIS
+ #include <openssl/x509_vfy.h>
+ void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx,
+                                int (*verify_cb)(int ok, X509_STORE_CTX *ctx));
+=head1 DESCRIPTION
+X509_STORE_CTX_set_verify_cb() sets the verification callback of B<ctx> to
+B<verify_cb> overwriting any existing callback.
+The verification callback can be used to customise the operation of certificate
+verification, either by overriding error conditions or logging errors for
+debugging purposes.
+However a verification callback is B<not> essential and the default operation
+is often sufficient.
+The B<ok> parameter to the callback indicates the value the callback should
+return to retain the default behaviour. If it is zero then and error condition
+is indicated. If it is 1 then no error occurred. If the flag
+B<X509_V_FLAG_NOTIFY_POLICY> is set then B<ok> is set to 2 to indicate the
+policy checking is complete.
+The B<ctx> parameter to the callback is the B<X509_STORE_CTX> structure that
+is performing the verification operation. A callback can examine this
+structure and receive additional information about the error, for example
+by calling X509_STORE_CTX_get_current_cert(). Additional application data can
+be passed to the callback via the B<ex_data> mechanism.
+=head1 WARNING
+In general a verification callback should B<NOT> unconditionally return 1 in
+all circumstances because this will allow verification to succeed no matter
+what the error. This effectively removes all security from the application
+because B<any> certificate (including untrusted generated ones) will be
+accepted.
+=head1 NOTES
+The verification callback can be set and inherited from the parent structure
+performing the operation. In some cases (such as S/MIME verification) the
+B<X509_STORE_CTX> structure is created and destroyed internally and the
+only way to set a custom verification callback is by inheriting it from the
+associated B<X509_STORE>.
+=head1 RETURN VALUES
+X509_STORE_CTX_set_verify_cb() does not return a value.
+=head1 EXAMPLES
+Default callback operation:
+ int verify_callback(int ok, X509_STORE_CTX *ctx)
+        {
+        return ok;
+        }
+Simple example, suppose a certificate in the chain is expired and we wish
+to continue after this error:
+ int verify_callback(int ok, X509_STORE_CTX *ctx)
+        {
+        /* Tolerate certificate expiration */
+        if (X509_STORE_CTX_get_error(ctx) == X509_V_ERR_CERT_HAS_EXPIRED)
+                        return 1;
+        /* Otherwise don't override */
+        return ok;
+        }
+More complex example, we don't wish to continue after B<any> certificate has
+expired just one specific case:
+ int verify_callback(int ok, X509_STORE_CTX *ctx)
+        {
+        int err = X509_STORE_CTX_get_error(ctx);
+        X509 *err_cert = X509_STORE_CTX_get_current_cert(ctx);
+        if (err == X509_V_ERR_CERT_HAS_EXPIRED)
+                {
+                if (check_is_acceptable_expired_cert(err_cert)
+                        return 1;
+                }
+        return ok;
+        }
+Full featured logging callback. In this case the B<bio_err> is assumed to be
+a global logging B<BIO>, an alternative would to store a BIO in B<ctx> using
+B<ex_data>.
+        
+ int verify_callback(int ok, X509_STORE_CTX *ctx)
+        {
+        X509 *err_cert;
+        int err,depth;
+        err_cert = X509_STORE_CTX_get_current_cert(ctx);
+        err =   X509_STORE_CTX_get_error(ctx);
+        depth = X509_STORE_CTX_get_error_depth(ctx);
+        BIO_printf(bio_err,"depth=%d ",depth);
+        if (err_cert)
+                {
+                X509_NAME_print_ex(bio_err, X509_get_subject_name(err_cert),
+                                        0, XN_FLAG_ONELINE);
+                BIO_puts(bio_err, "\n");
+                }
+        else
+                BIO_puts(bio_err, "<no cert>\n");
+        if (!ok)
+                BIO_printf(bio_err,"verify error:num=%d:%s\n",err,
+                        X509_verify_cert_error_string(err));
+        switch (err)
+                {
+        case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
+                BIO_puts(bio_err,"issuer= ");
+                X509_NAME_print_ex(bio_err, X509_get_issuer_name(err_cert),
+                                        0, XN_FLAG_ONELINE);
+                BIO_puts(bio_err, "\n");
+                break;
+        case X509_V_ERR_CERT_NOT_YET_VALID:
+        case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
+                BIO_printf(bio_err,"notBefore=");
+                ASN1_TIME_print(bio_err,X509_get_notBefore(err_cert));
+                BIO_printf(bio_err,"\n");
+                break;
+        case X509_V_ERR_CERT_HAS_EXPIRED:
+        case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
+                BIO_printf(bio_err,"notAfter=");
+                ASN1_TIME_print(bio_err,X509_get_notAfter(err_cert));
+                BIO_printf(bio_err,"\n");
+                break;
+        case X509_V_ERR_NO_EXPLICIT_POLICY:
+                policies_print(bio_err, ctx);
+                break;
+                }
+        if (err == X509_V_OK && ok == 2)
+                /* print out policies */
+        BIO_printf(bio_err,"verify return:%d\n",ok);
+        return(ok);
+        }
+=head1 SEE ALSO
+L<X509_STORE_CTX_get_error(3)|X509_STORE_CTX_get_error(3)>
+L<X509_STORE_set_verify_cb_func(3)|X509_STORE_set_verify_cb_func(3)>
+L<X509_STORE_CTX_get_ex_new_index(3)|X509_STORE_CTX_get_ex_new_index(3)>
+=head1 HISTORY
+X509_STORE_CTX_set_verify_cb() is available in all versions of SSLeay and
+OpenSSL.
+=cut
diff --git a/src/lib/libcrypto/doc/X509_STORE_set_verify_cb_func.pod b/src/lib/libcrypto/doc/X509_STORE_set_verify_cb_func.pod
new file mode 100644
index 0000000000..29e3bbe3bc
--- /dev/null
+++ b/src/lib/libcrypto/doc/X509_STORE_set_verify_cb_func.pod
@@ -0,0 +1,54 @@
+=pod
+=head1 NAME
+X509_STORE_set_verify_cb_func, X509_STORE_set_verify_cb - set verification callback
+=head1 SYNOPSIS
+ #include <openssl/x509_vfy.h>
+ void X509_STORE_set_verify_cb(X509_STORE *st,
+                                int (*verify_cb)(int ok, X509_STORE_CTX *ctx));
+ void X509_STORE_set_verify_cb_func(X509_STORE *st,
+                                int (*verify_cb)(int ok, X509_STORE_CTX *ctx));
+=head1 DESCRIPTION
+X509_STORE_set_verify_cb() sets the verification callback of B<ctx> to
+B<verify_cb> overwriting any existing callback.
+X509_STORE_set_verify_cb_func() also sets the verification callback but it
+is implemented as a macro.
+=head1 NOTES
+The verification callback from an B<X509_STORE> is inherited by 
+the corresponding B<X509_STORE_CTX> structure when it is initialized. This can
+be used to set the verification callback when the B<X509_STORE_CTX> is 
+otherwise inaccessible (for example during S/MIME verification).
+=head1 BUGS
+The macro version of this function was the only one available before 
+OpenSSL 1.0.0.
+=head1 RETURN VALUES
+X509_STORE_set_verify_cb() and X509_STORE_set_verify_cb_func() do not return
+a value.
+=head1 SEE ALSO
+L<X509_STORE_CTX_set_verify_cb(3)|X509_STORE_CTX_set_verify_cb(3)>
+L<CMS_verify(3)|CMS_verify(3)>
+=head1 HISTORY
+X509_STORE_set_verify_cb_func() is available in all versions of SSLeay and
+OpenSSL.
+X509_STORE_set_verify_cb() was added to OpenSSL 1.0.0.
+=cut
diff --git a/src/lib/libcrypto/doc/X509_VERIFY_PARAM_set_flags.pod b/src/lib/libcrypto/doc/X509_VERIFY_PARAM_set_flags.pod
new file mode 100644
index 0000000000..b68eece033
--- /dev/null
+++ b/src/lib/libcrypto/doc/X509_VERIFY_PARAM_set_flags.pod
@@ -0,0 +1,171 @@
+=pod
+=head1 NAME
+X509_VERIFY_PARAM_set_flags, X509_VERIFY_PARAM_clear_flags, X509_VERIFY_PARAM_get_flags, X509_VERIFY_PARAM_set_purpose, X509_VERIFY_PARAM_set_trust, X509_VERIFY_PARAM_set_depth, X509_VERIFY_PARAM_get_depth, X509_VERIFY_PARAM_set_time, X509_VERIFY_PARAM_add0_policy, X509_VERIFY_PARAM_set1_policies - X509 verification parameters 
+=head1 SYNOPSIS
+ #include <openssl/x509_vfy.h>
+ int X509_VERIFY_PARAM_set_flags(X509_VERIFY_PARAM *param, unsigned long flags);
+ int X509_VERIFY_PARAM_clear_flags(X509_VERIFY_PARAM *param,
+                                                        unsigned long flags);
+ unsigned long X509_VERIFY_PARAM_get_flags(X509_VERIFY_PARAM *param);
+ int X509_VERIFY_PARAM_set_purpose(X509_VERIFY_PARAM *param, int purpose);
+ int X509_VERIFY_PARAM_set_trust(X509_VERIFY_PARAM *param, int trust);
+ void X509_VERIFY_PARAM_set_time(X509_VERIFY_PARAM *param, time_t t);
+ int X509_VERIFY_PARAM_add0_policy(X509_VERIFY_PARAM *param,
+                                                ASN1_OBJECT *policy);
+ int X509_VERIFY_PARAM_set1_policies(X509_VERIFY_PARAM *param, 
+                                        STACK_OF(ASN1_OBJECT) *policies);
+ void X509_VERIFY_PARAM_set_depth(X509_VERIFY_PARAM *param, int depth);
+ int X509_VERIFY_PARAM_get_depth(const X509_VERIFY_PARAM *param);
+=head1 DESCRIPTION
+These functions manipulate the B<X509_VERIFY_PARAM> structure associated with
+a certificate verification operation. 
+The X509_VERIFY_PARAM_set_flags() function sets the flags in B<param> by oring
+it with B<flags>. See the B<VERIFICATION FLAGS> section for a complete
+description of values the B<flags> parameter can take.
+X509_VERIFY_PARAM_get_flags() returns the flags in B<param>.
+X509_VERIFY_PARAM_clear_flags() clears the flags B<flags> in B<param>.
+X509_VERIFY_PARAM_set_purpose() sets the verification purpose in B<param>
+to B<purpose>. This determines the acceptable purpose of the certificate
+chain, for example SSL client or SSL server.
+X509_VERIFY_PARAM_set_trust() sets the trust setting in B<param> to 
+B<trust>.
+X509_VERIFY_PARAM_set_time() sets the verification time in B<param> to
+B<t>. Normally the current time is used.
+X509_VERIFY_PARAM_add0_policy() enables policy checking (it is disabled
+by default) and adds B<policy> to the acceptable policy set.
+X509_VERIFY_PARAM_set1_policies() enables policy checking (it is disabled
+by default) and sets the acceptable policy set to B<policies>. Any existing
+policy set is cleared. The B<policies> parameter can be B<NULL> to clear
+an existing policy set.
+X509_VERIFY_PARAM_set_depth() sets the maximum verification depth to B<depth>.
+That is the maximum number of untrusted CA certificates that can appear in a
+chain.
+=head1 RETURN VALUES
+X509_VERIFY_PARAM_set_flags(), X509_VERIFY_PARAM_clear_flags(), 
+X509_VERIFY_PARAM_set_purpose(), X509_VERIFY_PARAM_set_trust(),
+X509_VERIFY_PARAM_add0_policy() and X509_VERIFY_PARAM_set1_policies() return 1
+for success and 0 for failure. 
+X509_VERIFY_PARAM_get_flags() returns the current verification flags.
+X509_VERIFY_PARAM_set_time() and X509_VERIFY_PARAM_set_depth() do not return
+values.
+X509_VERIFY_PARAM_get_depth() returns the current verification depth.
+=head1 VERIFICATION FLAGS
+The verification flags consists of zero or more of the following flags
+ored together.
+B<X509_V_FLAG_CRL_CHECK> enables CRL checking for the certificate chain leaf
+certificate. An error occurs if a suitable CRL cannot be found. 
+B<X509_V_FLAG_CRL_CHECK_ALL> enables CRL checking for the entire certificate
+chain.
+B<X509_V_FLAG_IGNORE_CRITICAL> disabled critical extension checking. By default
+any unhandled critical extensions in certificates or (if checked) CRLs results
+in a fatal error. If this flag is set unhandled critical extensions are
+ignored. B<WARNING> setting this option for anything other than debugging
+purposes can be a security risk. Finer control over which extensions are
+supported can be performed in the verification callback.
+THe B<X509_V_FLAG_X509_STRICT> flag disables workarounds for some broken
+certificates and makes the verification strictly apply B<X509> rules.
+B<X509_V_FLAG_ALLOW_PROXY_CERTS> enables proxy certificate verification.
+B<X509_V_FLAG_POLICY_CHECK> enables certificate policy checking, by default
+no policy checking is peformed. Additional information is sent to the 
+verification callback relating to policy checking.
+B<X509_V_FLAG_EXPLICIT_POLICY>, B<X509_V_FLAG_INHIBIT_ANY> and
+B<X509_V_FLAG_INHIBIT_MAP> set the B<require explicit policy>, B<inhibit any
+policy> and B<inhibit policy mapping> flags respectively as defined in
+B<RFC3280>. Policy checking is automatically enabled if any of these flags
+are set.
+If B<X509_V_FLAG_NOTIFY_POLICY> is set and the policy checking is successful
+a special status code is set to the verification callback. This permits it
+to examine the valid policy tree and perform additional checks or simply
+log it for debugging purposes.
+By default some addtional features such as indirect CRLs and CRLs signed by
+different keys are disabled. If B<X509_V_FLAG_EXTENDED_CRL_SUPPORT> is set
+they are enabled.
+If B<X509_V_FLAG_USE_DELTAS> ise set delta CRLs (if present) are used to
+determine certificate status. If not set deltas are ignored.
+B<X509_V_FLAG_CHECK_SS_SIGNATURE> enables checking of the root CA self signed
+cerificate signature. By default this check is disabled because it doesn't
+add any additional security but in some cases applications might want to
+check the signature anyway. A side effect of not checking the root CA
+signature is that disabled or unsupported message digests on the root CA
+are not treated as fatal errors.
+The B<X509_V_FLAG_CB_ISSUER_CHECK> flag enables debugging of certificate
+issuer checks. It is B<not> needed unless you are logging certificate
+verification. If this flag is set then additional status codes will be sent
+to the verification callback and it B<must> be prepared to handle such cases
+without assuming they are hard errors.
+=head1 NOTES
+The above functions should be used to manipulate verification parameters
+instead of legacy functions which work in specific structures such as
+X509_STORE_CTX_set_flags().
+=head1 BUGS
+Delta CRL checking is currently primitive. Only a single delta can be used and
+(partly due to limitations of B<X509_STORE>) constructed CRLs are not 
+maintained.
+If CRLs checking is enable CRLs are expected to be available in the
+corresponding B<X509_STORE> structure. No attempt is made to download
+CRLs from the CRL distribution points extension.
+=head1 EXAMPLE
+Enable CRL checking when performing certificate verification during SSL 
+connections associated with an B<SSL_CTX> structure B<ctx>:
+  X509_VERIFY_PARAM *param;
+  param = X509_VERIFY_PARAM_new();
+  X509_VERIFY_PARAM_set_flags(param, X509_V_FLAG_CRL_CHECK);
+  SSL_CTX_set1_param(ctx, param);
+  X509_VERIFY_PARAM_free(param);
+=head1 SEE ALSO
+L<X509_verify_cert(3)|X509_verify_cert(3)>
+=head1 HISTORY
+TBA
+=cut
diff --git a/src/lib/libcrypto/doc/X509_new.pod b/src/lib/libcrypto/doc/X509_new.pod
new file mode 100644
index 0000000000..d38872335f
--- /dev/null
+++ b/src/lib/libcrypto/doc/X509_new.pod
@@ -0,0 +1,39 @@
+=pod
+=head1 NAME
+X509_new, X509_free - X509 certificate ASN1 allocation functions
+=head1 SYNOPSIS
+ #include <openssl/x509.h>
+ X509 *X509_new(void);
+ void X509_free(X509 *a);
+=head1 DESCRIPTION
+The X509 ASN1 allocation routines, allocate and free an
+X509 structure, which represents an X509 certificate.
+X509_new() allocates and initializes a X509 structure.
+X509_free() frees up the B<X509> structure B<a>.
+=head1 RETURN VALUES
+If the allocation fails, X509_new() returns B<NULL> and sets an error
+code that can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
+Otherwise it returns a pointer to the newly allocated structure.
+X509_free() returns no value.
+=head1 SEE ALSO
+L<ERR_get_error(3)|ERR_get_error(3)>, L<d2i_X509(3)|d2i_X509(3)>
+=head1 HISTORY
+X509_new() and X509_free() are available in all versions of SSLeay and OpenSSL.
+=cut
diff --git a/src/lib/libcrypto/doc/X509_verify_cert.pod b/src/lib/libcrypto/doc/X509_verify_cert.pod
new file mode 100644
index 0000000000..5253bdcd70
--- /dev/null
+++ b/src/lib/libcrypto/doc/X509_verify_cert.pod
@@ -0,0 +1,53 @@
+=pod
+=head1 NAME
+X509_verify_cert - discover and verify X509 certificte chain
+=head1 SYNOPSIS
+ #include <openssl/x509.h>
+ int X509_verify_cert(X509_STORE_CTX *ctx);
+=head1 DESCRIPTION
+The X509_verify_cert() function attempts to discover and validate a
+certificate chain based on parameters in B<ctx>. A complete description of
+the process is contained in the L<verify(1)|verify(1)> manual page.
+=head1 RETURN VALUES
+If a complete chain can be built and validated this function returns 1,
+otherwise it return zero, in exceptional circumstances it can also
+return a negative code.
+If the function fails additional error information can be obtained by
+examining B<ctx> using, for example X509_STORE_CTX_get_error().
+=head1 NOTES
+Applications rarely call this function directly but it is used by
+OpenSSL internally for certificate validation, in both the S/MIME and
+SSL/TLS code.
+The negative return value from X509_verify_cert() can only occur if no
+certificate is set in B<ctx> (due to a programming error) or if a retry
+operation is requested during internal lookups (which never happens with
+standard lookup methods). It is however recommended that application check
+for <= 0 return value on error.
+=head1 BUGS
+This function uses the header B<x509.h> as opposed to most chain verification
+functiosn which use B<x509_vfy.h>.
+=head1 SEE ALSO
+L<X509_STORE_CTX_get_error(3)|X509_STORE_CTX_get_error(3)>
+=head1 HISTORY
+X509_verify_cert() is available in all versions of SSLeay and OpenSSL.
+=cut
diff --git a/src/lib/libcrypto/doc/bn.pod b/src/lib/libcrypto/doc/bn.pod
new file mode 100644
index 0000000000..cd2f8e50c6
--- /dev/null
+++ b/src/lib/libcrypto/doc/bn.pod
@@ -0,0 +1,181 @@
+=pod
+=head1 NAME
+bn - multiprecision integer arithmetics
+=head1 SYNOPSIS
+ #include <openssl/bn.h>
+ BIGNUM *BN_new(void);
+ void BN_free(BIGNUM *a);
+ void BN_init(BIGNUM *);
+ void BN_clear(BIGNUM *a);
+ void BN_clear_free(BIGNUM *a);
+ BN_CTX *BN_CTX_new(void);
+ void BN_CTX_init(BN_CTX *c);
+ void BN_CTX_free(BN_CTX *c);
+ BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b);
+ BIGNUM *BN_dup(const BIGNUM *a);
+ BIGNUM *BN_swap(BIGNUM *a, BIGNUM *b);
+ int BN_num_bytes(const BIGNUM *a);
+ int BN_num_bits(const BIGNUM *a);
+ int BN_num_bits_word(BN_ULONG w);
+ void BN_set_negative(BIGNUM *a, int n);
+ int  BN_is_negative(const BIGNUM *a);
+ int BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
+ int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
+ int BN_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b, BN_CTX *ctx);
+ int BN_sqr(BIGNUM *r, BIGNUM *a, BN_CTX *ctx);
+ int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *a, const BIGNUM *d,
+         BN_CTX *ctx);
+ int BN_mod(BIGNUM *rem, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx);
+ int BN_nnmod(BIGNUM *rem, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx);
+ int BN_mod_add(BIGNUM *ret, BIGNUM *a, BIGNUM *b, const BIGNUM *m,
+         BN_CTX *ctx);
+ int BN_mod_sub(BIGNUM *ret, BIGNUM *a, BIGNUM *b, const BIGNUM *m,
+         BN_CTX *ctx);
+ int BN_mod_mul(BIGNUM *ret, BIGNUM *a, BIGNUM *b, const BIGNUM *m,
+         BN_CTX *ctx);
+ int BN_mod_sqr(BIGNUM *ret, BIGNUM *a, const BIGNUM *m, BN_CTX *ctx);
+ int BN_exp(BIGNUM *r, BIGNUM *a, BIGNUM *p, BN_CTX *ctx);
+ int BN_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
+         const BIGNUM *m, BN_CTX *ctx);
+ int BN_gcd(BIGNUM *r, BIGNUM *a, BIGNUM *b, BN_CTX *ctx);
+ int BN_add_word(BIGNUM *a, BN_ULONG w);
+ int BN_sub_word(BIGNUM *a, BN_ULONG w);
+ int BN_mul_word(BIGNUM *a, BN_ULONG w);
+ BN_ULONG BN_div_word(BIGNUM *a, BN_ULONG w);
+ BN_ULONG BN_mod_word(const BIGNUM *a, BN_ULONG w);
+ int BN_cmp(BIGNUM *a, BIGNUM *b);
+ int BN_ucmp(BIGNUM *a, BIGNUM *b);
+ int BN_is_zero(BIGNUM *a);
+ int BN_is_one(BIGNUM *a);
+ int BN_is_word(BIGNUM *a, BN_ULONG w);
+ int BN_is_odd(BIGNUM *a);
+ int BN_zero(BIGNUM *a);
+ int BN_one(BIGNUM *a);
+ const BIGNUM *BN_value_one(void);
+ int BN_set_word(BIGNUM *a, unsigned long w);
+ unsigned long BN_get_word(BIGNUM *a);
+ int BN_rand(BIGNUM *rnd, int bits, int top, int bottom);
+ int BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom);
+ int BN_rand_range(BIGNUM *rnd, BIGNUM *range);
+ int BN_pseudo_rand_range(BIGNUM *rnd, BIGNUM *range);
+ BIGNUM *BN_generate_prime(BIGNUM *ret, int bits,int safe, BIGNUM *add,
+         BIGNUM *rem, void (*callback)(int, int, void *), void *cb_arg);
+ int BN_is_prime(const BIGNUM *p, int nchecks,
+         void (*callback)(int, int, void *), BN_CTX *ctx, void *cb_arg);
+ int BN_set_bit(BIGNUM *a, int n);
+ int BN_clear_bit(BIGNUM *a, int n);
+ int BN_is_bit_set(const BIGNUM *a, int n);
+ int BN_mask_bits(BIGNUM *a, int n);
+ int BN_lshift(BIGNUM *r, const BIGNUM *a, int n);
+ int BN_lshift1(BIGNUM *r, BIGNUM *a);
+ int BN_rshift(BIGNUM *r, BIGNUM *a, int n);
+ int BN_rshift1(BIGNUM *r, BIGNUM *a);
+ int BN_bn2bin(const BIGNUM *a, unsigned char *to);
+ BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret);
+ char *BN_bn2hex(const BIGNUM *a);
+ char *BN_bn2dec(const BIGNUM *a);
+ int BN_hex2bn(BIGNUM **a, const char *str);
+ int BN_dec2bn(BIGNUM **a, const char *str);
+ int BN_print(BIO *fp, const BIGNUM *a);
+ int BN_print_fp(FILE *fp, const BIGNUM *a);
+ int BN_bn2mpi(const BIGNUM *a, unsigned char *to);
+ BIGNUM *BN_mpi2bn(unsigned char *s, int len, BIGNUM *ret);
+ BIGNUM *BN_mod_inverse(BIGNUM *r, BIGNUM *a, const BIGNUM *n,
+     BN_CTX *ctx);
+ BN_RECP_CTX *BN_RECP_CTX_new(void);
+ void BN_RECP_CTX_init(BN_RECP_CTX *recp);
+ void BN_RECP_CTX_free(BN_RECP_CTX *recp);
+ int BN_RECP_CTX_set(BN_RECP_CTX *recp, const BIGNUM *m, BN_CTX *ctx);
+ int BN_mod_mul_reciprocal(BIGNUM *r, BIGNUM *a, BIGNUM *b,
+        BN_RECP_CTX *recp, BN_CTX *ctx);
+ BN_MONT_CTX *BN_MONT_CTX_new(void);
+ void BN_MONT_CTX_init(BN_MONT_CTX *ctx);
+ void BN_MONT_CTX_free(BN_MONT_CTX *mont);
+ int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *m, BN_CTX *ctx);
+ BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to, BN_MONT_CTX *from);
+ int BN_mod_mul_montgomery(BIGNUM *r, BIGNUM *a, BIGNUM *b,
+         BN_MONT_CTX *mont, BN_CTX *ctx);
+ int BN_from_montgomery(BIGNUM *r, BIGNUM *a, BN_MONT_CTX *mont,
+         BN_CTX *ctx);
+ int BN_to_montgomery(BIGNUM *r, BIGNUM *a, BN_MONT_CTX *mont,
+         BN_CTX *ctx);
+ BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai,
+        BIGNUM *mod);
+ void BN_BLINDING_free(BN_BLINDING *b);
+ int BN_BLINDING_update(BN_BLINDING *b,BN_CTX *ctx);
+ int BN_BLINDING_convert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx);
+ int BN_BLINDING_invert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx);
+ int BN_BLINDING_convert_ex(BIGNUM *n, BIGNUM *r, BN_BLINDING *b,
+        BN_CTX *ctx);
+ int BN_BLINDING_invert_ex(BIGNUM *n,const BIGNUM *r,BN_BLINDING *b,
+        BN_CTX *ctx);
+ unsigned long BN_BLINDING_get_thread_id(const BN_BLINDING *);
+ void BN_BLINDING_set_thread_id(BN_BLINDING *, unsigned long);
+ unsigned long BN_BLINDING_get_flags(const BN_BLINDING *);
+ void BN_BLINDING_set_flags(BN_BLINDING *, unsigned long);
+ BN_BLINDING *BN_BLINDING_create_param(BN_BLINDING *b,
+        const BIGNUM *e, BIGNUM *m, BN_CTX *ctx,
+        int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+                          const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx),
+        BN_MONT_CTX *m_ctx);
+=head1 DESCRIPTION
+This library performs arithmetic operations on integers of arbitrary
+size. It was written for use in public key cryptography, such as RSA
+and Diffie-Hellman.
+It uses dynamic memory allocation for storing its data structures.
+That means that there is no limit on the size of the numbers
+manipulated by these functions, but return values must always be
+checked in case a memory allocation error has occurred.
+The basic object in this library is a B<BIGNUM>. It is used to hold a
+single large integer. This type should be considered opaque and fields
+should not be modified or accessed directly.
+The creation of B<BIGNUM> objects is described in L<BN_new(3)|BN_new(3)>;
+L<BN_add(3)|BN_add(3)> describes most of the arithmetic operations.
+Comparison is described in L<BN_cmp(3)|BN_cmp(3)>; L<BN_zero(3)|BN_zero(3)>
+describes certain assignments, L<BN_rand(3)|BN_rand(3)> the generation of
+random numbers, L<BN_generate_prime(3)|BN_generate_prime(3)> deals with prime
+numbers and L<BN_set_bit(3)|BN_set_bit(3)> with bit operations. The conversion
+of B<BIGNUM>s to external formats is described in L<BN_bn2bin(3)|BN_bn2bin(3)>.
+=head1 SEE ALSO
+L<bn_internal(3)|bn_internal(3)>,
+L<dh(3)|dh(3)>, L<err(3)|err(3)>, L<rand(3)|rand(3)>, L<rsa(3)|rsa(3)>,
+L<BN_new(3)|BN_new(3)>, L<BN_CTX_new(3)|BN_CTX_new(3)>,
+L<BN_copy(3)|BN_copy(3)>, L<BN_swap(3)|BN_swap(3)>, L<BN_num_bytes(3)|BN_num_bytes(3)>,
+L<BN_add(3)|BN_add(3)>, L<BN_add_word(3)|BN_add_word(3)>,
+L<BN_cmp(3)|BN_cmp(3)>, L<BN_zero(3)|BN_zero(3)>, L<BN_rand(3)|BN_rand(3)>,
+L<BN_generate_prime(3)|BN_generate_prime(3)>, L<BN_set_bit(3)|BN_set_bit(3)>,
+L<BN_bn2bin(3)|BN_bn2bin(3)>, L<BN_mod_inverse(3)|BN_mod_inverse(3)>,
+L<BN_mod_mul_reciprocal(3)|BN_mod_mul_reciprocal(3)>,
+L<BN_mod_mul_montgomery(3)|BN_mod_mul_montgomery(3)>,
+L<BN_BLINDING_new(3)|BN_BLINDING_new(3)>
+=cut
diff --git a/src/lib/libcrypto/doc/d2i_ASN1_OBJECT.pod b/src/lib/libcrypto/doc/d2i_ASN1_OBJECT.pod
new file mode 100644
index 0000000000..45bb18492c
--- /dev/null
+++ b/src/lib/libcrypto/doc/d2i_ASN1_OBJECT.pod
@@ -0,0 +1,29 @@
+=pod
+=head1 NAME
+d2i_ASN1_OBJECT, i2d_ASN1_OBJECT - ASN1 OBJECT IDENTIFIER functions
+=head1 SYNOPSIS
+ #include <openssl/objects.h>
+ ASN1_OBJECT *d2i_ASN1_OBJECT(ASN1_OBJECT **a, unsigned char **pp, long length);
+ int i2d_ASN1_OBJECT(ASN1_OBJECT *a, unsigned char **pp);
+=head1 DESCRIPTION
+These functions decode and encode an ASN1 OBJECT IDENTIFIER.
+Othewise these behave in a similar way to d2i_X509() and i2d_X509()
+described in the L<d2i_X509(3)|d2i_X509(3)> manual page.
+=head1 SEE ALSO
+L<d2i_X509(3)|d2i_X509(3)>
+=head1 HISTORY
+TBA
+=cut
diff --git a/src/lib/libcrypto/doc/d2i_DHparams.pod b/src/lib/libcrypto/doc/d2i_DHparams.pod
new file mode 100644
index 0000000000..1e98aebeca
--- /dev/null
+++ b/src/lib/libcrypto/doc/d2i_DHparams.pod
@@ -0,0 +1,30 @@
+=pod
+=head1 NAME
+d2i_DHparams, i2d_DHparams - PKCS#3 DH parameter functions.
+=head1 SYNOPSIS
+ #include <openssl/dh.h>
+ DH *d2i_DHparams(DH **a, unsigned char **pp, long length);
+ int i2d_DHparams(DH *a, unsigned char **pp);
+=head1 DESCRIPTION
+These functions decode and encode PKCS#3 DH parameters using the
+DHparameter structure described in PKCS#3.
+Othewise these behave in a similar way to d2i_X509() and i2d_X509()
+described in the L<d2i_X509(3)|d2i_X509(3)> manual page.
+=head1 SEE ALSO
+L<d2i_X509(3)|d2i_X509(3)>
+=head1 HISTORY
+TBA
+=cut
diff --git a/src/lib/libcrypto/doc/d2i_DSAPublicKey.pod b/src/lib/libcrypto/doc/d2i_DSAPublicKey.pod
new file mode 100644
index 0000000000..22c1b50f22
--- /dev/null
+++ b/src/lib/libcrypto/doc/d2i_DSAPublicKey.pod
@@ -0,0 +1,83 @@
+=pod
+=head1 NAME
+d2i_DSAPublicKey, i2d_DSAPublicKey, d2i_DSAPrivateKey, i2d_DSAPrivateKey,
+d2i_DSA_PUBKEY, i2d_DSA_PUBKEY, d2i_DSA_SIG, i2d_DSA_SIG - DSA key encoding
+and parsing functions.
+=head1 SYNOPSIS
+ #include <openssl/dsa.h>
+ #include <openssl/x509.h>
+ DSA * d2i_DSAPublicKey(DSA **a, const unsigned char **pp, long length);
+ int i2d_DSAPublicKey(const DSA *a, unsigned char **pp);
+ DSA * d2i_DSA_PUBKEY(DSA **a, const unsigned char **pp, long length);
+ int i2d_DSA_PUBKEY(const DSA *a, unsigned char **pp);
+ DSA * d2i_DSAPrivateKey(DSA **a, const unsigned char **pp, long length);
+ int i2d_DSAPrivateKey(const DSA *a, unsigned char **pp);
+ DSA * d2i_DSAparams(DSA **a, const unsigned char **pp, long length);
+ int i2d_DSAparams(const DSA *a, unsigned char **pp);
+ DSA * d2i_DSA_SIG(DSA_SIG **a, const unsigned char **pp, long length);
+ int i2d_DSA_SIG(const DSA_SIG *a, unsigned char **pp);
+=head1 DESCRIPTION
+d2i_DSAPublicKey() and i2d_DSAPublicKey() decode and encode the DSA public key
+components structure.
+d2i_DSA_PUBKEY() and i2d_DSA_PUBKEY() decode and encode an DSA public key using
+a SubjectPublicKeyInfo (certificate public key) structure.
+d2i_DSAPrivateKey(), i2d_DSAPrivateKey() decode and encode the DSA private key
+components.
+d2i_DSAparams(), i2d_DSAparams() decode and encode the DSA parameters using
+a B<Dss-Parms> structure as defined in RFC2459.
+d2i_DSA_SIG(), i2d_DSA_SIG() decode and encode a DSA signature using a
+B<Dss-Sig-Value> structure as defined in RFC2459.
+The usage of all of these functions is similar to the d2i_X509() and
+i2d_X509() described in the L<d2i_X509(3)|d2i_X509(3)> manual page.
+=head1 NOTES
+The B<DSA> structure passed to the private key encoding functions should have
+all the private key components present.
+The data encoded by the private key functions is unencrypted and therefore 
+offers no private key security.
+The B<DSA_PUBKEY> functions should be used in preference to the B<DSAPublicKey>
+functions when encoding public keys because they use a standard format.
+The B<DSAPublicKey> functions use an non standard format the actual data encoded
+depends on the value of the B<write_params> field of the B<a> key parameter.
+If B<write_params> is zero then only the B<pub_key> field is encoded as an
+B<INTEGER>. If B<write_params> is 1 then a B<SEQUENCE> consisting of the
+B<p>, B<q>, B<g> and B<pub_key> respectively fields are encoded.
+The B<DSAPrivateKey> functions also use a non standard structure consiting
+consisting of a SEQUENCE containing the B<p>, B<q>, B<g> and B<pub_key> and
+B<priv_key> fields respectively.
+=head1 SEE ALSO
+L<d2i_X509(3)|d2i_X509(3)>
+=head1 HISTORY
+TBA
+=cut
diff --git a/src/lib/libcrypto/doc/d2i_RSAPublicKey.pod b/src/lib/libcrypto/doc/d2i_RSAPublicKey.pod
new file mode 100644
index 0000000000..aa6078bcf6
--- /dev/null
+++ b/src/lib/libcrypto/doc/d2i_RSAPublicKey.pod
@@ -0,0 +1,67 @@
+=pod
+=head1 NAME
+d2i_RSAPublicKey, i2d_RSAPublicKey, d2i_RSAPrivateKey, i2d_RSAPrivateKey,
+d2i_RSA_PUBKEY, i2d_RSA_PUBKEY, i2d_Netscape_RSA,
+d2i_Netscape_RSA - RSA public and private key encoding functions.
+=head1 SYNOPSIS
+ #include <openssl/rsa.h>
+ #include <openssl/x509.h>
+ RSA * d2i_RSAPublicKey(RSA **a, const unsigned char **pp, long length);
+ int i2d_RSAPublicKey(RSA *a, unsigned char **pp);
+ RSA * d2i_RSA_PUBKEY(RSA **a, const unsigned char **pp, long length);
+ int i2d_RSA_PUBKEY(RSA *a, unsigned char **pp);
+ RSA * d2i_RSAPrivateKey(RSA **a, const unsigned char **pp, long length);
+ int i2d_RSAPrivateKey(RSA *a, unsigned char **pp);
+ int i2d_Netscape_RSA(RSA *a, unsigned char **pp, int (*cb)());
+ RSA * d2i_Netscape_RSA(RSA **a, const unsigned char **pp, long length, int (*cb)());
+=head1 DESCRIPTION
+d2i_RSAPublicKey() and i2d_RSAPublicKey() decode and encode a PKCS#1 RSAPublicKey
+structure.
+d2i_RSA_PUBKEY() and i2d_RSA_PUBKEY() decode and encode an RSA public key using
+a SubjectPublicKeyInfo (certificate public key) structure.
+d2i_RSAPrivateKey(), i2d_RSAPrivateKey() decode and encode a PKCS#1 RSAPrivateKey
+structure.
+d2i_Netscape_RSA(), i2d_Netscape_RSA() decode and encode an RSA private key in
+NET format.
+The usage of all of these functions is similar to the d2i_X509() and
+i2d_X509() described in the L<d2i_X509(3)|d2i_X509(3)> manual page.
+=head1 NOTES
+The B<RSA> structure passed to the private key encoding functions should have
+all the PKCS#1 private key components present.
+The data encoded by the private key functions is unencrypted and therefore 
+offers no private key security. 
+The NET format functions are present to provide compatibility with certain very
+old software. This format has some severe security weaknesses and should be
+avoided if possible.
+=head1 SEE ALSO
+L<d2i_X509(3)|d2i_X509(3)>
+=head1 HISTORY
+TBA
+=cut
diff --git a/src/lib/libcrypto/doc/d2i_X509.pod b/src/lib/libcrypto/doc/d2i_X509.pod
new file mode 100644
index 0000000000..298ec54a4c
--- /dev/null
+++ b/src/lib/libcrypto/doc/d2i_X509.pod
@@ -0,0 +1,231 @@
+=pod
+=head1 NAME
+d2i_X509, i2d_X509, d2i_X509_bio, d2i_X509_fp, i2d_X509_bio,
+i2d_X509_fp - X509 encode and decode functions
+=head1 SYNOPSIS
+ #include <openssl/x509.h>
+ X509 *d2i_X509(X509 **px, const unsigned char **in, int len);
+ int i2d_X509(X509 *x, unsigned char **out);
+ X509 *d2i_X509_bio(BIO *bp, X509 **x);
+ X509 *d2i_X509_fp(FILE *fp, X509 **x);
+ int i2d_X509_bio(BIO *bp, X509 *x);
+ int i2d_X509_fp(FILE *fp, X509 *x);
+=head1 DESCRIPTION
+The X509 encode and decode routines encode and parse an
+B<X509> structure, which represents an X509 certificate.
+d2i_X509() attempts to decode B<len> bytes at B<*in>. If 
+successful a pointer to the B<X509> structure is returned. If an error
+occurred then B<NULL> is returned. If B<px> is not B<NULL> then the
+returned structure is written to B<*px>. If B<*px> is not B<NULL>
+then it is assumed that B<*px> contains a valid B<X509>
+structure and an attempt is made to reuse it. If the call is
+successful B<*in> is incremented to the byte following the
+parsed data.
+i2d_X509() encodes the structure pointed to by B<x> into DER format.
+If B<out> is not B<NULL> is writes the DER encoded data to the buffer
+at B<*out>, and increments it to point after the data just written.
+If the return value is negative an error occurred, otherwise it
+returns the length of the encoded data. 
+For OpenSSL 0.9.7 and later if B<*out> is B<NULL> memory will be
+allocated for a buffer and the encoded data written to it. In this
+case B<*out> is not incremented and it points to the start of the
+data just written.
+d2i_X509_bio() is similar to d2i_X509() except it attempts
+to parse data from BIO B<bp>.
+d2i_X509_fp() is similar to d2i_X509() except it attempts
+to parse data from FILE pointer B<fp>.
+i2d_X509_bio() is similar to i2d_X509() except it writes
+the encoding of the structure B<x> to BIO B<bp> and it
+returns 1 for success and 0 for failure.
+i2d_X509_fp() is similar to i2d_X509() except it writes
+the encoding of the structure B<x> to BIO B<bp> and it
+returns 1 for success and 0 for failure.
+=head1 NOTES
+The letters B<i> and B<d> in for example B<i2d_X509> stand for
+"internal" (that is an internal C structure) and "DER". So that
+B<i2d_X509> converts from internal to DER.
+The functions can also understand B<BER> forms.
+The actual X509 structure passed to i2d_X509() must be a valid
+populated B<X509> structure it can B<not> simply be fed with an
+empty structure such as that returned by X509_new().
+The encoded data is in binary form and may contain embedded zeroes.
+Therefore any FILE pointers or BIOs should be opened in binary mode.
+Functions such as B<strlen()> will B<not> return the correct length
+of the encoded structure.
+The ways that B<*in> and B<*out> are incremented after the operation
+can trap the unwary. See the B<WARNINGS> section for some common
+errors.
+The reason for the auto increment behaviour is to reflect a typical
+usage of ASN1 functions: after one structure is encoded or decoded
+another will processed after it.
+=head1 EXAMPLES
+Allocate and encode the DER encoding of an X509 structure:
+ int len;
+ unsigned char *buf, *p;
+ len = i2d_X509(x, NULL);
+ buf = OPENSSL_malloc(len);
+ if (buf == NULL)
+        /* error */
+ p = buf;
+ i2d_X509(x, &p);
+If you are using OpenSSL 0.9.7 or later then this can be
+simplified to:
+ int len;
+ unsigned char *buf;
+ buf = NULL;
+ len = i2d_X509(x, &buf);
+ if (len < 0)
+        /* error */
+Attempt to decode a buffer:
+ X509 *x;
+ unsigned char *buf, *p;
+ int len;
+ /* Something to setup buf and len */
+ p = buf;
+ x = d2i_X509(NULL, &p, len);
+ if (x == NULL)
+    /* Some error */
+Alternative technique:
+ X509 *x;
+ unsigned char *buf, *p;
+ int len;
+ /* Something to setup buf and len */
+ p = buf;
+ x = NULL;
+ if(!d2i_X509(&x, &p, len))
+    /* Some error */
+=head1 WARNINGS
+The use of temporary variable is mandatory. A common
+mistake is to attempt to use a buffer directly as follows:
+ int len;
+ unsigned char *buf;
+ len = i2d_X509(x, NULL);
+ buf = OPENSSL_malloc(len);
+ if (buf == NULL)
+        /* error */
+ i2d_X509(x, &buf);
+ /* Other stuff ... */
+ OPENSSL_free(buf);
+This code will result in B<buf> apparently containing garbage because
+it was incremented after the call to point after the data just written.
+Also B<buf> will no longer contain the pointer allocated by B<OPENSSL_malloc()>
+and the subsequent call to B<OPENSSL_free()> may well crash.
+The auto allocation feature (setting buf to NULL) only works on OpenSSL
+0.9.7 and later. Attempts to use it on earlier versions will typically
+cause a segmentation violation.
+Another trap to avoid is misuse of the B<xp> argument to B<d2i_X509()>:
+ X509 *x;
+ if (!d2i_X509(&x, &p, len))
+        /* Some error */
+This will probably crash somewhere in B<d2i_X509()>. The reason for this
+is that the variable B<x> is uninitialized and an attempt will be made to
+interpret its (invalid) value as an B<X509> structure, typically causing
+a segmentation violation. If B<x> is set to NULL first then this will not
+happen.
+=head1 BUGS
+In some versions of OpenSSL the "reuse" behaviour of d2i_X509() when 
+B<*px> is valid is broken and some parts of the reused structure may
+persist if they are not present in the new one. As a result the use
+of this "reuse" behaviour is strongly discouraged.
+i2d_X509() will not return an error in many versions of OpenSSL,
+if mandatory fields are not initialized due to a programming error
+then the encoded structure may contain invalid data or omit the
+fields entirely and will not be parsed by d2i_X509(). This may be
+fixed in future so code should not assume that i2d_X509() will
+always succeed.
+=head1 RETURN VALUES
+d2i_X509(), d2i_X509_bio() and d2i_X509_fp() return a valid B<X509> structure
+or B<NULL> if an error occurs. The error code that can be obtained by
+L<ERR_get_error(3)|ERR_get_error(3)>. 
+i2d_X509() returns the number of bytes successfully encoded or a negative
+value if an error occurs. The error code can be obtained by
+L<ERR_get_error(3)|ERR_get_error(3)>. 
+i2d_X509_bio() and i2d_X509_fp() return 1 for success and 0 if an error 
+occurs The error code can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>. 
+=head1 SEE ALSO
+L<ERR_get_error(3)|ERR_get_error(3)>
+=head1 HISTORY
+d2i_X509, i2d_X509, d2i_X509_bio, d2i_X509_fp, i2d_X509_bio and i2d_X509_fp
+are available in all versions of SSLeay and OpenSSL.
+=cut
diff --git a/src/lib/libcrypto/doc/d2i_X509_ALGOR.pod b/src/lib/libcrypto/doc/d2i_X509_ALGOR.pod
new file mode 100644
index 0000000000..9e5cd92ca7
--- /dev/null
+++ b/src/lib/libcrypto/doc/d2i_X509_ALGOR.pod
@@ -0,0 +1,30 @@
+=pod
+=head1 NAME
+d2i_X509_ALGOR, i2d_X509_ALGOR - AlgorithmIdentifier functions.
+=head1 SYNOPSIS
+ #include <openssl/x509.h>
+ X509_ALGOR *d2i_X509_ALGOR(X509_ALGOR **a, unsigned char **pp, long length);
+ int i2d_X509_ALGOR(X509_ALGOR *a, unsigned char **pp);
+=head1 DESCRIPTION
+These functions decode and encode an B<X509_ALGOR> structure which is
+equivalent to the B<AlgorithmIdentifier> structure.
+Othewise these behave in a similar way to d2i_X509() and i2d_X509()
+described in the L<d2i_X509(3)|d2i_X509(3)> manual page.
+=head1 SEE ALSO
+L<d2i_X509(3)|d2i_X509(3)>
+=head1 HISTORY
+TBA
+=cut
diff --git a/src/lib/libcrypto/doc/d2i_X509_CRL.pod b/src/lib/libcrypto/doc/d2i_X509_CRL.pod
new file mode 100644
index 0000000000..224f9e082b
--- /dev/null
+++ b/src/lib/libcrypto/doc/d2i_X509_CRL.pod
@@ -0,0 +1,37 @@
+=pod
+=head1 NAME
+d2i_X509_CRL, i2d_X509_CRL, d2i_X509_CRL_bio, d2i_509_CRL_fp,
+i2d_X509_CRL_bio, i2d_X509_CRL_fp - PKCS#10 certificate request functions.
+=head1 SYNOPSIS
+ #include <openssl/x509.h>
+ X509_CRL *d2i_X509_CRL(X509_CRL **a, const unsigned char **pp, long length);
+ int i2d_X509_CRL(X509_CRL *a, unsigned char **pp);
+ X509_CRL *d2i_X509_CRL_bio(BIO *bp, X509_CRL **x);
+ X509_CRL *d2i_X509_CRL_fp(FILE *fp, X509_CRL **x);
+ int i2d_X509_CRL_bio(BIO *bp, X509_CRL *x);
+ int i2d_X509_CRL_fp(FILE *fp, X509_CRL *x);
+=head1 DESCRIPTION
+These functions decode and encode an X509 CRL (certificate revocation
+list).
+Othewise the functions behave in a similar way to d2i_X509() and i2d_X509()
+described in the L<d2i_X509(3)|d2i_X509(3)> manual page.
+=head1 SEE ALSO
+L<d2i_X509(3)|d2i_X509(3)>
+=head1 HISTORY
+TBA
+=cut
diff --git a/src/lib/libcrypto/doc/d2i_X509_NAME.pod b/src/lib/libcrypto/doc/d2i_X509_NAME.pod
new file mode 100644
index 0000000000..343ffe1519
--- /dev/null
+++ b/src/lib/libcrypto/doc/d2i_X509_NAME.pod
@@ -0,0 +1,31 @@
+=pod
+=head1 NAME
+d2i_X509_NAME, i2d_X509_NAME - X509_NAME encoding functions
+=head1 SYNOPSIS
+ #include <openssl/x509.h>
+ X509_NAME *d2i_X509_NAME(X509_NAME **a, unsigned char **pp, long length);
+ int i2d_X509_NAME(X509_NAME *a, unsigned char **pp);
+=head1 DESCRIPTION
+These functions decode and encode an B<X509_NAME> structure which is the
+the same as the B<Name> type defined in RFC2459 (and elsewhere) and used
+for example in certificate subject and issuer names.
+Othewise the functions behave in a similar way to d2i_X509() and i2d_X509()
+described in the L<d2i_X509(3)|d2i_X509(3)> manual page.
+=head1 SEE ALSO
+L<d2i_X509(3)|d2i_X509(3)>
+=head1 HISTORY
+TBA
+=cut
diff --git a/src/lib/libcrypto/doc/d2i_X509_REQ.pod b/src/lib/libcrypto/doc/d2i_X509_REQ.pod
new file mode 100644
index 0000000000..91c0c1974b
--- /dev/null
+++ b/src/lib/libcrypto/doc/d2i_X509_REQ.pod
@@ -0,0 +1,36 @@
+=pod
+=head1 NAME
+d2i_X509_REQ, i2d_X509_REQ, d2i_X509_REQ_bio, d2i_X509_REQ_fp,
+i2d_X509_REQ_bio, i2d_X509_REQ_fp - PKCS#10 certificate request functions.
+=head1 SYNOPSIS
+ #include <openssl/x509.h>
+ X509_REQ *d2i_X509_REQ(X509_REQ **a, const unsigned char **pp, long length);
+ int i2d_X509_REQ(X509_REQ *a, unsigned char **pp);
+ X509_REQ *d2i_X509_REQ_bio(BIO *bp, X509_REQ **x);
+ X509_REQ *d2i_X509_REQ_fp(FILE *fp, X509_REQ **x);
+ int i2d_X509_REQ_bio(BIO *bp, X509_REQ *x);
+ int i2d_X509_REQ_fp(FILE *fp, X509_REQ *x);
+=head1 DESCRIPTION
+These functions decode and encode a PKCS#10 certificate request.
+Othewise these behave in a similar way to d2i_X509() and i2d_X509()
+described in the L<d2i_X509(3)|d2i_X509(3)> manual page.
+=head1 SEE ALSO
+L<d2i_X509(3)|d2i_X509(3)>
+=head1 HISTORY
+TBA
+=cut
diff --git a/src/lib/libcrypto/doc/d2i_X509_SIG.pod b/src/lib/libcrypto/doc/d2i_X509_SIG.pod
new file mode 100644
index 0000000000..e48fd79a51
--- /dev/null
+++ b/src/lib/libcrypto/doc/d2i_X509_SIG.pod
@@ -0,0 +1,30 @@
+=pod
+=head1 NAME
+d2i_X509_SIG, i2d_X509_SIG - DigestInfo functions.
+=head1 SYNOPSIS
+ #include <openssl/x509.h>
+ X509_SIG *d2i_X509_SIG(X509_SIG **a, unsigned char **pp, long length);
+ int i2d_X509_SIG(X509_SIG *a, unsigned char **pp);
+=head1 DESCRIPTION
+These functions decode and encode an X509_SIG structure which is
+equivalent to the B<DigestInfo> structure defined in PKCS#1 and PKCS#7.
+Othewise these behave in a similar way to d2i_X509() and i2d_X509()
+described in the L<d2i_X509(3)|d2i_X509(3)> manual page.
+=head1 SEE ALSO
+L<d2i_X509(3)|d2i_X509(3)>
+=head1 HISTORY
+TBA
+=cut
diff --git a/src/lib/libcrypto/doc/dh.pod b/src/lib/libcrypto/doc/dh.pod
new file mode 100644
index 0000000000..c3ccd06207
--- /dev/null
+++ b/src/lib/libcrypto/doc/dh.pod
@@ -0,0 +1,78 @@
+=pod
+=head1 NAME
+dh - Diffie-Hellman key agreement
+=head1 SYNOPSIS
+ #include <openssl/dh.h>
+ #include <openssl/engine.h>
+ DH *   DH_new(void);
+ void   DH_free(DH *dh);
+ int    DH_size(const DH *dh);
+ DH *   DH_generate_parameters(int prime_len, int generator,
+                void (*callback)(int, int, void *), void *cb_arg);
+ int    DH_check(const DH *dh, int *codes);
+ int    DH_generate_key(DH *dh);
+ int    DH_compute_key(unsigned char *key, BIGNUM *pub_key, DH *dh);
+ void DH_set_default_method(const DH_METHOD *meth);
+ const DH_METHOD *DH_get_default_method(void);
+ int DH_set_method(DH *dh, const DH_METHOD *meth);
+ DH *DH_new_method(ENGINE *engine);
+ const DH_METHOD *DH_OpenSSL(void);
+ int DH_get_ex_new_index(long argl, char *argp, int (*new_func)(),
+             int (*dup_func)(), void (*free_func)());
+ int DH_set_ex_data(DH *d, int idx, char *arg);
+ char *DH_get_ex_data(DH *d, int idx);
+ DH *   d2i_DHparams(DH **a, unsigned char **pp, long length);
+ int    i2d_DHparams(const DH *a, unsigned char **pp);
+ int    DHparams_print_fp(FILE *fp, const DH *x);
+ int    DHparams_print(BIO *bp, const DH *x);
+=head1 DESCRIPTION
+These functions implement the Diffie-Hellman key agreement protocol.
+The generation of shared DH parameters is described in
+L<DH_generate_parameters(3)|DH_generate_parameters(3)>; L<DH_generate_key(3)|DH_generate_key(3)> describes how
+to perform a key agreement.
+The B<DH> structure consists of several BIGNUM components.
+ struct
+        {
+        BIGNUM *p;              // prime number (shared)
+        BIGNUM *g;              // generator of Z_p (shared)
+        BIGNUM *priv_key;       // private DH value x
+        BIGNUM *pub_key;        // public DH value g^x
+        // ...
+        };
+ DH
+Note that DH keys may use non-standard B<DH_METHOD> implementations,
+either directly or by the use of B<ENGINE> modules. In some cases (eg. an
+ENGINE providing support for hardware-embedded keys), these BIGNUM values
+will not be used by the implementation or may be used for alternative data
+storage. For this reason, applications should generally avoid using DH
+structure elements directly and instead use API functions to query or
+modify keys.
+=head1 SEE ALSO
+L<dhparam(1)|dhparam(1)>, L<bn(3)|bn(3)>, L<dsa(3)|dsa(3)>, L<err(3)|err(3)>,
+L<rand(3)|rand(3)>, L<rsa(3)|rsa(3)>, L<engine(3)|engine(3)>,
+L<DH_set_method(3)|DH_set_method(3)>, L<DH_new(3)|DH_new(3)>,
+L<DH_get_ex_new_index(3)|DH_get_ex_new_index(3)>,
+L<DH_generate_parameters(3)|DH_generate_parameters(3)>,
+L<DH_compute_key(3)|DH_compute_key(3)>, L<d2i_DHparams(3)|d2i_DHparams(3)>,
+L<RSA_print(3)|RSA_print(3)> 
+=cut
diff --git a/src/lib/libcrypto/doc/dsa.pod b/src/lib/libcrypto/doc/dsa.pod
new file mode 100644
index 0000000000..ae2e5d81f9
--- /dev/null
+++ b/src/lib/libcrypto/doc/dsa.pod
@@ -0,0 +1,113 @@
+=pod
+=head1 NAME
+dsa - Digital Signature Algorithm
+=head1 SYNOPSIS
+ #include <openssl/dsa.h>
+ #include <openssl/engine.h>
+ DSA *  DSA_new(void);
+ void   DSA_free(DSA *dsa);
+ int    DSA_size(const DSA *dsa);
+ DSA *  DSA_generate_parameters(int bits, unsigned char *seed,
+                int seed_len, int *counter_ret, unsigned long *h_ret,
+                void (*callback)(int, int, void *), void *cb_arg);
+ DH *   DSA_dup_DH(const DSA *r);
+ int    DSA_generate_key(DSA *dsa);
+ int    DSA_sign(int dummy, const unsigned char *dgst, int len,
+                unsigned char *sigret, unsigned int *siglen, DSA *dsa);
+ int    DSA_sign_setup(DSA *dsa, BN_CTX *ctx, BIGNUM **kinvp,
+                BIGNUM **rp);
+ int    DSA_verify(int dummy, const unsigned char *dgst, int len,
+                const unsigned char *sigbuf, int siglen, DSA *dsa);
+ void DSA_set_default_method(const DSA_METHOD *meth);
+ const DSA_METHOD *DSA_get_default_method(void);
+ int DSA_set_method(DSA *dsa, const DSA_METHOD *meth);
+ DSA *DSA_new_method(ENGINE *engine);
+ const DSA_METHOD *DSA_OpenSSL(void);
+ int DSA_get_ex_new_index(long argl, char *argp, int (*new_func)(),
+             int (*dup_func)(), void (*free_func)());
+ int DSA_set_ex_data(DSA *d, int idx, char *arg);
+ char *DSA_get_ex_data(DSA *d, int idx);
+ DSA_SIG *DSA_SIG_new(void);
+ void   DSA_SIG_free(DSA_SIG *a);
+ int    i2d_DSA_SIG(const DSA_SIG *a, unsigned char **pp);
+ DSA_SIG *d2i_DSA_SIG(DSA_SIG **v, unsigned char **pp, long length);
+ DSA_SIG *DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa);
+ int    DSA_do_verify(const unsigned char *dgst, int dgst_len,
+             DSA_SIG *sig, DSA *dsa);
+ DSA *  d2i_DSAPublicKey(DSA **a, unsigned char **pp, long length);
+ DSA *  d2i_DSAPrivateKey(DSA **a, unsigned char **pp, long length);
+ DSA *  d2i_DSAparams(DSA **a, unsigned char **pp, long length);
+ int    i2d_DSAPublicKey(const DSA *a, unsigned char **pp);
+ int    i2d_DSAPrivateKey(const DSA *a, unsigned char **pp);
+ int    i2d_DSAparams(const DSA *a,unsigned char **pp);
+ int    DSAparams_print(BIO *bp, const DSA *x);
+ int    DSAparams_print_fp(FILE *fp, const DSA *x);
+ int    DSA_print(BIO *bp, const DSA *x, int off);
+ int    DSA_print_fp(FILE *bp, const DSA *x, int off);
+=head1 DESCRIPTION
+These functions implement the Digital Signature Algorithm (DSA).  The
+generation of shared DSA parameters is described in
+L<DSA_generate_parameters(3)|DSA_generate_parameters(3)>;
+L<DSA_generate_key(3)|DSA_generate_key(3)> describes how to
+generate a signature key. Signature generation and verification are
+described in L<DSA_sign(3)|DSA_sign(3)>.
+The B<DSA> structure consists of several BIGNUM components.
+ struct
+        {
+        BIGNUM *p;              // prime number (public)
+        BIGNUM *q;              // 160-bit subprime, q | p-1 (public)
+        BIGNUM *g;              // generator of subgroup (public)
+        BIGNUM *priv_key;       // private key x
+        BIGNUM *pub_key;        // public key y = g^x
+        // ...
+        }
+ DSA;
+In public keys, B<priv_key> is NULL.
+Note that DSA keys may use non-standard B<DSA_METHOD> implementations,
+either directly or by the use of B<ENGINE> modules. In some cases (eg. an
+ENGINE providing support for hardware-embedded keys), these BIGNUM values
+will not be used by the implementation or may be used for alternative data
+storage. For this reason, applications should generally avoid using DSA
+structure elements directly and instead use API functions to query or
+modify keys.
+=head1 CONFORMING TO
+US Federal Information Processing Standard FIPS 186 (Digital Signature
+Standard, DSS), ANSI X9.30
+=head1 SEE ALSO
+L<bn(3)|bn(3)>, L<dh(3)|dh(3)>, L<err(3)|err(3)>, L<rand(3)|rand(3)>,
+L<rsa(3)|rsa(3)>, L<SHA1(3)|SHA1(3)>, L<DSA_new(3)|DSA_new(3)>,
+L<DSA_size(3)|DSA_size(3)>,
+L<DSA_generate_parameters(3)|DSA_generate_parameters(3)>,
+L<DSA_dup_DH(3)|DSA_dup_DH(3)>,
+L<DSA_generate_key(3)|DSA_generate_key(3)>,
+L<DSA_sign(3)|DSA_sign(3)>, L<DSA_set_method(3)|DSA_set_method(3)>,
+L<DSA_get_ex_new_index(3)|DSA_get_ex_new_index(3)>,
+L<RSA_print(3)|RSA_print(3)>
+=cut
diff --git a/src/lib/libcrypto/doc/engine.pod b/src/lib/libcrypto/doc/engine.pod
new file mode 100644
index 0000000000..f5ab1c3e50
--- /dev/null
+++ b/src/lib/libcrypto/doc/engine.pod
@@ -0,0 +1,599 @@
+=pod
+=head1 NAME
+engine - ENGINE cryptographic module support
+=head1 SYNOPSIS
+ #include <openssl/engine.h>
+ ENGINE *ENGINE_get_first(void);
+ ENGINE *ENGINE_get_last(void);
+ ENGINE *ENGINE_get_next(ENGINE *e);
+ ENGINE *ENGINE_get_prev(ENGINE *e);
+ int ENGINE_add(ENGINE *e);
+ int ENGINE_remove(ENGINE *e);
+ ENGINE *ENGINE_by_id(const char *id);
+ int ENGINE_init(ENGINE *e);
+ int ENGINE_finish(ENGINE *e);
+ void ENGINE_load_openssl(void);
+ void ENGINE_load_dynamic(void);
+ #ifndef OPENSSL_NO_STATIC_ENGINE
+ void ENGINE_load_4758cca(void);
+ void ENGINE_load_aep(void);
+ void ENGINE_load_atalla(void);
+ void ENGINE_load_chil(void);
+ void ENGINE_load_cswift(void);
+ void ENGINE_load_gmp(void);
+ void ENGINE_load_nuron(void);
+ void ENGINE_load_sureware(void);
+ void ENGINE_load_ubsec(void);
+ #endif
+ void ENGINE_load_cryptodev(void);
+ void ENGINE_load_builtin_engines(void);
+ void ENGINE_cleanup(void);
+ ENGINE *ENGINE_get_default_RSA(void);
+ ENGINE *ENGINE_get_default_DSA(void);
+ ENGINE *ENGINE_get_default_ECDH(void);
+ ENGINE *ENGINE_get_default_ECDSA(void);
+ ENGINE *ENGINE_get_default_DH(void);
+ ENGINE *ENGINE_get_default_RAND(void);
+ ENGINE *ENGINE_get_cipher_engine(int nid);
+ ENGINE *ENGINE_get_digest_engine(int nid);
+ int ENGINE_set_default_RSA(ENGINE *e);
+ int ENGINE_set_default_DSA(ENGINE *e);
+ int ENGINE_set_default_ECDH(ENGINE *e);
+ int ENGINE_set_default_ECDSA(ENGINE *e);
+ int ENGINE_set_default_DH(ENGINE *e);
+ int ENGINE_set_default_RAND(ENGINE *e);
+ int ENGINE_set_default_ciphers(ENGINE *e);
+ int ENGINE_set_default_digests(ENGINE *e);
+ int ENGINE_set_default_string(ENGINE *e, const char *list);
+ int ENGINE_set_default(ENGINE *e, unsigned int flags);
+ unsigned int ENGINE_get_table_flags(void);
+ void ENGINE_set_table_flags(unsigned int flags);
+ int ENGINE_register_RSA(ENGINE *e);
+ void ENGINE_unregister_RSA(ENGINE *e);
+ void ENGINE_register_all_RSA(void);
+ int ENGINE_register_DSA(ENGINE *e);
+ void ENGINE_unregister_DSA(ENGINE *e);
+ void ENGINE_register_all_DSA(void);
+ int ENGINE_register_ECDH(ENGINE *e);
+ void ENGINE_unregister_ECDH(ENGINE *e);
+ void ENGINE_register_all_ECDH(void);
+ int ENGINE_register_ECDSA(ENGINE *e);
+ void ENGINE_unregister_ECDSA(ENGINE *e);
+ void ENGINE_register_all_ECDSA(void);
+ int ENGINE_register_DH(ENGINE *e);
+ void ENGINE_unregister_DH(ENGINE *e);
+ void ENGINE_register_all_DH(void);
+ int ENGINE_register_RAND(ENGINE *e);
+ void ENGINE_unregister_RAND(ENGINE *e);
+ void ENGINE_register_all_RAND(void);
+ int ENGINE_register_STORE(ENGINE *e);
+ void ENGINE_unregister_STORE(ENGINE *e);
+ void ENGINE_register_all_STORE(void);
+ int ENGINE_register_ciphers(ENGINE *e);
+ void ENGINE_unregister_ciphers(ENGINE *e);
+ void ENGINE_register_all_ciphers(void);
+ int ENGINE_register_digests(ENGINE *e);
+ void ENGINE_unregister_digests(ENGINE *e);
+ void ENGINE_register_all_digests(void);
+ int ENGINE_register_complete(ENGINE *e);
+ int ENGINE_register_all_complete(void);
+ int ENGINE_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void));
+ int ENGINE_cmd_is_executable(ENGINE *e, int cmd);
+ int ENGINE_ctrl_cmd(ENGINE *e, const char *cmd_name,
+         long i, void *p, void (*f)(void), int cmd_optional);
+ int ENGINE_ctrl_cmd_string(ENGINE *e, const char *cmd_name, const char *arg,
+         int cmd_optional);
+ int ENGINE_set_ex_data(ENGINE *e, int idx, void *arg);
+ void *ENGINE_get_ex_data(const ENGINE *e, int idx);
+ int ENGINE_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
+         CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
+ ENGINE *ENGINE_new(void);
+ int ENGINE_free(ENGINE *e);
+ int ENGINE_up_ref(ENGINE *e);
+ int ENGINE_set_id(ENGINE *e, const char *id);
+ int ENGINE_set_name(ENGINE *e, const char *name);
+ int ENGINE_set_RSA(ENGINE *e, const RSA_METHOD *rsa_meth);
+ int ENGINE_set_DSA(ENGINE *e, const DSA_METHOD *dsa_meth);
+ int ENGINE_set_ECDH(ENGINE *e, const ECDH_METHOD *dh_meth);
+ int ENGINE_set_ECDSA(ENGINE *e, const ECDSA_METHOD *dh_meth);
+ int ENGINE_set_DH(ENGINE *e, const DH_METHOD *dh_meth);
+ int ENGINE_set_RAND(ENGINE *e, const RAND_METHOD *rand_meth);
+ int ENGINE_set_STORE(ENGINE *e, const STORE_METHOD *rand_meth);
+ int ENGINE_set_destroy_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR destroy_f);
+ int ENGINE_set_init_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR init_f);
+ int ENGINE_set_finish_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR finish_f);
+ int ENGINE_set_ctrl_function(ENGINE *e, ENGINE_CTRL_FUNC_PTR ctrl_f);
+ int ENGINE_set_load_privkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpriv_f);
+ int ENGINE_set_load_pubkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpub_f);
+ int ENGINE_set_ciphers(ENGINE *e, ENGINE_CIPHERS_PTR f);
+ int ENGINE_set_digests(ENGINE *e, ENGINE_DIGESTS_PTR f);
+ int ENGINE_set_flags(ENGINE *e, int flags);
+ int ENGINE_set_cmd_defns(ENGINE *e, const ENGINE_CMD_DEFN *defns);
+ const char *ENGINE_get_id(const ENGINE *e);
+ const char *ENGINE_get_name(const ENGINE *e);
+ const RSA_METHOD *ENGINE_get_RSA(const ENGINE *e);
+ const DSA_METHOD *ENGINE_get_DSA(const ENGINE *e);
+ const ECDH_METHOD *ENGINE_get_ECDH(const ENGINE *e);
+ const ECDSA_METHOD *ENGINE_get_ECDSA(const ENGINE *e);
+ const DH_METHOD *ENGINE_get_DH(const ENGINE *e);
+ const RAND_METHOD *ENGINE_get_RAND(const ENGINE *e);
+ const STORE_METHOD *ENGINE_get_STORE(const ENGINE *e);
+ ENGINE_GEN_INT_FUNC_PTR ENGINE_get_destroy_function(const ENGINE *e);
+ ENGINE_GEN_INT_FUNC_PTR ENGINE_get_init_function(const ENGINE *e);
+ ENGINE_GEN_INT_FUNC_PTR ENGINE_get_finish_function(const ENGINE *e);
+ ENGINE_CTRL_FUNC_PTR ENGINE_get_ctrl_function(const ENGINE *e);
+ ENGINE_LOAD_KEY_PTR ENGINE_get_load_privkey_function(const ENGINE *e);
+ ENGINE_LOAD_KEY_PTR ENGINE_get_load_pubkey_function(const ENGINE *e);
+ ENGINE_CIPHERS_PTR ENGINE_get_ciphers(const ENGINE *e);
+ ENGINE_DIGESTS_PTR ENGINE_get_digests(const ENGINE *e);
+ const EVP_CIPHER *ENGINE_get_cipher(ENGINE *e, int nid);
+ const EVP_MD *ENGINE_get_digest(ENGINE *e, int nid);
+ int ENGINE_get_flags(const ENGINE *e);
+ const ENGINE_CMD_DEFN *ENGINE_get_cmd_defns(const ENGINE *e);
+ EVP_PKEY *ENGINE_load_private_key(ENGINE *e, const char *key_id,
+     UI_METHOD *ui_method, void *callback_data);
+ EVP_PKEY *ENGINE_load_public_key(ENGINE *e, const char *key_id,
+     UI_METHOD *ui_method, void *callback_data);
+ void ENGINE_add_conf_module(void);
+=head1 DESCRIPTION
+These functions create, manipulate, and use cryptographic modules in the
+form of B<ENGINE> objects. These objects act as containers for
+implementations of cryptographic algorithms, and support a
+reference-counted mechanism to allow them to be dynamically loaded in and
+out of the running application.
+The cryptographic functionality that can be provided by an B<ENGINE>
+implementation includes the following abstractions;
+ RSA_METHOD - for providing alternative RSA implementations
+ DSA_METHOD, DH_METHOD, RAND_METHOD, ECDH_METHOD, ECDSA_METHOD,
+       STORE_METHOD - similarly for other OpenSSL APIs
+ EVP_CIPHER - potentially multiple cipher algorithms (indexed by 'nid')
+ EVP_DIGEST - potentially multiple hash algorithms (indexed by 'nid')
+ key-loading - loading public and/or private EVP_PKEY keys
+=head2 Reference counting and handles
+Due to the modular nature of the ENGINE API, pointers to ENGINEs need to be
+treated as handles - ie. not only as pointers, but also as references to
+the underlying ENGINE object. Ie. one should obtain a new reference when
+making copies of an ENGINE pointer if the copies will be used (and
+released) independently.
+ENGINE objects have two levels of reference-counting to match the way in
+which the objects are used. At the most basic level, each ENGINE pointer is
+inherently a B<structural> reference - a structural reference is required
+to use the pointer value at all, as this kind of reference is a guarantee
+that the structure can not be deallocated until the reference is released.
+However, a structural reference provides no guarantee that the ENGINE is
+initiliased and able to use any of its cryptographic
+implementations. Indeed it's quite possible that most ENGINEs will not
+initialise at all in typical environments, as ENGINEs are typically used to
+support specialised hardware. To use an ENGINE's functionality, you need a
+B<functional> reference. This kind of reference can be considered a
+specialised form of structural reference, because each functional reference
+implicitly contains a structural reference as well - however to avoid
+difficult-to-find programming bugs, it is recommended to treat the two
+kinds of reference independently. If you have a functional reference to an
+ENGINE, you have a guarantee that the ENGINE has been initialised ready to
+perform cryptographic operations and will remain uninitialised
+until after you have released your reference.
+I<Structural references>
+This basic type of reference is used for instantiating new ENGINEs,
+iterating across OpenSSL's internal linked-list of loaded
+ENGINEs, reading information about an ENGINE, etc. Essentially a structural
+reference is sufficient if you only need to query or manipulate the data of
+an ENGINE implementation rather than use its functionality.
+The ENGINE_new() function returns a structural reference to a new (empty)
+ENGINE object. There are other ENGINE API functions that return structural
+references such as; ENGINE_by_id(), ENGINE_get_first(), ENGINE_get_last(),
+ENGINE_get_next(), ENGINE_get_prev(). All structural references should be
+released by a corresponding to call to the ENGINE_free() function - the
+ENGINE object itself will only actually be cleaned up and deallocated when
+the last structural reference is released.
+It should also be noted that many ENGINE API function calls that accept a
+structural reference will internally obtain another reference - typically
+this happens whenever the supplied ENGINE will be needed by OpenSSL after
+the function has returned. Eg. the function to add a new ENGINE to
+OpenSSL's internal list is ENGINE_add() - if this function returns success,
+then OpenSSL will have stored a new structural reference internally so the
+caller is still responsible for freeing their own reference with
+ENGINE_free() when they are finished with it. In a similar way, some
+functions will automatically release the structural reference passed to it
+if part of the function's job is to do so. Eg. the ENGINE_get_next() and
+ENGINE_get_prev() functions are used for iterating across the internal
+ENGINE list - they will return a new structural reference to the next (or
+previous) ENGINE in the list or NULL if at the end (or beginning) of the
+list, but in either case the structural reference passed to the function is
+released on behalf of the caller.
+To clarify a particular function's handling of references, one should
+always consult that function's documentation "man" page, or failing that
+the openssl/engine.h header file includes some hints.
+I<Functional references>
+As mentioned, functional references exist when the cryptographic
+functionality of an ENGINE is required to be available. A functional
+reference can be obtained in one of two ways; from an existing structural
+reference to the required ENGINE, or by asking OpenSSL for the default
+operational ENGINE for a given cryptographic purpose.
+To obtain a functional reference from an existing structural reference,
+call the ENGINE_init() function. This returns zero if the ENGINE was not
+already operational and couldn't be successfully initialised (eg. lack of
+system drivers, no special hardware attached, etc), otherwise it will
+return non-zero to indicate that the ENGINE is now operational and will
+have allocated a new B<functional> reference to the ENGINE. All functional
+references are released by calling ENGINE_finish() (which removes the
+implicit structural reference as well).
+The second way to get a functional reference is by asking OpenSSL for a
+default implementation for a given task, eg. by ENGINE_get_default_RSA(),
+ENGINE_get_default_cipher_engine(), etc. These are discussed in the next
+section, though they are not usually required by application programmers as
+they are used automatically when creating and using the relevant
+algorithm-specific types in OpenSSL, such as RSA, DSA, EVP_CIPHER_CTX, etc.
+=head2 Default implementations
+For each supported abstraction, the ENGINE code maintains an internal table
+of state to control which implementations are available for a given
+abstraction and which should be used by default. These implementations are
+registered in the tables and indexed by an 'nid' value, because
+abstractions like EVP_CIPHER and EVP_DIGEST support many distinct
+algorithms and modes, and ENGINEs can support arbitrarily many of them.
+In the case of other abstractions like RSA, DSA, etc, there is only one
+"algorithm" so all implementations implicitly register using the same 'nid'
+index.
+When a default ENGINE is requested for a given abstraction/algorithm/mode, (eg.
+when calling RSA_new_method(NULL)), a "get_default" call will be made to the
+ENGINE subsystem to process the corresponding state table and return a
+functional reference to an initialised ENGINE whose implementation should be
+used. If no ENGINE should (or can) be used, it will return NULL and the caller
+will operate with a NULL ENGINE handle - this usually equates to using the
+conventional software implementation. In the latter case, OpenSSL will from
+then on behave the way it used to before the ENGINE API existed.
+Each state table has a flag to note whether it has processed this
+"get_default" query since the table was last modified, because to process
+this question it must iterate across all the registered ENGINEs in the
+table trying to initialise each of them in turn, in case one of them is
+operational. If it returns a functional reference to an ENGINE, it will
+also cache another reference to speed up processing future queries (without
+needing to iterate across the table). Likewise, it will cache a NULL
+response if no ENGINE was available so that future queries won't repeat the
+same iteration unless the state table changes. This behaviour can also be
+changed; if the ENGINE_TABLE_FLAG_NOINIT flag is set (using
+ENGINE_set_table_flags()), no attempted initialisations will take place,
+instead the only way for the state table to return a non-NULL ENGINE to the
+"get_default" query will be if one is expressly set in the table. Eg.
+ENGINE_set_default_RSA() does the same job as ENGINE_register_RSA() except
+that it also sets the state table's cached response for the "get_default"
+query. In the case of abstractions like EVP_CIPHER, where implementations are
+indexed by 'nid', these flags and cached-responses are distinct for each 'nid'
+value.
+=head2 Application requirements
+This section will explain the basic things an application programmer should
+support to make the most useful elements of the ENGINE functionality
+available to the user. The first thing to consider is whether the
+programmer wishes to make alternative ENGINE modules available to the
+application and user. OpenSSL maintains an internal linked list of
+"visible" ENGINEs from which it has to operate - at start-up, this list is
+empty and in fact if an application does not call any ENGINE API calls and
+it uses static linking against openssl, then the resulting application
+binary will not contain any alternative ENGINE code at all. So the first
+consideration is whether any/all available ENGINE implementations should be
+made visible to OpenSSL - this is controlled by calling the various "load"
+functions, eg.
+ /* Make the "dynamic" ENGINE available */
+ void ENGINE_load_dynamic(void);
+ /* Make the CryptoSwift hardware acceleration support available */
+ void ENGINE_load_cswift(void);
+ /* Make support for nCipher's "CHIL" hardware available */
+ void ENGINE_load_chil(void);
+ ...
+ /* Make ALL ENGINE implementations bundled with OpenSSL available */
+ void ENGINE_load_builtin_engines(void);
+Having called any of these functions, ENGINE objects would have been
+dynamically allocated and populated with these implementations and linked
+into OpenSSL's internal linked list. At this point it is important to
+mention an important API function;
+ void ENGINE_cleanup(void);
+If no ENGINE API functions are called at all in an application, then there
+are no inherent memory leaks to worry about from the ENGINE functionality,
+however if any ENGINEs are loaded, even if they are never registered or
+used, it is necessary to use the ENGINE_cleanup() function to
+correspondingly cleanup before program exit, if the caller wishes to avoid
+memory leaks. This mechanism uses an internal callback registration table
+so that any ENGINE API functionality that knows it requires cleanup can
+register its cleanup details to be called during ENGINE_cleanup(). This
+approach allows ENGINE_cleanup() to clean up after any ENGINE functionality
+at all that your program uses, yet doesn't automatically create linker
+dependencies to all possible ENGINE functionality - only the cleanup
+callbacks required by the functionality you do use will be required by the
+linker.
+The fact that ENGINEs are made visible to OpenSSL (and thus are linked into
+the program and loaded into memory at run-time) does not mean they are
+"registered" or called into use by OpenSSL automatically - that behaviour
+is something for the application to control. Some applications
+will want to allow the user to specify exactly which ENGINE they want used
+if any is to be used at all. Others may prefer to load all support and have
+OpenSSL automatically use at run-time any ENGINE that is able to
+successfully initialise - ie. to assume that this corresponds to
+acceleration hardware attached to the machine or some such thing. There are
+probably numerous other ways in which applications may prefer to handle
+things, so we will simply illustrate the consequences as they apply to a
+couple of simple cases and leave developers to consider these and the
+source code to openssl's builtin utilities as guides.
+I<Using a specific ENGINE implementation>
+Here we'll assume an application has been configured by its user or admin
+to want to use the "ACME" ENGINE if it is available in the version of
+OpenSSL the application was compiled with. If it is available, it should be
+used by default for all RSA, DSA, and symmetric cipher operation, otherwise
+OpenSSL should use its builtin software as per usual. The following code
+illustrates how to approach this;
+ ENGINE *e;
+ const char *engine_id = "ACME";
+ ENGINE_load_builtin_engines();
+ e = ENGINE_by_id(engine_id);
+ if(!e)
+     /* the engine isn't available */
+     return;
+ if(!ENGINE_init(e)) {
+     /* the engine couldn't initialise, release 'e' */
+     ENGINE_free(e);
+     return;
+ }
+ if(!ENGINE_set_default_RSA(e))
+     /* This should only happen when 'e' can't initialise, but the previous
+      * statement suggests it did. */
+     abort();
+ ENGINE_set_default_DSA(e);
+ ENGINE_set_default_ciphers(e);
+ /* Release the functional reference from ENGINE_init() */
+ ENGINE_finish(e);
+ /* Release the structural reference from ENGINE_by_id() */
+ ENGINE_free(e);
+I<Automatically using builtin ENGINE implementations>
+Here we'll assume we want to load and register all ENGINE implementations
+bundled with OpenSSL, such that for any cryptographic algorithm required by
+OpenSSL - if there is an ENGINE that implements it and can be initialise,
+it should be used. The following code illustrates how this can work;
+ /* Load all bundled ENGINEs into memory and make them visible */
+ ENGINE_load_builtin_engines();
+ /* Register all of them for every algorithm they collectively implement */
+ ENGINE_register_all_complete();
+That's all that's required. Eg. the next time OpenSSL tries to set up an
+RSA key, any bundled ENGINEs that implement RSA_METHOD will be passed to
+ENGINE_init() and if any of those succeed, that ENGINE will be set as the
+default for RSA use from then on.
+=head2 Advanced configuration support
+There is a mechanism supported by the ENGINE framework that allows each
+ENGINE implementation to define an arbitrary set of configuration
+"commands" and expose them to OpenSSL and any applications based on
+OpenSSL. This mechanism is entirely based on the use of name-value pairs
+and assumes ASCII input (no unicode or UTF for now!), so it is ideal if
+applications want to provide a transparent way for users to provide
+arbitrary configuration "directives" directly to such ENGINEs. It is also
+possible for the application to dynamically interrogate the loaded ENGINE
+implementations for the names, descriptions, and input flags of their
+available "control commands", providing a more flexible configuration
+scheme. However, if the user is expected to know which ENGINE device he/she
+is using (in the case of specialised hardware, this goes without saying)
+then applications may not need to concern themselves with discovering the
+supported control commands and simply prefer to pass settings into ENGINEs
+exactly as they are provided by the user.
+Before illustrating how control commands work, it is worth mentioning what
+they are typically used for. Broadly speaking there are two uses for
+control commands; the first is to provide the necessary details to the
+implementation (which may know nothing at all specific to the host system)
+so that it can be initialised for use. This could include the path to any
+driver or config files it needs to load, required network addresses,
+smart-card identifiers, passwords to initialise protected devices,
+logging information, etc etc. This class of commands typically needs to be
+passed to an ENGINE B<before> attempting to initialise it, ie. before
+calling ENGINE_init(). The other class of commands consist of settings or
+operations that tweak certain behaviour or cause certain operations to take
+place, and these commands may work either before or after ENGINE_init(), or
+in some cases both. ENGINE implementations should provide indications of
+this in the descriptions attached to builtin control commands and/or in
+external product documentation.
+I<Issuing control commands to an ENGINE>
+Let's illustrate by example; a function for which the caller supplies the
+name of the ENGINE it wishes to use, a table of string-pairs for use before
+initialisation, and another table for use after initialisation. Note that
+the string-pairs used for control commands consist of a command "name"
+followed by the command "parameter" - the parameter could be NULL in some
+cases but the name can not. This function should initialise the ENGINE
+(issuing the "pre" commands beforehand and the "post" commands afterwards)
+and set it as the default for everything except RAND and then return a
+boolean success or failure.
+ int generic_load_engine_fn(const char *engine_id,
+                            const char **pre_cmds, int pre_num,
+                            const char **post_cmds, int post_num)
+ {
+     ENGINE *e = ENGINE_by_id(engine_id);
+     if(!e) return 0;
+     while(pre_num--) {
+         if(!ENGINE_ctrl_cmd_string(e, pre_cmds[0], pre_cmds[1], 0)) {
+             fprintf(stderr, "Failed command (%s - %s:%s)\n", engine_id,
+                 pre_cmds[0], pre_cmds[1] ? pre_cmds[1] : "(NULL)");
+             ENGINE_free(e);
+             return 0;
+         }
+         pre_cmds += 2;
+     }
+     if(!ENGINE_init(e)) {
+         fprintf(stderr, "Failed initialisation\n");
+         ENGINE_free(e);
+         return 0;
+     }
+     /* ENGINE_init() returned a functional reference, so free the structural
+      * reference from ENGINE_by_id(). */
+     ENGINE_free(e);
+     while(post_num--) {
+         if(!ENGINE_ctrl_cmd_string(e, post_cmds[0], post_cmds[1], 0)) {
+             fprintf(stderr, "Failed command (%s - %s:%s)\n", engine_id,
+                 post_cmds[0], post_cmds[1] ? post_cmds[1] : "(NULL)");
+             ENGINE_finish(e);
+             return 0;
+         }
+         post_cmds += 2;
+     }
+     ENGINE_set_default(e, ENGINE_METHOD_ALL & ~ENGINE_METHOD_RAND);
+     /* Success */
+     return 1;
+ }
+Note that ENGINE_ctrl_cmd_string() accepts a boolean argument that can
+relax the semantics of the function - if set non-zero it will only return
+failure if the ENGINE supported the given command name but failed while
+executing it, if the ENGINE doesn't support the command name it will simply
+return success without doing anything. In this case we assume the user is
+only supplying commands specific to the given ENGINE so we set this to
+FALSE.
+I<Discovering supported control commands>
+It is possible to discover at run-time the names, numerical-ids, descriptions
+and input parameters of the control commands supported by an ENGINE using a
+structural reference. Note that some control commands are defined by OpenSSL
+itself and it will intercept and handle these control commands on behalf of the
+ENGINE, ie. the ENGINE's ctrl() handler is not used for the control command.
+openssl/engine.h defines an index, ENGINE_CMD_BASE, that all control commands
+implemented by ENGINEs should be numbered from. Any command value lower than
+this symbol is considered a "generic" command is handled directly by the
+OpenSSL core routines.
+It is using these "core" control commands that one can discover the the control
+commands implemented by a given ENGINE, specifically the commands;
+ #define ENGINE_HAS_CTRL_FUNCTION               10
+ #define ENGINE_CTRL_GET_FIRST_CMD_TYPE         11
+ #define ENGINE_CTRL_GET_NEXT_CMD_TYPE          12
+ #define ENGINE_CTRL_GET_CMD_FROM_NAME          13
+ #define ENGINE_CTRL_GET_NAME_LEN_FROM_CMD      14
+ #define ENGINE_CTRL_GET_NAME_FROM_CMD          15
+ #define ENGINE_CTRL_GET_DESC_LEN_FROM_CMD      16
+ #define ENGINE_CTRL_GET_DESC_FROM_CMD          17
+ #define ENGINE_CTRL_GET_CMD_FLAGS              18
+Whilst these commands are automatically processed by the OpenSSL framework code,
+they use various properties exposed by each ENGINE to process these
+queries. An ENGINE has 3 properties it exposes that can affect how this behaves;
+it can supply a ctrl() handler, it can specify ENGINE_FLAGS_MANUAL_CMD_CTRL in
+the ENGINE's flags, and it can expose an array of control command descriptions.
+If an ENGINE specifies the ENGINE_FLAGS_MANUAL_CMD_CTRL flag, then it will
+simply pass all these "core" control commands directly to the ENGINE's ctrl()
+handler (and thus, it must have supplied one), so it is up to the ENGINE to
+reply to these "discovery" commands itself. If that flag is not set, then the
+OpenSSL framework code will work with the following rules;
+ if no ctrl() handler supplied;
+     ENGINE_HAS_CTRL_FUNCTION returns FALSE (zero),
+     all other commands fail.
+ if a ctrl() handler was supplied but no array of control commands;
+     ENGINE_HAS_CTRL_FUNCTION returns TRUE,
+     all other commands fail.
+ if a ctrl() handler and array of control commands was supplied;
+     ENGINE_HAS_CTRL_FUNCTION returns TRUE,
+     all other commands proceed processing ...
+If the ENGINE's array of control commands is empty then all other commands will
+fail, otherwise; ENGINE_CTRL_GET_FIRST_CMD_TYPE returns the identifier of
+the first command supported by the ENGINE, ENGINE_GET_NEXT_CMD_TYPE takes the
+identifier of a command supported by the ENGINE and returns the next command
+identifier or fails if there are no more, ENGINE_CMD_FROM_NAME takes a string
+name for a command and returns the corresponding identifier or fails if no such
+command name exists, and the remaining commands take a command identifier and
+return properties of the corresponding commands. All except
+ENGINE_CTRL_GET_FLAGS return the string length of a command name or description,
+or populate a supplied character buffer with a copy of the command name or
+description. ENGINE_CTRL_GET_FLAGS returns a bitwise-OR'd mask of the following
+possible values;
+ #define ENGINE_CMD_FLAG_NUMERIC                (unsigned int)0x0001
+ #define ENGINE_CMD_FLAG_STRING                 (unsigned int)0x0002
+ #define ENGINE_CMD_FLAG_NO_INPUT               (unsigned int)0x0004
+ #define ENGINE_CMD_FLAG_INTERNAL               (unsigned int)0x0008
+If the ENGINE_CMD_FLAG_INTERNAL flag is set, then any other flags are purely
+informational to the caller - this flag will prevent the command being usable
+for any higher-level ENGINE functions such as ENGINE_ctrl_cmd_string().
+"INTERNAL" commands are not intended to be exposed to text-based configuration
+by applications, administrations, users, etc. These can support arbitrary
+operations via ENGINE_ctrl(), including passing to and/or from the control
+commands data of any arbitrary type. These commands are supported in the
+discovery mechanisms simply to allow applications determinie if an ENGINE
+supports certain specific commands it might want to use (eg. application "foo"
+might query various ENGINEs to see if they implement "FOO_GET_VENDOR_LOGO_GIF" -
+and ENGINE could therefore decide whether or not to support this "foo"-specific
+extension).
+=head2 Future developments
+The ENGINE API and internal architecture is currently being reviewed. Slated for
+possible release in 0.9.8 is support for transparent loading of "dynamic"
+ENGINEs (built as self-contained shared-libraries). This would allow ENGINE
+implementations to be provided independently of OpenSSL libraries and/or
+OpenSSL-based applications, and would also remove any requirement for
+applications to explicitly use the "dynamic" ENGINE to bind to shared-library
+implementations.
+=head1 SEE ALSO
+L<rsa(3)|rsa(3)>, L<dsa(3)|dsa(3)>, L<dh(3)|dh(3)>, L<rand(3)|rand(3)>
+=cut
diff --git a/src/lib/libcrypto/doc/evp.pod b/src/lib/libcrypto/doc/evp.pod
new file mode 100644
index 0000000000..9faa349243
--- /dev/null
+++ b/src/lib/libcrypto/doc/evp.pod
@@ -0,0 +1,55 @@
+=pod
+=head1 NAME
+evp - high-level cryptographic functions
+=head1 SYNOPSIS
+ #include <openssl/evp.h>
+=head1 DESCRIPTION
+The EVP library provides a high-level interface to cryptographic
+functions.
+B<EVP_Seal>I<...> and B<EVP_Open>I<...> provide public key encryption
+and decryption to implement digital "envelopes".
+The B<EVP_Sign>I<...> and B<EVP_Verify>I<...> functions implement
+digital signatures.
+Symmetric encryption is available with the B<EVP_Encrypt>I<...>
+functions.  The B<EVP_Digest>I<...> functions provide message digests.
+The B<EVP_PKEY>I<...> functions provide a high level interface to
+asymmetric algorithms.
+Algorithms are loaded with OpenSSL_add_all_algorithms(3).
+All the symmetric algorithms (ciphers), digests and asymmetric algorithms
+(public key algorithms) can be replaced by ENGINE modules providing alternative
+implementations. If ENGINE implementations of ciphers or digests are registered
+as defaults, then the various EVP functions will automatically use those
+implementations automatically in preference to built in software
+implementations. For more information, consult the engine(3) man page.
+Although low level algorithm specific functions exist for many algorithms
+their use is discouraged. They cannot be used with an ENGINE and ENGINE
+versions of new algorithms cannot be accessed using the low level functions.
+Also makes code harder to adapt to new algorithms and some options are not 
+cleanly supported at the low level and some operations are more efficient
+using the high level interface.
+=head1 SEE ALSO
+L<EVP_DigestInit(3)|EVP_DigestInit(3)>,
+L<EVP_EncryptInit(3)|EVP_EncryptInit(3)>,
+L<EVP_OpenInit(3)|EVP_OpenInit(3)>,
+L<EVP_SealInit(3)|EVP_SealInit(3)>,
+L<EVP_SignInit(3)|EVP_SignInit(3)>,
+L<EVP_VerifyInit(3)|EVP_VerifyInit(3)>,
+L<OpenSSL_add_all_algorithms(3)|OpenSSL_add_all_algorithms(3)>,
+L<engine(3)|engine(3)>
+=cut
diff --git a/src/lib/libcrypto/doc/i2d_CMS_bio_stream.pod b/src/lib/libcrypto/doc/i2d_CMS_bio_stream.pod
new file mode 100644
index 0000000000..558bdd0812
--- /dev/null
+++ b/src/lib/libcrypto/doc/i2d_CMS_bio_stream.pod
@@ -0,0 +1,44 @@
+=pod
+=head1 NAME
+ i2d_CMS_bio_stream - output CMS_ContentInfo structure in BER format.
+=head1 SYNOPSIS
+ #include <openssl/cms.h>
+ int i2d_CMS_bio_stream(BIO *out, CMS_ContentInfo *cms, BIO *data, int flags);
+=head1 DESCRIPTION
+i2d_CMS_bio_stream() outputs a CMS_ContentInfo structure in BER format.
+It is otherwise identical to the function SMIME_write_CMS().
+=head1 NOTES
+This function is effectively a version of the i2d_CMS_bio() supporting
+streaming.
+=head1 BUGS
+The prefix "i2d" is arguably wrong because the function outputs BER format.
+=head1 RETURN VALUES
+i2d_CMS_bio_stream() returns 1 for success or 0 for failure.
+=head1 SEE ALSO
+L<ERR_get_error(3)|ERR_get_error(3)>, L<CMS_sign(3)|CMS_sign(3)>,
+L<CMS_verify(3)|CMS_verify(3)>, L<CMS_encrypt(3)|CMS_encrypt(3)>
+L<CMS_decrypt(3)|CMS_decrypt(3)>,
+L<SMIME_write_CMS(3)|SMIME_write_CMS(3)>,
+L<PEM_write_bio_CMS_stream(3)|PEM_write_bio_CMS_stream(3)>
+=head1 HISTORY
+i2d_CMS_bio_stream() was added to OpenSSL 1.0.0
+=cut
diff --git a/src/lib/libcrypto/doc/i2d_PKCS7_bio_stream.pod b/src/lib/libcrypto/doc/i2d_PKCS7_bio_stream.pod
new file mode 100644
index 0000000000..dc4d884c59
--- /dev/null
+++ b/src/lib/libcrypto/doc/i2d_PKCS7_bio_stream.pod
@@ -0,0 +1,44 @@
+=pod
+=head1 NAME
+i2d_PKCS7_bio_stream - output PKCS7 structure in BER format.
+=head1 SYNOPSIS
+ #include <openssl/pkcs7.h>
+ int i2d_PKCS7_bio_stream(BIO *out, PKCS7 *p7, BIO *data, int flags);
+=head1 DESCRIPTION
+i2d_PKCS7_bio_stream() outputs a PKCS7 structure in BER format.
+It is otherwise identical to the function SMIME_write_PKCS7().
+=head1 NOTES
+This function is effectively a version of the d2i_PKCS7_bio() supporting
+streaming.
+=head1 BUGS
+The prefix "d2i" is arguably wrong because the function outputs BER format.
+=head1 RETURN VALUES
+i2d_PKCS7_bio_stream() returns 1 for success or 0 for failure.
+=head1 SEE ALSO
+L<ERR_get_error(3)|ERR_get_error(3)>, L<PKCS7_sign(3)|PKCS7_sign(3)>,
+L<PKCS7_verify(3)|PKCS7_verify(3)>, L<PKCS7_encrypt(3)|PKCS7_encrypt(3)>
+L<PKCS7_decrypt(3)|PKCS7_decrypt(3)>,
+L<SMIME_write_PKCS7(3)|SMIME_write_PKCS7(3)>,
+L<PEM_write_bio_PKCS7_stream(3)|PEM_write_bio_PKCS7_stream(3)>
+=head1 HISTORY
+i2d_PKCS7_bio_stream() was added to OpenSSL 1.0.0
+=cut
diff --git a/src/lib/libcrypto/doc/lh_stats.pod b/src/lib/libcrypto/doc/lh_stats.pod
new file mode 100644
index 0000000000..3eeaa72e52
--- /dev/null
+++ b/src/lib/libcrypto/doc/lh_stats.pod
@@ -0,0 +1,60 @@
+=pod
+=head1 NAME
+lh_stats, lh_node_stats, lh_node_usage_stats, lh_stats_bio,
+lh_node_stats_bio, lh_node_usage_stats_bio - LHASH statistics
+=head1 SYNOPSIS
+ #include <openssl/lhash.h>
+ void lh_stats(LHASH *table, FILE *out);
+ void lh_node_stats(LHASH *table, FILE *out);
+ void lh_node_usage_stats(LHASH *table, FILE *out);
+ void lh_stats_bio(LHASH *table, BIO *out);
+ void lh_node_stats_bio(LHASH *table, BIO *out);
+ void lh_node_usage_stats_bio(LHASH *table, BIO *out);
+=head1 DESCRIPTION
+The B<LHASH> structure records statistics about most aspects of
+accessing the hash table.  This is mostly a legacy of Eric Young
+writing this library for the reasons of implementing what looked like
+a nice algorithm rather than for a particular software product.
+lh_stats() prints out statistics on the size of the hash table, how
+many entries are in it, and the number and result of calls to the
+routines in this library.
+lh_node_stats() prints the number of entries for each 'bucket' in the
+hash table.
+lh_node_usage_stats() prints out a short summary of the state of the
+hash table.  It prints the 'load' and the 'actual load'.  The load is
+the average number of data items per 'bucket' in the hash table.  The
+'actual load' is the average number of items per 'bucket', but only
+for buckets which contain entries.  So the 'actual load' is the
+average number of searches that will need to find an item in the hash
+table, while the 'load' is the average number that will be done to
+record a miss.
+lh_stats_bio(), lh_node_stats_bio() and lh_node_usage_stats_bio()
+are the same as the above, except that the output goes to a B<BIO>.
+=head1 RETURN VALUES
+These functions do not return values.
+=head1 SEE ALSO
+L<bio(3)|bio(3)>, L<lhash(3)|lhash(3)>
+=head1 HISTORY
+These functions are available in all versions of SSLeay and OpenSSL.
+This manpage is derived from the SSLeay documentation.
+=cut
diff --git a/src/lib/libcrypto/doc/rsa.pod b/src/lib/libcrypto/doc/rsa.pod
new file mode 100644
index 0000000000..45ac53ffc1
--- /dev/null
+++ b/src/lib/libcrypto/doc/rsa.pod
@@ -0,0 +1,123 @@
+=pod
+=head1 NAME
+rsa - RSA public key cryptosystem
+=head1 SYNOPSIS
+ #include <openssl/rsa.h>
+ #include <openssl/engine.h>
+ RSA * RSA_new(void);
+ void RSA_free(RSA *rsa);
+ int RSA_public_encrypt(int flen, unsigned char *from,
+    unsigned char *to, RSA *rsa, int padding);
+ int RSA_private_decrypt(int flen, unsigned char *from,
+    unsigned char *to, RSA *rsa, int padding);
+ int RSA_private_encrypt(int flen, unsigned char *from,
+    unsigned char *to, RSA *rsa,int padding);
+ int RSA_public_decrypt(int flen, unsigned char *from, 
+    unsigned char *to, RSA *rsa,int padding);
+ int RSA_sign(int type, unsigned char *m, unsigned int m_len,
+    unsigned char *sigret, unsigned int *siglen, RSA *rsa);
+ int RSA_verify(int type, unsigned char *m, unsigned int m_len,
+    unsigned char *sigbuf, unsigned int siglen, RSA *rsa);
+ int RSA_size(const RSA *rsa);
+ RSA *RSA_generate_key(int num, unsigned long e,
+    void (*callback)(int,int,void *), void *cb_arg);
+ int RSA_check_key(RSA *rsa);
+ int RSA_blinding_on(RSA *rsa, BN_CTX *ctx);
+ void RSA_blinding_off(RSA *rsa);
+ void RSA_set_default_method(const RSA_METHOD *meth);
+ const RSA_METHOD *RSA_get_default_method(void);
+ int RSA_set_method(RSA *rsa, const RSA_METHOD *meth);
+ const RSA_METHOD *RSA_get_method(const RSA *rsa);
+ RSA_METHOD *RSA_PKCS1_SSLeay(void);
+ RSA_METHOD *RSA_null_method(void);
+ int RSA_flags(const RSA *rsa);
+ RSA *RSA_new_method(ENGINE *engine);
+ int RSA_print(BIO *bp, RSA *x, int offset);
+ int RSA_print_fp(FILE *fp, RSA *x, int offset);
+ int RSA_get_ex_new_index(long argl, char *argp, int (*new_func)(),
+    int (*dup_func)(), void (*free_func)());
+ int RSA_set_ex_data(RSA *r,int idx,char *arg);
+ char *RSA_get_ex_data(RSA *r, int idx);
+ int RSA_sign_ASN1_OCTET_STRING(int dummy, unsigned char *m,
+    unsigned int m_len, unsigned char *sigret, unsigned int *siglen,
+    RSA *rsa);
+ int RSA_verify_ASN1_OCTET_STRING(int dummy, unsigned char *m,
+    unsigned int m_len, unsigned char *sigbuf, unsigned int siglen,
+    RSA *rsa);
+=head1 DESCRIPTION
+These functions implement RSA public key encryption and signatures
+as defined in PKCS #1 v2.0 [RFC 2437].
+The B<RSA> structure consists of several BIGNUM components. It can
+contain public as well as private RSA keys:
+ struct
+        {
+        BIGNUM *n;              // public modulus
+        BIGNUM *e;              // public exponent
+        BIGNUM *d;              // private exponent
+        BIGNUM *p;              // secret prime factor
+        BIGNUM *q;              // secret prime factor
+        BIGNUM *dmp1;           // d mod (p-1)
+        BIGNUM *dmq1;           // d mod (q-1)
+        BIGNUM *iqmp;           // q^-1 mod p
+        // ...
+        };
+ RSA
+In public keys, the private exponent and the related secret values are
+B<NULL>.
+B<p>, B<q>, B<dmp1>, B<dmq1> and B<iqmp> may be B<NULL> in private
+keys, but the RSA operations are much faster when these values are
+available.
+Note that RSA keys may use non-standard B<RSA_METHOD> implementations,
+either directly or by the use of B<ENGINE> modules. In some cases (eg. an
+ENGINE providing support for hardware-embedded keys), these BIGNUM values
+will not be used by the implementation or may be used for alternative data
+storage. For this reason, applications should generally avoid using RSA
+structure elements directly and instead use API functions to query or
+modify keys.
+=head1 CONFORMING TO
+SSL, PKCS #1 v2.0
+=head1 PATENTS
+RSA was covered by a US patent which expired in September 2000.
+=head1 SEE ALSO
+L<rsa(1)|rsa(1)>, L<bn(3)|bn(3)>, L<dsa(3)|dsa(3)>, L<dh(3)|dh(3)>,
+L<rand(3)|rand(3)>, L<engine(3)|engine(3)>, L<RSA_new(3)|RSA_new(3)>,
+L<RSA_public_encrypt(3)|RSA_public_encrypt(3)>,
+L<RSA_sign(3)|RSA_sign(3)>, L<RSA_size(3)|RSA_size(3)>,
+L<RSA_generate_key(3)|RSA_generate_key(3)>,
+L<RSA_check_key(3)|RSA_check_key(3)>,
+L<RSA_blinding_on(3)|RSA_blinding_on(3)>,
+L<RSA_set_method(3)|RSA_set_method(3)>, L<RSA_print(3)|RSA_print(3)>,
+L<RSA_get_ex_new_index(3)|RSA_get_ex_new_index(3)>,
+L<RSA_private_encrypt(3)|RSA_private_encrypt(3)>,
+L<RSA_sign_ASN1_OCTET_STRING(3)|RSA_sign_ASN1_OCTET_STRING(3)>,
+L<RSA_padding_add_PKCS1_type_1(3)|RSA_padding_add_PKCS1_type_1(3)> 
+=cut
diff --git a/src/lib/libcrypto/doc/x509.pod b/src/lib/libcrypto/doc/x509.pod
new file mode 100644
index 0000000000..f9e58e0e41
--- /dev/null
+++ b/src/lib/libcrypto/doc/x509.pod
@@ -0,0 +1,64 @@
+=pod
+=head1 NAME
+x509 - X.509 certificate handling
+=head1 SYNOPSIS
+ #include <openssl/x509.h>
+=head1 DESCRIPTION
+A X.509 certificate is a structured grouping of information about
+an individual, a device, or anything one can imagine.  A X.509 CRL
+(certificate revocation list) is a tool to help determine if a
+certificate is still valid.  The exact definition of those can be
+found in the X.509 document from ITU-T, or in RFC3280 from PKIX.
+In OpenSSL, the type X509 is used to express such a certificate, and
+the type X509_CRL is used to express a CRL.
+A related structure is a certificate request, defined in PKCS#10 from
+RSA Security, Inc, also reflected in RFC2896.  In OpenSSL, the type
+X509_REQ is used to express such a certificate request.
+To handle some complex parts of a certificate, there are the types
+X509_NAME (to express a certificate name), X509_ATTRIBUTE (to express
+a certificate attributes), X509_EXTENSION (to express a certificate
+extension) and a few more.
+Finally, there's the supertype X509_INFO, which can contain a CRL, a
+certificate and a corresponding private key.
+B<X509_>I<...>, B<d2i_X509_>I<...> and B<i2d_X509_>I<...> handle X.509
+certificates, with some exceptions, shown below.
+B<X509_CRL_>I<...>, B<d2i_X509_CRL_>I<...> and B<i2d_X509_CRL_>I<...>
+handle X.509 CRLs.
+B<X509_REQ_>I<...>, B<d2i_X509_REQ_>I<...> and B<i2d_X509_REQ_>I<...>
+handle PKCS#10 certificate requests.
+B<X509_NAME_>I<...> handle certificate names.
+B<X509_ATTRIBUTE_>I<...> handle certificate attributes.
+B<X509_EXTENSION_>I<...> handle certificate extensions.
+=head1 SEE ALSO
+L<X509_NAME_ENTRY_get_object(3)|X509_NAME_ENTRY_get_object(3)>,
+L<X509_NAME_add_entry_by_txt(3)|X509_NAME_add_entry_by_txt(3)>,
+L<X509_NAME_add_entry_by_NID(3)|X509_NAME_add_entry_by_NID(3)>,
+L<X509_NAME_print_ex(3)|X509_NAME_print_ex(3)>,
+L<X509_NAME_new(3)|X509_NAME_new(3)>,
+L<d2i_X509(3)|d2i_X509(3)>,
+L<d2i_X509_ALGOR(3)|d2i_X509_ALGOR(3)>,
+L<d2i_X509_CRL(3)|d2i_X509_CRL(3)>,
+L<d2i_X509_NAME(3)|d2i_X509_NAME(3)>,
+L<d2i_X509_REQ(3)|d2i_X509_REQ(3)>,
+L<d2i_X509_SIG(3)|d2i_X509_SIG(3)>,
+L<crypto(3)|crypto(3)>,
+L<x509v3(3)|x509v3(3)>
+=cut