19 files changed, 2521 insertions, 3 deletions

diff --git a/src/lib/libcrypto/man/BN_BLINDING_new.3 b/src/lib/libcrypto/man/BN_BLINDING_new.3
new file mode 100644
index 0000000000..c65d79c3bc
--- /dev/null
+++ b/src/lib/libcrypto/man/BN_BLINDING_new.3
@@ -0,0 +1,269 @@
+.Dd $Mdocdate: February 23 2015 $
+.Dt BN_BLINDING_NEW 3
+.Os
+.Sh NAME
+.Nm BN_BLINDING_new ,
+.Nm BN_BLINDING_free ,
+.Nm BN_BLINDING_update ,
+.Nm BN_BLINDING_convert ,
+.Nm BN_BLINDING_invert ,
+.Nm BN_BLINDING_convert_ex ,
+.Nm BN_BLINDING_invert_ex ,
+.Nm BN_BLINDING_get_thread_id ,
+.Nm BN_BLINDING_set_thread_id ,
+.Nm BN_BLINDING_thread_id ,
+.Nm BN_BLINDING_get_flags ,
+.Nm BN_BLINDING_set_flags ,
+.Nm BN_BLINDING_create_param
+.Nd blinding related BIGNUM functions
+.Sh SYNOPSIS
+.In openssl/bn.h
+.Ft BN_BLINDING *
+.Fo BN_BLINDING_new
+.Fa "const BIGNUM *A"
+.Fa "const BIGNUM *Ai"
+.Fa "BIGNUM *mod"
+.Fc
+.Ft void
+.Fo BN_BLINDING_free
+.Fa "BN_BLINDING *b"
+.Fc
+.Ft int
+.Fo BN_BLINDING_update
+.Fa "BN_BLINDING *b"
+.Fa "BN_CTX *ctx"
+.Fc
+.Ft int
+.Fo BN_BLINDING_convert
+.Fa "BIGNUM *n"
+.Fa "BN_BLINDING *b"
+.Fa "BN_CTX *ctx"
+.Fc
+.Ft int
+.Fo BN_BLINDING_invert
+.Fa "BIGNUM *n"
+.Fa "BN_BLINDING *b"
+.Fa "BN_CTX *ctx"
+.Fc
+.Ft int
+.Fo BN_BLINDING_convert_ex
+.Fa "BIGNUM *n"
+.Fa "BIGNUM *r"
+.Fa "BN_BLINDING *b"
+.Fa "BN_CTX *ctx"
+.Fc
+.Ft int
+.Fo BN_BLINDING_invert_ex
+.Fa "BIGNUM *n"
+.Fa "const BIGNUM *r"
+.Fa "BN_BLINDING *b"
+.Fa "BN_CTX *ctx"
+.Fc
+.Fd #ifndef OPENSSL_NO_DEPRECATED
+.Ft unsigned long
+.Fo BN_BLINDING_get_thread_id
+.Fa "const BN_BLINDING *"
+.Fc
+.Ft void
+.Fo BN_BLINDING_set_thread_id
+.Fa "BN_BLINDING *"
+.Fa "unsigned long"
+.Fc
+.Fd #endif
+.Ft CRYPTO_THREADID *
+.Fo BN_BLINDING_thread_id
+.Fa "BN_BLINDING *"
+.Fc
+.Ft unsigned long
+.Fo BN_BLINDING_get_flags
+.Fa "const BN_BLINDING *"
+.Fc
+.Ft void
+.Fo BN_BLINDING_set_flags
+.Fa "BN_BLINDING *"
+.Fa "unsigned long"
+.Fc
+.Ft BN_BLINDING *
+.Fo BN_BLINDING_create_param
+.Fa "BN_BLINDING *b"
+.Fa "const BIGNUM *e"
+.Fa "BIGNUM *m"
+.Fa "BN_CTX *ctx"
+.Fa "int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,\
+ const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)"
+.Fa "BN_MONT_CTX *m_ctx"
+.Fc
+.Sh DESCRIPTION
+.Fn BN_BLINDING_new
+allocates a new
+.Vt BN_BLINDING
+structure and copies the
+.Fa A
+and
+.Fa \&Ai
+values into the newly created
+.Vt BN_BLINDING
+object.
+.Pp
+.Fn BN_BLINDING_free
+frees the
+.Vt BN_BLINDING
+structure.
+.Pp
+.Fn BN_BLINDING_update
+updates the
+.Vt BN_BLINDING
+parameters by squaring the
+.Fa A
+and
+.Fa \&Ai
+or, after specific number of uses and if the necessary parameters are
+set, by re-creating the blinding parameters.
+.Pp
+.Fn BN_BLINDING_convert_ex
+multiplies
+.Fa n
+with the blinding factor
+.Fa A .
+If
+.Fa r
+is not
+.Dv NULL ,
+a copy of the inverse blinding factor
+.Fa \&Ai
+will be returned in
+.Fa r
+(this is useful if a
+.Vt RSA
+object is shared among several threads).
+.Fn BN_BLINDING_invert_ex
+multiplies
+.Fa n
+with the inverse blinding factor
+.Fa \&Ai .
+If
+.Fa r
+is not
+.Dv NULL ,
+it will be used as the inverse blinding.
+.Pp
+.Fn BN_BLINDING_convert
+and
+.Fn BN_BLINDING_invert
+are wrapper functions for
+.Fn BN_BLINDING_convert_ex
+and
+.Fn BN_BLINDING_invert_ex
+with
+.Fa r
+set to
+.Dv NULL .
+.Pp
+.Fn BN_BLINDING_thread_id
+provides access to the
+.Vt CRYPTO_THREADID
+object within the
+.Vt BN_BLINDING
+structure.
+This is to help users provide proper locking if needed for
+multi-threaded use.
+The "thread id" object of a newly allocated
+.Vt BN_BLINDING
+structure is initialised to the thread id in which
+.Fn BN_BLINDING_new
+was called.
+.Pp
+.Fn BN_BLINDING_get_flags
+returns the
+.Dv BN_BLINDING_*
+flags.
+Currently there are two supported flags:
+.Dv BN_BLINDING_NO_UPDATE
+and
+.Dv BN_BLINDING_NO_RECREATE .
+.Dv BN_BLINDING_NO_UPDATE
+inhibits the automatic update of the
+.Vt BN_BLINDING
+parameters after each use and
+.Dv BN_BLINDING_NO_RECREATE
+inhibits the automatic re-creation of the
+.Vt BN_BLINDING
+parameters after a fixed number of uses (currently 32).
+In newly allocated
+.Vt BN_BLINDING
+objects no flags are set.
+.Fn BN_BLINDING_set_flags
+sets the
+.Dv BN_BLINDING_*
+parameters flags.
+.Pp
+.Fn BN_BLINDING_create_param
+creates new
+.Vt BN_BLINDING
+parameters using the exponent
+.Fa e
+and the modulus
+.Fa m .
+.Fa bn_mod_exp
+and
+.Fa m_ctx
+can be used to pass special functions for exponentiation (normally
+.Xr BN_mod_exp_mont 3
+and
+.Vt BN_MONT_CTX Ns ).
+.Sh RETURN VALUES
+.Fn BN_BLINDING_new
+returns the newly allocated
+.Vt BN_BLINDING
+structure or
+.Dv NULL
+in case of an error.
+.Pp
+.Fn BN_BLINDING_update ,
+.Fn BN_BLINDING_convert ,
+.Fn BN_BLINDING_invert ,
+.Fn BN_BLINDING_convert_ex
+and
+.Fn BN_BLINDING_invert_ex
+return 1 on success and 0 if an error occured.
+.Pp
+.Fn BN_BLINDING_thread_id
+returns a pointer to the thread id object within a
+.Vt BN_BLINDING
+object.
+.Pp
+.Fn BN_BLINDING_get_flags
+returns the currently set
+.Dv BN_BLINDING_*
+flags (an
+.Vt unsigned long
+value).
+.Pp
+.Fn BN_BLINDING_create_param
+returns the newly created
+.Vt BN_BLINDING
+parameters or
+.Dv NULL
+on error.
+.Sh SEE ALSO
+.Xr bn 3
+.Sh HISTORY
+.Fn BN_BLINDING_thread_id
+was first introduced in OpenSSL 1.0.0, and it deprecates
+.Fn BN_BLINDING_set_thread_id
+and
+.Fn BN_BLINDING_get_thread_id .
+.Pp
+.Fn BN_BLINDING_convert_ex ,
+.Fn BN_BLINDIND_invert_ex ,
+.Fn BN_BLINDING_get_thread_id ,
+.Fn BN_BLINDING_set_thread_id ,
+.Fn BN_BLINDING_set_flags ,
+.Fn BN_BLINDING_get_flags
+and
+.Fn BN_BLINDING_create_param
+were first introduced in OpenSSL 0.9.8
+.Sh AUTHORS
+.An Nils Larsch
+for
+.Lk http://www.openssl.org/ "the OpenSSL project" .
diff --git a/src/lib/libcrypto/man/BN_CTX_new.3 b/src/lib/libcrypto/man/BN_CTX_new.3
new file mode 100644
index 0000000000..1a77314854
--- /dev/null
+++ b/src/lib/libcrypto/man/BN_CTX_new.3
@@ -0,0 +1,91 @@
+.Dd $Mdocdate: February 23 2015 $
+.Dt BN_CTX_NEW 3
+.Os
+.Sh NAME
+.Nm BN_CTX_new ,
+.Nm BN_CTX_init ,
+.Nm BN_CTX_free
+.Nd allocate and free BN_CTX structures
+.Sh SYNOPSIS
+.In openssl/bn.h
+.Ft BN_CTX *
+.Fo BN_CTX_new
+.Fa void
+.Fc
+.Ft void
+.Fo BN_CTX_free
+.Fa "BN_CTX *c"
+.Fc
+.Pp
+Deprecated:
+.Pp
+.Ft void
+.Fo BN_CTX_init
+.Fa "BN_CTX *c"
+.Fc
+.Sh DESCRIPTION
+A
+.Vt BN_CTX
+is a structure that holds
+.Vt BIGNUM
+temporary variables used by library functions.
+Since dynamic memory allocation to create
+.Vt BIGNUM Ns s
+is rather expensive when used in conjunction with repeated subroutine
+calls, the
+.Vt BN_CTX
+structure is used.
+.Pp
+.Fn BN_CTX_new
+allocates and initializes a
+.Vt BN_CTX
+structure.
+.Pp
+.Fn BN_CTX_free
+frees the components of the
+.Vt BN_CTX ,
+and if it was created by
+.Fn BN_CTX_new ,
+also the structure itself.
+If
+.Xr BN_CTX_start 3
+has been used on the
+.Vt BN_CTX ,
+.Xr BN_CTX_end 3
+must be called before the
+.Vt BN_CTX
+may be freed by
+.Fn BN_CTX_free .
+.Pp
+.Fn BN_CTX_init
+(deprecated) initializes an existing uninitialized
+.Vt BN_CTX .
+This should not be used for new programs.
+Use
+.Fn BN_CTX_new
+instead.
+.Sh RETURN VALUES
+.Fn BN_CTX_new
+returns a pointer to the
+.Vt BN_CTX .
+If the allocation fails, it returns
+.Dv NULL
+and sets an error code that can be obtained by
+.Xr ERR_get_error 3 .
+.Pp
+.Fn BN_CTX_init
+and
+.Fn BN_CTX_free
+return no value.
+.Sh SEE ALSO
+.Xr bn 3 ,
+.Xr BN_add 3 ,
+.Xr BN_CTX_start 3 ,
+.Xr ERR_get_error 3
+.Sh HISTORY
+.Fn BN_CTX_new
+and
+.Fn BN_CTX_free
+are available in all versions on SSLeay and OpenSSL.
+.Fn BN_CTX_init
+was added in SSLeay 0.9.1b.
diff --git a/src/lib/libcrypto/man/BN_CTX_start.3 b/src/lib/libcrypto/man/BN_CTX_start.3
new file mode 100644
index 0000000000..986208ba1a
--- /dev/null
+++ b/src/lib/libcrypto/man/BN_CTX_start.3
@@ -0,0 +1,85 @@
+.Dd $Mdocdate: February 23 2015 $
+.Dt BN_CTX_START 3
+.Os
+.Sh NAME
+.Nm BN_CTX_start ,
+.Nm BN_CTX_get ,
+.Nm BN_CTX_end
+.Nd use temporary BIGNUM variables
+.Sh SYNOPSIS
+.In openssl/bn.h
+.Ft void
+.Fo BN_CTX_start
+.Fa "BN_CTX *ctx"
+.Fc
+.Ft BIGNUM *
+.Fo BN_CTX_get
+.Fa "BN_CTX *ctx"
+.Fc
+.Ft void
+.Fo BN_CTX_end
+.Fa "BN_CTX *ctx"
+.Fc
+.Sh DESCRIPTION
+These functions are used to obtain temporary
+.Vt BIGNUM
+variables from a
+.Vt BN_CTX
+(which can been created by using
+.Xr BN_CTX_new 3 )
+in order to save the overhead of repeatedly creating and freeing
+.Vt BIGNUM Ns s
+in functions that are called from inside a loop.
+.Pp
+A function must call
+.Fn BN_CTX_start
+first.
+Then,
+.Fn BN_CTX_get
+may be called repeatedly to obtain temporary
+.Vt BIGNUM Ns s.
+All
+.Fn BN_CTX_get
+calls must be made before calling any other functions that use the
+.Fa ctx
+as an argument.
+.Pp
+Finally,
+.Fn BN_CTX_end
+must be called before returning from the function.
+When
+.Fn BN_CTX_end
+is called, the
+.Vt BIGNUM
+pointers obtained from
+.Fn BN_CTX_get
+become invalid.
+.Sh RETURN VALUES
+.Fn BN_CTX_start
+and
+.Fn BN_CTX_end
+return no values.
+.Pp
+.Fn BN_CTX_get
+returns a pointer to the
+.Vt BIGNUM ,
+or
+.Dv NULL
+on error.
+Once
+.Fn BN_CTX_get
+has failed, the subsequent calls will return
+.Dv NULL
+as well, so it is sufficient to check the return value of the last
+.Fn BN_CTX_get
+call.
+In case of an error, an error code is set, which can be obtained by
+.Xr ERR_get_error 3 .
+.Sh SEE ALSO
+.Xr BN_CTX_new 3
+.Sh HISTORY
+.Fn BN_CTX_start ,
+.Fn BN_CTX_get ,
+and
+.Fn BN_CTX_end
+were added in OpenSSL 0.9.5.
diff --git a/src/lib/libcrypto/man/BN_add.3 b/src/lib/libcrypto/man/BN_add.3
new file mode 100644
index 0000000000..d41599d8b0
--- /dev/null
+++ b/src/lib/libcrypto/man/BN_add.3
@@ -0,0 +1,352 @@
+.Dd $Mdocdate: February 23 2015 $
+.Dt BN_ADD 3
+.Os
+.Sh NAME
+.Nm BN_add ,
+.Nm BN_sub ,
+.Nm BN_mul ,
+.Nm BN_sqr ,
+.Nm BN_div ,
+.Nm BN_mod ,
+.Nm BN_nnmod ,
+.Nm BN_mod_add ,
+.Nm BN_mod_sub ,
+.Nm BN_mod_mul ,
+.Nm BN_mod_sqr ,
+.Nm BN_exp ,
+.Nm BN_mod_exp ,
+.Nm BN_gcd
+.Nd arithmetic operations on BIGNUMs
+.Sh SYNOPSIS
+.In openssl/bn.h
+.Ft int
+.Fo BN_add
+.Fa "BIGNUM *r"
+.Fa "const BIGNUM *a"
+.Fa "const BIGNUM *b"
+.Fc
+.Ft int
+.Fo BN_sub
+.Fa "BIGNUM *r"
+.Fa "const BIGNUM *a"
+.Fa "const BIGNUM *b"
+.Fc
+.Ft int
+.Fo BN_mul
+.Fa "BIGNUM *r"
+.Fa "BIGNUM *a"
+.Fa "BIGNUM *b"
+.Fa "BN_CTX *ctx"
+.Fc
+.Ft int
+.Fo BN_sqr
+.Fa "BIGNUM *r"
+.Fa "BIGNUM *a"
+.Fa "BN_CTX *ctx"
+.Fc
+.Ft int
+.Fo BN_div
+.Fa "BIGNUM *dv"
+.Fa "BIGNUM *rem"
+.Fa "const BIGNUM *a"
+.Fa "const BIGNUM *d"
+.Fa "BN_CTX *ctx"
+.Fc
+.Ft int
+.Fo BN_mod
+.Fa "BIGNUM *rem"
+.Fa "const BIGNUM *a"
+.Fa "const BIGNUM *m"
+.Fa "BN_CTX *ctx"
+.Fc
+.Ft int
+.Fo BN_nnmod
+.Fa "BIGNUM *r"
+.Fa "const BIGNUM *a"
+.Fa "const BIGNUM *m"
+.Fa "BN_CTX *ctx"
+.Fc
+.Ft int
+.Fo BN_mod_add
+.Fa "BIGNUM *r"
+.Fa "BIGNUM *a"
+.Fa "BIGNUM *b"
+.Fa "const BIGNUM *m"
+.Fa "BN_CTX *ctx"
+.Fc
+.Ft int
+.Fo BN_mod_sub
+.Fa "BIGNUM *r"
+.Fa "BIGNUM *a"
+.Fa "BIGNUM *b"
+.Fa "const BIGNUM *m"
+.Fa "BN_CTX *ctx"
+.Fc
+.Ft int
+.Fo BN_mod_mul
+.Fa "BIGNUM *r"
+.Fa "BIGNUM *a"
+.Fa "BIGNUM *b"
+.Fa "const BIGNUM *m"
+.Fa "BN_CTX *ctx"
+.Fc
+.Ft int
+.Fo BN_mod_sqr
+.Fa "BIGNUM *r"
+.Fa "BIGNUM *a"
+.Fa "const BIGNUM *m"
+.Fa "BN_CTX *ctx"
+.Fc
+.Ft int
+.Fo BN_exp
+.Fa "BIGNUM *r"
+.Fa "BIGNUM *a"
+.Fa "BIGNUM *p"
+.Fa "BN_CTX *ctx"
+.Fc
+.Ft int
+.Fo BN_mod_exp
+.Fa "BIGNUM *r"
+.Fa "BIGNUM *a"
+.Fa "const BIGNUM *p"
+.Fa "const BIGNUM *m"
+.Fa "BN_CTX *ctx"
+.Fc
+.Ft int
+.Fo BN_gcd
+.Fa "BIGNUM *r"
+.Fa "BIGNUM *a"
+.Fa "BIGNUM *b"
+.Fa "BN_CTX *ctx"
+.Fc
+.Sh DESCRIPTION
+.Fn BN_add
+adds
+.Fa a
+and
+.Fa b
+and places the result in
+.Fa r
+.Pq Li r=a+b .
+.Fa r
+may be the same
+.Vt BIGNUM
+as
+.Fa a
+or
+.Fa b .
+.Pp
+.Fn BN_sub
+subtracts
+.Fa b
+from
+.Fa a
+and places the result in
+.Fa r
+.Pq Li r=a-b .
+.Pp
+.Fn BN_mul
+multiplies
+.Fa a
+and
+.Fa b
+and places the result in
+.Fa r
+.Pq Li r=a*b .
+.Fa r
+may be the same
+.Vt BIGNUM
+as
+.Fa a
+or
+.Fa b .
+For multiplication by powers of 2, use
+.Xr BN_lshift 3 .
+.Pp
+.Fn BN_sqr
+takes the square of
+.Fa a
+and places the result in
+.Fa r
+.Pq Li r=a^2 .
+.Fa r
+and
+.Fa a
+may be the same
+.Vt BIGNUM .
+This function is faster than
+.Fn BN_mul r a a .
+.Pp
+.Fn BN_div
+divides
+.Fa a
+by
+.Fa d
+and places the result in
+.Fa dv
+and the remainder in
+.Fa rem
+.Pq Li dv=a/d , rem=a%d .
+Either of
+.Fa dv
+and
+.Fa rem
+may be
+.Dv NULL ,
+in which case the respective value is not returned.
+The result is rounded towards zero; thus if
+.Fa a
+is negative, the remainder will be zero or negative.
+For division by powers of 2, use
+.Fn BN_rshift 3 .
+.Pp
+.Fn BN_mod
+corresponds to
+.Fn BN_div
+with
+.Fa dv
+set to
+.Dv NULL .
+.Pp
+.Fn BN_nnmod
+reduces
+.Fa a
+modulo
+.Fa m
+and places the non-negative remainder in
+.Fa r .
+.Pp
+.Fn BN_mod_add
+adds
+.Fa a
+to
+.Fa b
+modulo
+.Fa m
+and places the non-negative result in
+.Fa r .
+.Pp
+.Fn BN_mod_sub
+subtracts
+.Fa b
+from
+.Fa a
+modulo
+.Fa m
+and places the non-negative result in
+.Fa r .
+.Pp
+.Fn BN_mod_mul
+multiplies
+.Fa a
+by
+.Fa b
+and finds the non-negative remainder respective to modulus
+.Fa m
+.Pq Li r=(a*b)%m .
+.Fa r
+may be the same
+.Vt BIGNUM
+as
+.Fa a
+or
+.Fa b .
+For more efficient algorithms for repeated computations using the same
+modulus, see
+.Xr BN_mod_mul_montgomery 3
+and
+.Xr BN_mod_mul_reciprocal 3 .
+.Pp
+.Fn BN_mod_sqr
+takes the square of
+.Fa a
+modulo
+.Fa m
+and places the result in
+.Fa r .
+.Pp
+.Fn BN_exp
+raises
+.Fa a
+to the
+.Fa p Ns -th
+power and places the result in
+.Fa r
+.Pq Li r=a^p .
+This function is faster than repeated applications of
+.Fn BN_mul .
+.Pp
+.Fn BN_mod_exp
+computes
+.Fa a
+to the
+.Fa p Ns -th
+power modulo
+.Fa m
+.Pq Li r=(a^p)%m .
+This function uses less time and space than
+.Fn BN_exp .
+.Pp
+.Fn BN_gcd
+computes the greatest common divisor of
+.Fa a
+and
+.Fa b
+and places the result in
+.Fa r .
+.Fa r
+may be the same
+.Vt BIGNUM
+as
+.Fa a
+or
+.Fa b .
+.Pp
+For all functions,
+.Fa ctx
+is a previously allocated
+.Vt BN_CTX
+used for temporary variables; see
+.Xr BN_CTX_new 3 .
+.Pp
+Unless noted otherwise, the result
+.Vt BIGNUM
+must be different from the arguments.
+.Sh RETURN VALUES
+For all functions, 1 is returned for success, 0 on error.
+The return value should always be checked, for example:
+.Pp
+.Dl if (!BN_add(r,a,b)) goto err;
+.Pp
+The error codes can be obtained by
+.Xr ERR_get_error 3 .
+.Sh SEE ALSO
+.Xr bn 3 ,
+.Xr BN_add_word 3 ,
+.Xr BN_CTX_new 3 ,
+.Xr BN_set_bit 3 ,
+.Xr ERR_get_error 3
+.Sh HISTORY
+.Fn BN_add ,
+.Fn BN_sub ,
+.Fn BN_sqr ,
+.Fn BN_div ,
+.Fn BN_mod ,
+.Fn BN_mod_mul ,
+.Fn BN_mod_exp ,
+and
+.Fn BN_gcd
+are available in all versions of SSLeay and OpenSSL.
+The
+.Fa ctx
+argument to
+.Fn BN_mul
+was added in SSLeay 0.9.1b.
+.Fn BN_exp
+appeared in SSLeay 0.9.0.
+.Fn BN_nnmod ,
+.Fn BN_mod_add ,
+.Fn BN_mod_sub ,
+and
+.Fn BN_mod_sqr
+were added in OpenSSL 0.9.7.
diff --git a/src/lib/libcrypto/man/BN_add_word.3 b/src/lib/libcrypto/man/BN_add_word.3
new file mode 100644
index 0000000000..930aae4d32
--- /dev/null
+++ b/src/lib/libcrypto/man/BN_add_word.3
@@ -0,0 +1,123 @@
+.Dd $Mdocdate: February 23 2015 $
+.Dt BN_ADD_WORD 3
+.Os
+.Sh NAME
+.Nm BN_add_word ,
+.Nm BN_sub_word ,
+.Nm BN_mul_word ,
+.Nm BN_div_word ,
+.Nm BN_mod_word
+.Nd arithmetic functions on BIGNUMs with integers
+.Sh SYNOPSIS
+.In openssl/bn.h
+.Ft int
+.Fo BN_add_word
+.Fa "BIGNUM *a"
+.Fa "BN_ULONG w"
+.Fc
+.Ft int
+.Fo BN_sub_word
+.Fa "BIGNUM *a"
+.Fa "BN_ULONG w"
+.Fc
+.Ft int
+.Fo BN_mul_word
+.Fa "BIGNUM *a"
+.Fa "BN_ULONG w"
+.Fc
+.Ft BN_ULONG
+.Fo BN_div_word
+.Fa "BIGNUM *a"
+.Fa "BN_ULONG w"
+.Fc
+.Ft BN_ULONG
+.Fo BN_mod_word
+.Fa "const BIGNUM *a"
+.Fa "BN_ULONG w"
+.Fc
+.Sh DESCRIPTION
+These functions perform arithmetic operations on BIGNUMs with unsigned
+integers.
+They are much more efficient than the normal BIGNUM arithmetic
+operations.
+.Pp
+.Fn BN_add_word
+adds
+.Fa w
+to
+.Fa a
+.Pq Li a+=w .
+.Pp
+.Fn BN_sub_word
+subtracts
+.Fa w
+from
+.Fa a
+.Pq Li a-=w .
+.Pp
+.Fn BN_mul_word
+multiplies
+.Fa a
+and
+.Fa w
+.Pq Li a*=w .
+.Pp
+.Fn BN_div_word
+divides
+.Fa a
+by
+.Fa w
+.Pq Li a/=w
+and returns the remainder.
+.Pp
+.Fn BN_mod_word
+returns the remainder of
+.Fa a
+divided by
+.Fa w
+.Pq Li a%w .
+.Pp
+For
+.Fn BN_div_word
+and
+.Fn BN_mod_word ,
+.Fa w
+must not be 0.
+.Sh RETURN VALUES
+.Fn BN_add_word ,
+.Fn BN_sub_word ,
+and
+.Fn BN_mul_word
+return 1 for success, 0 on error.
+The error codes can be obtained by
+.Xr ERR_get_error 3 .
+.Pp
+.Fn BN_mod_word
+and
+.Fn BN_div_word
+return
+.Fa a Ns % Ns Fa w
+on success and
+.Pq Vt BN_ULONG Ns -1
+if an error occurred.
+.Sh SEE ALSO
+.Xr bn 3 ,
+.Xr BN_add 3 ,
+.Xr ERR_get_error 3
+.Sh HISTORY
+.Fn BN_add_word
+and
+.Fn BN_mod_word
+are available in all versions of SSLeay and OpenSSL.
+.Fn BN_div_word
+was added in SSLeay 0.8, and
+.Fn BN_sub_word
+and
+.Fn BN_mul_word
+in SSLeay 0.9.0.
+.Pp
+Before 0.9.8a, the return value for
+.Fn BN_div_word
+and
+.Fn BN_mod_word
+in case of an error was 0.
diff --git a/src/lib/libcrypto/man/BN_bn2bin.3 b/src/lib/libcrypto/man/BN_bn2bin.3
new file mode 100644
index 0000000000..02d6b2c8b8
--- /dev/null
+++ b/src/lib/libcrypto/man/BN_bn2bin.3
@@ -0,0 +1,237 @@
+.Dd $Mdocdate: February 23 2015 $
+.Dt BN_BN2BIN 3
+.Os
+.Sh NAME
+.Nm BN_bn2bin ,
+.Nm BN_bin2bn ,
+.Nm BN_bn2hex ,
+.Nm BN_bn2dec ,
+.Nm BN_hex2bn ,
+.Nm BN_dec2bn ,
+.Nm BN_print ,
+.Nm BN_print_fp ,
+.Nm BN_bn2mpi ,
+.Nm BN_mpi2bn
+.Nd format conversions
+.Sh SYNOPSIS
+.In openssl/bn.h
+.Ft int
+.Fo BN_bn2bin
+.Fa "const BIGNUM *a"
+.Fa "unsigned char *to"
+.Fc
+.Ft BIGNUM *
+.Fo BN_bin2bn
+.Fa "const unsigned char *s"
+.Fa "int len"
+.Fa "BIGNUM *ret"
+.Fc
+.Ft char *
+.Fo BN_bn2hex
+.Fa "const BIGNUM *a"
+.Fc
+.Ft char *
+.Fo BN_bn2dec
+.Fa "const BIGNUM *a"
+.Fc
+.Ft int
+.Fo BN_hex2bn
+.Fa "BIGNUM **a"
+.Fa "const char *str"
+.Fc
+.Ft int
+.Fo BN_dec2bn
+.Fa "BIGNUM **a"
+.Fa "const char *str"
+.Fc
+.Ft int
+.Fo BN_print
+.Fa "BIO *fp"
+.Fa "const BIGNUM *a"
+.Fc
+.Ft int
+.Fo BN_print_fp
+.Fa "FILE *fp"
+.Fa "const BIGNUM *a"
+.Fc
+.Ft int
+.Fo BN_bn2mpi
+.Fa "const BIGNUM *a"
+.Fa "unsigned char *to"
+.Fc
+.Ft BIGNUM *
+.Fo BN_mpi2bn
+.Fa "unsigned char *s"
+.Fa "int len"
+.Fa "BIGNUM *ret"
+.Fc
+.Sh DESCRIPTION
+.Fn BN_bn2bin
+converts the absolute value of
+.Fa a
+into big-endian form and stores it at
+.Fa to .
+.Fa to
+must point to
+.Fn BN_num_bytes a
+bytes of memory.
+.Pp
+.Fn BN_bin2bn
+converts the positive integer in big-endian form of length
+.Fa len
+at
+.Fa s
+into a
+.Vt BIGNUM
+and places it in
+.Fa ret .
+If
+.Fa ret
+is
+.Dv NULL ,
+a new
+.Vt BIGNUM
+is created.
+.Pp
+.Fn BN_bn2hex
+and
+.Fn BN_bn2dec
+return printable strings containing the hexadecimal and decimal encoding of
+.Fa a
+respectively.
+For negative numbers, the string is prefaced with a leading minus sign.
+The string must be freed later using
+.Xr free 3 .
+.Pp
+.Fn BN_hex2bn
+converts the string
+.Fa str
+containing a hexadecimal number to a
+.Vt BIGNUM
+and stores it in
+.Pf * Fa a .
+If
+.Pf * Fa a
+is
+.Dv NULL ,
+a new
+.Vt BIGNUM
+is created.
+If
+.Fa a
+is
+.Dv NULL ,
+it only computes the number's length in hexadecimal digits.
+If the string starts with a minus sign, the number is negative.
+.Fn BN_dec2bn
+is the same using the decimal system.
+.Pp
+.Fn BN_print
+and
+.Fn BN_print_fp
+write the hexadecimal encoding of
+.Fa a ,
+with a leading minus sign for negative numbers, to the
+.Vt BIO
+or
+.Vt FILE
+.Fa fp .
+.Pp
+.Fn BN_bn2mpi
+and
+.Fn BN_mpi2bn
+convert
+.Vt BIGNUM Ns s
+from and to a format that consists of the number's length in bytes
+represented as a 4-byte big-endian number, and the number itself in
+big-endian format, where the most significant bit signals a negative
+number (the representation of numbers with the MSB set is prefixed with
+a NUL byte).
+.Pp
+.Fn BN_bn2mpi
+stores the representation of
+.Fa a
+at
+.Fa to ,
+where
+.Fa to
+must be large enough to hold the result.
+The size can be determined by calling
+.Fn BN_bn2mpi a , NULL .
+.Pp
+.Fn BN_mpi2bn
+converts the
+.Fa len
+bytes long representation at
+.Fa s
+to a
+.Vt BIGNUM
+and stores it at
+.Fa ret ,
+or in a newly allocated
+.Vt BIGNUM
+if
+.Fa ret
+is
+.Dv NULL .
+.Sh RETURN VALUES
+.Fn BN_bn2bin
+returns the length of the big-endian number placed at
+.Fa to .
+.Fn BN_bin2bn
+returns the
+.Vt BIGNUM ,
+or
+.Dv NULL
+on error.
+.Pp
+.Fn BN_bn2hex
+and
+.Fn BN_bn2dec
+return a NUL-terminated string, or
+.Dv NULL
+on error.
+.Fn BN_hex2bn
+and
+.Fn BN_dec2bn
+return the number's length in hexadecimal or decimal digits, and 0 on
+error.
+.Pp
+.Fn BN_print_fp
+and
+.Fn BN_print
+return 1 on success, 0 on write errors.
+.Pp
+.Fn BN_bn2mpi
+returns the length of the representation.
+.Fn BN_mpi2bn
+returns the
+.Vt BIGNUM ,
+or
+.Dv NULL
+on error.
+.Pp
+The error codes can be obtained by
+.Xr ERR_get_error 3 .
+.Sh SEE ALSO
+.Xr ASN1_INTEGER_to_BN 3 ,
+.Xr bn 3 ,
+.Xr BN_num_bytes 3 ,
+.Xr BN_zero 3 ,
+.Xr ERR_get_error 3
+.Sh HISTORY
+.Fn BN_bn2bin ,
+.Fn BN_bin2bn ,
+.Fn BN_print_fp ,
+and
+.Fn BN_print
+are available in all versions of SSLeay and OpenSSL.
+.Pp
+.Fn BN_bn2hex ,
+.Fn BN_bn2dec ,
+.Fn BN_hex2bn ,
+.Fn BN_dec2bn ,
+.Fn BN_bn2mpi ,
+and
+.Fn BN_mpi2bn
+were added in SSLeay 0.9.0.
diff --git a/src/lib/libcrypto/man/BN_cmp.3 b/src/lib/libcrypto/man/BN_cmp.3
new file mode 100644
index 0000000000..b0a03b25ce
--- /dev/null
+++ b/src/lib/libcrypto/man/BN_cmp.3
@@ -0,0 +1,99 @@
+.Dd $Mdocdate: February 23 2015 $
+.Dt BN_CMP 3
+.Os
+.Sh NAME
+.Nm BN_cmp ,
+.Nm BN_ucmp ,
+.Nm BN_is_zero ,
+.Nm BN_is_one ,
+.Nm BN_is_word ,
+.Nm BN_is_odd
+.Nd BIGNUM comparison and test functions
+.Sh SYNOPSIS
+.In openssl/bn.h
+.Ft int
+.Fo BN_cmp
+.Fa "BIGNUM *a"
+.Fa "BIGNUM *b"
+.Fc
+.Ft int
+.Fo BN_ucmp
+.Fa "BIGNUM *a"
+.Fa "BIGNUM *b"
+.Fc
+.Ft int
+.Fo BN_is_zero
+.Fa "BIGNUM *a"
+.Fc
+.Ft int
+.Fo BN_is_one
+.Fa "BIGNUM *a"
+.Fc
+.Ft int
+.Fo BN_is_word
+.Fa "BIGNUM *a"
+.Fa "BN_ULONG w"
+.Fc
+.Ft int
+.Fo BN_is_odd
+.Fa "BIGNUM *a"
+.Fc
+.Sh DESCRIPTION
+.Fn BN_cmp
+compares the numbers
+.Fa a
+and
+.Fa b .
+.Fn BN_ucmp
+compares their absolute values.
+.Pp
+.Fn BN_is_zero ,
+.Fn BN_is_one
+and
+.Fn BN_is_word
+test if
+.Fa a
+equals 0, 1, or
+.Fa w
+respectively.
+.Fn BN_is_odd
+tests if a is odd.
+.Pp
+.Fn BN_is_zero ,
+.Fn BN_is_one ,
+.Fn BN_is_word ,
+and
+.Fn BN_is_odd
+are macros.
+.Sh RETURN VALUES
+.Fn BN_cmp
+returns -1 if
+.Fa a Ns < Ns Fa b ,
+0 if
+.Fa a Ns == Ns Fa b ,
+and 1 if
+.Fa a Ns > Ns Fa b .
+.Fn BN_ucmp
+is the same using the absolute values of
+.Fa a
+and
+.Fa b .
+.Pp
+.Fn BN_is_zero ,
+.Fn BN_is_one ,
+.Fn BN_is_word ,
+and
+.Fn BN_is_odd
+return 1 if the condition is true, 0 otherwise.
+.Sh SEE ALSO
+.Xr bn 3
+.Sh HISTORY
+.Fn BN_cmp ,
+.Fn BN_ucmp ,
+.Fn BN_is_zero ,
+.Fn BN_is_one
+and
+.Fn BN_is_word
+are available in all versions of SSLeay and OpenSSL.
+.Fn BN_is_odd
+was added in SSLeay 0.8.
diff --git a/src/lib/libcrypto/man/BN_copy.3 b/src/lib/libcrypto/man/BN_copy.3
new file mode 100644
index 0000000000..765e46c01c
--- /dev/null
+++ b/src/lib/libcrypto/man/BN_copy.3
@@ -0,0 +1,52 @@
+.Dd $Mdocdate: February 23 2015 $
+.Dt BN_COPY 3
+.Os
+.Sh NAME
+.Nm BN_copy ,
+.Nm BN_dup
+.Nd copy BIGNUMs
+.Sh SYNOPSIS
+.In openssl/bn.h
+.Ft BIGNUM *
+.Fo BN_copy
+.Fa "BIGNUM *to"
+.Fa "const BIGNUM *from"
+.Fc
+.Ft BIGNUM *
+.Fo BN_dup
+.Fa "const BIGNUM *from"
+.Fc
+.Sh DESCRIPTION
+.Fn BN_copy
+copies
+.Fa from
+to
+.Fa to .
+.Fn BN_dup
+creates a new
+.Vt BIGNUM
+containing the value
+.Fa from .
+.Sh RETURN VALUES
+.Fn BN_copy
+returns
+.Fa to
+on success,
+.Dv NULL
+on error.
+.Fn BN_dup
+returns the new
+.Vt BIGNUM ,
+or
+.Dv NULL
+on error.
+The error codes can be obtained by
+.Xr ERR_get_error 3 .
+.Sh SEE ALSO
+.Xr bn 3 ,
+.Xr ERR_get_error 3
+.Sh HISTORY
+.Fn BN_copy
+and
+.Fn BN_dup
+are available in all versions of SSLeay and OpenSSL.
diff --git a/src/lib/libcrypto/man/BN_generate_prime.3 b/src/lib/libcrypto/man/BN_generate_prime.3
new file mode 100644
index 0000000000..e269571914
--- /dev/null
+++ b/src/lib/libcrypto/man/BN_generate_prime.3
@@ -0,0 +1,289 @@
+.Dd $Mdocdate: February 23 2015 $
+.Dt BN_GENERATE_PRIME 3
+.Os
+.Sh NAME
+.Nm BN_generate_prime_ex ,
+.Nm BN_is_prime_ex ,
+.Nm BN_is_prime_fasttest_ex ,
+.Nm BN_GENCB_call ,
+.Nm BN_GENCB_set_old ,
+.Nm BN_GENCB_set ,
+.Nm BN_generate_prime ,
+.Nm BN_is_prime ,
+.Nm BN_is_prime_fasttest
+.Nd generate primes and test for primality
+.Sh SYNOPSIS
+.In openssl/bn.h
+.Ft int
+.Fo BN_generate_prime_ex
+.Fa "BIGNUM *ret"
+.Fa "int bits"
+.Fa "int safe"
+.Fa "const BIGNUM *add"
+.Fa "const BIGNUM *rem"
+.Fa "BN_GENCB *cb"
+.Fc
+.Ft int
+.Fo BN_is_prime_ex
+.Fa "const BIGNUM *p"
+.Fa "int nchecks"
+.Fa "BN_CTX *ctx"
+.Fa "BN_GENCB *cb"
+.Fc
+.Ft int
+.Fo BN_is_prime_fasttest_ex
+.Fa "const BIGNUM *p"
+.Fa "int nchecks"
+.Fa "BN_CTX *ctx"
+.Fa "int do_trial_division"
+.Fa "BN_GENCB *cb"
+.Fc
+.Ft int
+.Fo BN_GENCB_call
+.Fa "BN_GENCB *cb"
+.Fa "int a"
+.Fa "int b"
+.Fc
+.Fd #define BN_GENCB_set_old(gencb, callback, cb_arg) ...
+.Fd #define BN_GENCB_set(gencb, callback, cb_arg) ...
+.Pp
+Deprecated:
+.Pp
+.Ft BIGNUM *
+.Fo BN_generate_prime
+.Fa "BIGNUM *ret"
+.Fa "int num"
+.Fa "int safe"
+.Fa "BIGNUM *add"
+.Fa "BIGNUM *rem"
+.Fa "void (*callback)(int, int, void *)"
+.Fa "void *cb_arg"
+.Fc
+.Ft int
+.Fo BN_is_prime
+.Fa "const BIGNUM *a"
+.Fa "int checks"
+.Fa "void (*callback)(int, int, void *)"
+.Fa "BN_CTX *ctx"
+.Fa "void *cb_arg"
+.Fc
+.Ft int
+.Fo BN_is_prime_fasttest
+.Fa "const BIGNUM *a"
+.Fa "int checks"
+.Fa "void (*callback)(int, int, void *)"
+.Fa "BN_CTX *ctx"
+.Fa "void *cb_arg"
+.Fa "int do_trial_division"
+.Fc
+.Sh DESCRIPTION
+.Fn BN_generate_prime_ex
+generates a pseudo-random prime number of bit length
+.Fa bits .
+If
+.Fa ret
+is not
+.Dv NULL ,
+it will be used to store the number.
+.Pp
+If
+.Fa cb
+is not
+.Dv NULL ,
+it is used as follows:
+.Bl -bullet
+.It
+.Fn BN_GENCB_call cb 0 i
+is called after generating the i-th potential prime number.
+.It
+While the number is being tested for primality,
+.Fn BN_GENCB_call cb 1 j
+is called as described below.
+.It
+When a prime has been found,
+.Fn BN_GENCB_call cb 2 i
+is called.
+.El
+.Pp
+The prime may have to fulfill additional requirements for use in
+Diffie-Hellman key exchange:
+.Pp
+If
+.Fa add
+is not
+.Dv NULL ,
+the prime will fulfill the condition p %
+.Fa add
+==
+.Fa rem
+(p %
+.Fa add
+== 1 if
+.Fa rem
+==
+.Dv NULL )
+in order to suit a given generator.
+.Pp
+If
+.Fa safe
+is true, it will be a safe prime (i.e. a prime p so that (p-1)/2
+is also prime).
+.Pp
+The prime number generation has a negligible error probability.
+.Pp
+.Fn BN_is_prime_ex
+and
+.Fn BN_is_prime_fasttest_ex
+test if the number
+.Fa p
+is prime.
+The following tests are performed until one of them shows that
+.Fa p
+is composite; if
+.Fa p
+passes all these tests, it is considered prime.
+.Pp
+.Fn BN_is_prime_fasttest_ex ,
+when called with
+.Fa do_trial_division
+== 1, first attempts trial division by a number of small primes;
+if no divisors are found by this test and
+.Fa cb
+is not
+.Dv NULL ,
+.Sy BN_GENCB_call(cb, 1, -1)
+is called.
+If
+.Fa do_trial_division
+== 0, this test is skipped.
+.Pp
+Both
+.Fn BN_is_prime_ex
+and
+.Fn BN_is_prime_fasttest_ex
+perform a Miller-Rabin probabilistic primality test with
+.Fa nchecks
+iterations.
+If
+.Fa nchecks
+==
+.Dv BN_prime_checks ,
+a number of iterations is used that yields a false positive rate of at
+most 2^-80 for random input.
+.Pp
+If
+.Fa cb
+is not
+.Dv NULL ,
+.Fa BN_GENCB_call cb 1 j
+is called after the j-th iteration (j = 0, 1, ...).
+.Fa ctx
+is a pre-allocated
+.Vt BN_CTX
+(to save the overhead of allocating and freeing the structure in a
+loop), or
+.Dv NULL .
+.Pp
+.Fn BN_GENCB_call
+calls the callback function held in the
+.Vt BN_GENCB
+structure and passes the ints
+.Fa a
+and
+.Fa b
+as arguments.
+There are two types of
+.Vt BN_GENCB
+structures that are supported: "new" style and "old" style.
+New programs should prefer the "new" style, whilst the "old" style is
+provided for backwards compatibility purposes.
+.Pp
+For "new" style callbacks a
+.Vt BN_GENCB
+structure should be initialised with a call to
+.Fn BN_GENCB_set ,
+where
+.Fa gencb
+is a
+.Vt BN_GENCB * ,
+.Fa callback
+is of type
+.Vt int (*callback)(int, int, BN_GENCB *)
+and
+.Fa cb_arg
+is a
+.Vt void * .
+"Old" style callbacks are the same except they are initialised with a
+call to
+.Fn BN_GENCB_set_old
+and
+.Fa callback
+is of type
+.Vt void (*callback)(int, int, void *) .
+.Pp
+A callback is invoked through a call to
+.Fn BN_GENCB_call .
+This will check the type of the callback and will invoke
+.Fn callback a b gencb
+for new style callbacks or
+.Fn callback a b cb_arg
+for old style.
+.Pp
+.Fn BN_generate_prime
+(deprecated) works in the same way as
+.Fn BN_generate_prime_ex
+but expects an old style callback function directly in the
+.Fa callback
+parameter, and an argument to pass to it in the
+.Fa cb_arg .
+Similarly
+.Fn BN_is_prime
+and
+.Fn BN_is_prime_fasttest
+are deprecated and can be compared to
+.Fn BN_is_prime_ex
+and
+.Fn BN_is_prime_fasttest_ex
+respectively.
+.Sh RETURN VALUES
+.Fn BN_generate_prime_ex
+returns 1 on success or 0 on error.
+.Pp
+.Fn BN_is_prime_ex ,
+.Fn BN_is_prime_fasttest_ex ,
+.Fn BN_is_prime ,
+and
+.Fn BN_is_prime_fasttest
+return 0 if the number is composite, 1 if it is prime with an error
+probability of less than
+.Pf 0.25^ Fa nchecks ,
+and -1 on error.
+.Pp
+.Fn BN_generate_prime
+returns the prime number on success,
+.Dv NULL
+otherwise.
+.Pp
+Callback functions should return 1 on success or 0 on error.
+.Pp
+The error codes can be obtained by
+.Xr ERR_get_error 3 .
+.Sh SEE ALSO
+.Xr bn 3 ,
+.Xr ERR_get_error 3 ,
+.Xr rand 3
+.Sh HISTORY
+The
+.Fa cb_arg
+arguments to
+.Fn BN_generate_prime
+and to
+.Fn BN_is_prime
+were added in SSLeay 0.9.0.
+The
+.Fa ret
+argument to
+.Fn BN_generate_prime
+was added in SSLeay 0.9.1.
+.Fn BN_is_prime_fasttest
+was added in OpenSSL 0.9.5.
diff --git a/src/lib/libcrypto/man/BN_mod_inverse.3 b/src/lib/libcrypto/man/BN_mod_inverse.3
new file mode 100644
index 0000000000..db63269fb8
--- /dev/null
+++ b/src/lib/libcrypto/man/BN_mod_inverse.3
@@ -0,0 +1,59 @@
+.Dd $Mdocdate: February 23 2015 $
+.Dt BN_MOD_INVERSE 3
+.Os
+.Sh NAME
+.Nm BN_mod_inverse
+.Nd compute inverse modulo n
+.Sh SYNOPSIS
+.In openssl/bn.h
+.Ft BIGNUM *
+.Fo BN_mod_inverse
+.Fa "BIGNUM *r"
+.Fa "BIGNUM *a"
+.Fa "const BIGNUM *n"
+.Fa "BN_CTX *ctx"
+.Fc
+.Sh DESCRIPTION
+.Fn BN_mod_inverse
+computes the inverse of
+.Fa a
+modulo
+.Fa n
+add places the result in
+.Fa r
+.Pq Li (a*r)%n==1 .
+If
+.Fa r
+is
+.Dv NULL ,
+a new
+.Vt BIGNUM
+is created.
+.Pp
+.Fa ctx
+is a previously allocated
+.Vt BN_CTX
+used for temporary variables.
+.Fa r
+may be the same
+.Vt BIGNUM
+as
+.Fa a
+or
+.Fa n .
+.Sh RETURN VALUES
+.Fn BN_mod_inverse
+returns the
+.Vt BIGNUM
+containing the inverse, or
+.Dv NULL
+on error.
+The error codes can be obtained by
+.Xr ERR_get_error 3 .
+.Sh SEE ALSO
+.Xr bn 3 ,
+.Xr BN_add 3 ,
+.Xr ERR_get_error 3
+.Sh HISTORY
+.Fn BN_mod_inverse
+is available in all versions of SSLeay and OpenSSL.
diff --git a/src/lib/libcrypto/man/BN_mod_mul_montgomery.3 b/src/lib/libcrypto/man/BN_mod_mul_montgomery.3
new file mode 100644
index 0000000000..ac120f3c02
--- /dev/null
+++ b/src/lib/libcrypto/man/BN_mod_mul_montgomery.3
@@ -0,0 +1,181 @@
+.Dd $Mdocdate: February 23 2015 $
+.Dt BN_MOD_MUL_MONTGOMERY 3
+.Os
+.Sh NAME
+.Nm BN_mod_mul_montgomery ,
+.Nm BN_MONT_CTX_new ,
+.Nm BN_MONT_CTX_init ,
+.Nm BN_MONT_CTX_free ,
+.Nm BN_MONT_CTX_set ,
+.Nm BN_MONT_CTX_copy ,
+.Nm BN_from_montgomery ,
+.Nm BN_to_montgomery
+.Nd Montgomery multiplication
+.Sh SYNOPSIS
+.In openssl/bn.h
+.Ft BN_MONT_CTX *
+.Fo BN_MONT_CTX_new
+.Fa void
+.Fc
+.Ft void
+.Fo BN_MONT_CTX_init
+.Fa "BN_MONT_CTX *ctx"
+.Fc
+.Ft void
+.Fo BN_MONT_CTX_free
+.Fa "BN_MONT_CTX *mont"
+.Fc
+.Ft int
+.Fo BN_MONT_CTX_set
+.Fa "BN_MONT_CTX *mont"
+.Fa "const BIGNUM *m"
+.Fa "BN_CTX *ctx"
+.Fc
+.Ft BN_MONT_CTX *
+.Fo BN_MONT_CTX_copy
+.Fa "BN_MONT_CTX *to"
+.Fa "BN_MONT_CTX *from"
+.Fc
+.Ft int
+.Fo BN_mod_mul_montgomery
+.Fa "BIGNUM *r"
+.Fa "BIGNUM *a"
+.Fa "BIGNUM *b"
+.Fa "BN_MONT_CTX *mont"
+.Fa "BN_CTX *ctx"
+.Fc
+.Ft int
+.Fo BN_from_montgomery
+.Fa "BIGNUM *r"
+.Fa "BIGNUM *a"
+.Fa "BN_MONT_CTX *mont"
+.Fa "BN_CTX *ctx"
+.Fc
+.Ft int
+.Fo BN_to_montgomery
+.Fa "BIGNUM *r"
+.Fa "BIGNUM *a"
+.Fa "BN_MONT_CTX *mont"
+.Fa "BN_CTX *ctx"
+.Fc
+.Sh DESCRIPTION
+These functions implement Montgomery multiplication.
+They are used automatically when
+.Xr BN_mod_exp 3
+is called with suitable input, but they may be useful when several
+operations are to be performed using the same modulus.
+.Pp
+.Fn BN_MONT_CTX_new
+allocates and initializes a
+.Vt BN_MONT_CTX
+structure.
+.Fn BN_MONT_CTX_init
+initializes an existing uninitialized
+.Vt BN_MONT_CTX .
+.Pp
+.Fn BN_MONT_CTX_set
+sets up the
+.Fa mont
+structure from the modulus
+.Fa m
+by precomputing its inverse and a value R.
+.Pp
+.Fn BN_MONT_CTX_copy
+copies the
+.Vt BN_MONT_CTX
+.Fa from
+to
+.Fa to .
+.Pp
+.Fn BN_MONT_CTX_free
+frees the components of the
+.Vt BN_MONT_CTX ,
+and, if it was created by
+.Fn BN_MONT_CTX_new ,
+also the structure itself.
+.Pp
+.Fn BN_mod_mul_montgomery
+computes
+.Pp
+.D1 Mont Ns Po Fa a , Fa b Pc := Fa a No * Fa b No * R^-1
+.Pp
+and places the result in
+.Fa r .
+.Pp
+.Fn BN_from_montgomery
+performs the Montgomery reduction
+.Pp
+.D1 Fa r No = Fa a No * R^-1.
+.Pp
+.Fn BN_to_montgomery
+computes
+.Pp
+.D1 Mont Ns Po Fa a , No R^2 Pc = Fa a No * R .
+.Pp
+Note that
+.Fa a
+must be non-negative and smaller than the modulus.
+.Pp
+For all functions,
+.Fa ctx
+is a previously allocated
+.Vt BN_CTX
+used for temporary variables.
+.Pp
+The
+.Vt BN_MONT_CTX
+structure is defined as follows:
+.Bd -literal
+typedef struct bn_mont_ctx_st {
+        int ri;         /* number of bits in R */
+        BIGNUM RR;      /* R^2 (used to convert to Montgomery form) */
+        BIGNUM N;       /* The modulus */
+        BIGNUM Ni;      /* R*(1/R mod N) - N*Ni = 1
+                         * (Ni is only stored for bignum algorithm) */
+        BN_ULONG n0;    /* least significant word of Ni */
+        int flags;
+} BN_MONT_CTX;
+.Ed
+.Pp
+.Fn BN_to_montgomery
+is a macro.
+.Pp
+.Sy Warning:
+The inputs must be reduced modulo
+.Fa m ,
+otherwise the result will be outside the expected range.
+.Sh RETURN VALUES
+.Fn BN_MONT_CTX_new
+returns the newly allocated
+.Vt BN_MONT_CTX ,
+and
+.Dv NULL
+on error.
+.Pp
+.Fn BN_MONT_CTX_init
+and
+.Fn BN_MONT_CTX_free
+return no values.
+.Pp
+For the other functions, 1 is returned for success, 0 on error.
+The error codes can be obtained by
+.Xr ERR_get_error 3 .
+.Sh SEE ALSO
+.Xr bn 3 ,
+.Xr BN_add 3 ,
+.Xr BN_CTX_new 3 ,
+.Xr ERR_get_error 3
+.Sh HISTORY
+.Fn BN_MONT_CTX_new ,
+.Fn BN_MONT_CTX_free ,
+.Fn BN_MONT_CTX_set ,
+.Fn BN_mod_mul_montgomery ,
+.Fn BN_from_montgomery
+and
+.Fn BN_to_montgomery
+are available in all versions of SSLeay and OpenSSL.
+.Pp
+.Fn BN_MONT_CTX_init
+and
+.Fn BN_MONT_CTX_copy
+were added in SSLeay 0.9.1b.
diff --git a/src/lib/libcrypto/man/BN_mod_mul_reciprocal.3 b/src/lib/libcrypto/man/BN_mod_mul_reciprocal.3
new file mode 100644
index 0000000000..ceb1ffae5b
--- /dev/null
+++ b/src/lib/libcrypto/man/BN_mod_mul_reciprocal.3
@@ -0,0 +1,147 @@
+.Dd $Mdocdate: February 23 2015 $
+.Dt BN_MOD_MUL_RECIPROCAL 3
+.Os
+.Sh NAME
+.Nm BN_mod_mul_reciprocal ,
+.Nm BN_div_recp ,
+.Nm BN_RECP_CTX_new ,
+.Nm BN_RECP_CTX_init ,
+.Nm BN_RECP_CTX_free ,
+.Nm BN_RECP_CTX_set
+.Nd modular multiplication using reciprocal
+.Sh SYNOPSIS
+.In openssl/bn.h
+.Ft BN_RECP_CTX *
+.Fo BN_RECP_CTX_new
+.Fa void
+.Fc
+.Ft void
+.Fo BN_RECP_CTX_init
+.Fa "BN_RECP_CTX *recp"
+.Fc
+.Ft void
+.Fo BN_RECP_CTX_free
+.Fa "BN_RECP_CTX *recp"
+.Fc
+.Ft int
+.Fo BN_RECP_CTX_set
+.Fa "BN_RECP_CTX *recp"
+.Fa "const BIGNUM *m"
+.Fa "BN_CTX *ctx"
+.Fc
+.Ft int
+.Fo BN_div_recp
+.Fa "BIGNUM *dv"
+.Fa "BIGNUM *rem"
+.Fa "BIGNUM *a"
+.Fa "BN_RECP_CTX *recp"
+.Fa "BN_CTX *ctx"
+.Fc
+.Ft int
+.Fo BN_mod_mul_reciprocal
+.Fa "BIGNUM *r"
+.Fa "BIGNUM *a"
+.Fa "BIGNUM *b"
+.Fa "BN_RECP_CTX *recp"
+.Fa "BN_CTX *ctx"
+.Fc
+.Sh DESCRIPTION
+.Fn BN_mod_mul_reciprocal
+can be used to perform an efficient
+.Xr BN_mod_mul 3
+operation when the operation will be performed repeatedly with the same
+modulus.
+It computes
+.Fa r Ns =( Ns Fa a Ns * Ns Fa b Ns )% Ns Fa m
+using
+.Fa recp Ns =1/ Ns Fa m ,
+which is set as described below.
+.Fa ctx
+is a previously allocated
+.Vt BN_CTX
+used for temporary variables.
+.Pp
+.Fn BN_RECP_CTX_new
+allocates and initializes a
+.Vt BN_RECP_CTX
+structure.
+.Fn BN_RECP_CTX_init
+initializes an existing uninitialized
+.Vt BN_RECP_CTX .
+.Pp
+.Fn BN_RECP_CTX_free
+frees the components of the
+.Vt BN_RECP_CTX ,
+and, if it was created by
+.Fn BN_RECP_CTX_new ,
+also the structure itself.
+.Pp
+.Fn BN_RECP_CTX_set
+stores
+.Fa m
+in
+.Fa recp
+and sets it up for computing
+.Pf 1/ Fa m
+and shifting it left by
+.Fn BN_num_bits m Ns +1
+to make it an integer.
+The result and the number of bits it was shifted left will later be
+stored in
+.Fa recp .
+.Pp
+.Fn BN_div_recp
+divides
+.Fa a
+by
+.Fa m
+using
+.Fa recp .
+It places the quotient in
+.Fa dv
+and the remainder in
+.Fa rem .
+.Pp
+The
+.Vt BN_RECP_CTX
+structure is defined as follows:
+.Bd -literal
+typedef struct bn_recp_ctx_st {
+        BIGNUM N;       /* the divisor */
+        BIGNUM Nr;      /* the reciprocal */
+        int num_bits;
+        int shift;
+        int flags;
+} BN_RECP_CTX;
+.Ed
+.Pp
+It cannot be shared between threads.
+.Sh RETURN VALUES
+.Fn BN_RECP_CTX_new
+returns the newly allocated
+.Vt BN_RECP_CTX ,
+or
+.Dv NULL
+on error.
+.Pp
+.Fn BN_RECP_CTX_init
+and
+.Fn BN_RECP_CTX_free
+return no values.
+.Pp
+For the other functions, 1 is returned for success, 0 on error.
+The error codes can be obtained by
+.Xr ERR_get_error 3 .
+.Sh SEE ALSO
+.Xr bn 3 ,
+.Xr BN_add 3 ,
+.Xr BN_CTX_new 3 ,
+.Xr ERR_get_error 3
+.Sh HISTORY
+.Vt BN_RECP_CTX
+was added in SSLeay 0.9.0.
+Before that, a function
+.Fn BN_reciprocal
+was used instead, and the
+.Fn BN_mod_mul_reciprocal
+arguments were different.
diff --git a/src/lib/libcrypto/man/BN_new.3 b/src/lib/libcrypto/man/BN_new.3
new file mode 100644
index 0000000000..ad8ce886d9
--- /dev/null
+++ b/src/lib/libcrypto/man/BN_new.3
@@ -0,0 +1,84 @@
+.Dd $Mdocdate: February 23 2015 $
+.Dt BN_NEW 3
+.Os
+.Sh NAME
+.Nm BN_new ,
+.Nm BN_init ,
+.Nm BN_clear ,
+.Nm BN_free ,
+.Nm BN_clear_free
+.Nd allocate and free BIGNUMs
+.Sh SYNOPSIS
+.In openssl/bn.h
+.Ft BIGNUM *
+.Fo BN_new
+.Fa void
+.Fc
+.Ft void
+.Fo BN_init
+.Fa "BIGNUM *"
+.Fc
+.Ft void
+.Fo BN_clear
+.Fa "BIGNUM *a"
+.Fc
+.Ft void
+.Fo BN_free
+.Fa "BIGNUM *a"
+.Fc
+.Ft void
+.Fo BN_clear_free
+.Fa "BIGNUM *a"
+.Fc
+.Sh DESCRIPTION
+.Fn BN_new
+allocates and initializes a
+.Vt BIGNUM
+structure.
+.Fn BN_init
+initializes an existing uninitialized
+.Vt BIGNUM .
+.Pp
+.Fn BN_clear
+is used to destroy sensitive data such as keys when they are no longer
+needed.
+It erases the memory used by
+.Fa a
+and sets it to the value 0.
+.Pp
+.Fn BN_free
+frees the components of the
+.Vt BIGNUM ,
+and if it was created by
+.Fn BN_new ,
+also the structure itself.
+.Fn BN_clear_free
+additionally overwrites the data before the memory is returned to the
+system.
+.Sh RETURN VALUES
+.Fn BN_new
+returns a pointer to the
+.Vt BIGNUM .
+If the allocation fails, it returns
+.Dv NULL
+and sets an error code that can be obtained by
+.Xr ERR_get_error 3 .
+.Pp
+.Fn BN_init ,
+.Fn BN_clear ,
+.Fn BN_free ,
+and
+.Fn BN_clear_free
+return no values.
+.Sh SEE ALSO
+.Xr bn 3 ,
+.Xr ERR_get_error 3
+.Sh HISTORY
+.Fn BN_new ,
+.Fn BN_clear ,
+.Fn BN_free ,
+and
+.Fn BN_clear_free
+are available in all versions on SSLeay and OpenSSL.
+.Fn BN_init
+was added in SSLeay 0.9.1b.
diff --git a/src/lib/libcrypto/man/BN_num_bytes.3 b/src/lib/libcrypto/man/BN_num_bytes.3
new file mode 100644
index 0000000000..2d7be7e443
--- /dev/null
+++ b/src/lib/libcrypto/man/BN_num_bytes.3
@@ -0,0 +1,76 @@
+.Dd $Mdocdate: February 23 2015 $
+.Dt BN_NUM_BYTES 3
+.Os
+.Sh NAME
+.Nm BN_num_bits ,
+.Nm BN_num_bytes ,
+.Nm BN_num_bits_word
+.Nd get BIGNUM size
+.Sh SYNOPSIS
+.In openssl/bn.h
+.Ft int
+.Fo BN_num_bytes
+.Fa "const BIGNUM *a"
+.Fc
+.Ft int
+.Fo BN_num_bits
+.Fa "const BIGNUM *a"
+.Fc
+.Ft int
+.Fo BN_num_bits_word
+.Fa "BN_ULONG w"
+.Fc
+.Sh DESCRIPTION
+.Fn BN_num_bytes
+returns the size of a
+.Sy BIGNUM
+in bytes.
+.Pp
+.Fn BN_num_bits_word
+returns the number of significant bits in a word.
+If we take 0x00000432 as an example, it returns 11, not 16, not 32.
+Basically, except for a zero, it returns
+.Pp
+.D1 floor(log2( Ns Fa w ) ) No + 1 .
+.Pp
+.Fn BN_num_bits
+returns the number of significant bits in a
+.Sy BIGNUM ,
+following the same principle as
+.Fn BN_num_bits_word .
+.Pp
+.Fn BN_num_bytes
+is a macro.
+.Sh RETURN VALUES
+The size.
+.Sh NOTES
+Some have tried using
+.Fn BN_num_bits
+on individual numbers in RSA keys, DH keys and DSA keys, and found that
+they don't always come up with the number of bits they expected
+(something like 512, 1024, 2048, ...). This is because generating a
+number with some specific number of bits doesn't always set the highest
+bits, thereby making the number of
+.Em significant
+bits a little lower.
+If you want to know the "key size" of such a key, either use functions
+like
+.Xr RSA_size 3 ,
+.Xr DH_size 3 ,
+and
+.Xr DSA_size 3 ,
+or use
+.Fn BN_num_bytes
+and multiply with 8 (although there's no real guarantee that will match
+the "key size", just a lot more probability).
+.Sh SEE ALSO
+.Xr bn 3 ,
+.Xr DH_size 3 ,
+.Xr DSA_size 3 ,
+.Xr RSA_size 3
+.Sh HISTORY
+.Fn BN_num_bytes ,
+.Fn BN_num_bits ,
+and
+.Fn BN_num_bits_word
+are available in all versions of SSLeay and OpenSSL.
diff --git a/src/lib/libcrypto/man/BN_rand.3 b/src/lib/libcrypto/man/BN_rand.3
new file mode 100644
index 0000000000..5ae9e9d791
--- /dev/null
+++ b/src/lib/libcrypto/man/BN_rand.3
@@ -0,0 +1,93 @@
+.Dd $Mdocdate: February 23 2015 $
+.Dt BN_RAND 3
+.Os
+.Sh NAME
+.Nm BN_rand ,
+.Nm BN_pseudo_rand ,
+.Nm BN_rand_range ,
+.Nm BN_pseudo_rand_range
+.Nd generate pseudo-random number
+.Sh SYNOPSIS
+.In openssl/bn.h
+.Ft int
+.Fo BN_rand
+.Fa "BIGNUM *rnd"
+.Fa "int bits"
+.Fa "int top"
+.Fa "int bottom"
+.Fc
+.Ft int
+.Fo BN_pseudo_rand
+.Fa "BIGNUM *rnd"
+.Fa "int bits"
+.Fa "int top"
+.Fa "int bottom"
+.Fc
+.Ft int
+.Fo BN_rand_range
+.Fa "BIGNUM *rnd"
+.Fa "BIGNUM *range"
+.Fc
+.Ft int
+.Fo BN_pseudo_rand_range
+.Fa "BIGNUM *rnd"
+.Fa "BIGNUM *range"
+.Fc
+.Sh DESCRIPTION
+.Fn BN_rand
+generates a cryptographically strong pseudo-random number of
+.Fa bits
+bits in length and stores it in
+.Fa rnd .
+If
+.Fa top
+is -1, the most significant bit of the random number can be zero.
+If
+.Fa top
+is 0, it is set to 1, and if
+.Fa top
+is 1, the two most significant bits of the number will be set to 1, so
+that the product of two such random numbers will always have
+.Pf 2* Fa bits
+length.
+If
+.Fa bottom
+is true, the number will be odd.
+.Pp
+.Fn BN_pseudo_rand
+does the same, but pseudo-random numbers generated by this function are
+not necessarily unpredictable.
+They can be used for non-cryptographic purposes and for certain purposes
+in cryptographic protocols, but usually not for key generation etc.
+.Pp
+.Fn BN_rand_range
+generates a cryptographically strong pseudo-random number
+.Fa rnd
+in the range 0 <=
+.Fa rnd No < Fa range .
+.Fn BN_pseudo_rand_range
+does the same, but is based on
+.Fn BN_pseudo_rand ,
+and hence numbers generated by it are not necessarily unpredictable.
+.Sh RETURN VALUES
+The functions return 1 on success, 0 on error.
+The error codes can be obtained by
+.Xr ERR_get_error 3 .
+.Sh SEE ALSO
+.Xr bn 3 ,
+.Xr ERR_get_error 3 ,
+.Xr rand 3 ,
+.Xr RAND_add 3 ,
+.Xr RAND_bytes 3
+.Sh HISTORY
+.Fn BN_rand
+is available in all versions of SSLeay and OpenSSL.
+.Fn BN_pseudo_rand
+was added in OpenSSL 0.9.5.
+The
+.Fa top
+== -1 case and the function
+.Fn BN_rand_range
+were added in OpenSSL 0.9.6a.
+.Fn BN_pseudo_rand_range
+was added in OpenSSL 0.9.6c.
diff --git a/src/lib/libcrypto/man/BN_set_bit.3 b/src/lib/libcrypto/man/BN_set_bit.3
new file mode 100644
index 0000000000..4a199cd0d0
--- /dev/null
+++ b/src/lib/libcrypto/man/BN_set_bit.3
@@ -0,0 +1,157 @@
+.Dd $Mdocdate: February 23 2015 $
+.Dt BN_SET_BIT 3
+.Os
+.Sh NAME
+.Nm BN_set_bit ,
+.Nm BN_clear_bit ,
+.Nm BN_is_bit_set ,
+.Nm BN_mask_bits ,
+.Nm BN_lshift ,
+.Nm BN_lshift1 ,
+.Nm BN_rshift ,
+.Nm BN_rshift1
+.Nd bit operations on BIGNUMs
+.Sh SYNOPSIS
+.In openssl/bn.h
+.Ft int
+.Fo BN_set_bit
+.Fa "BIGNUM *a"
+.Fa "int n"
+.Fc
+.Ft int
+.Fo BN_clear_bit
+.Fa "BIGNUM *a"
+.Fa "int n"
+.Fc
+.Ft int
+.Fo BN_is_bit_set
+.Fa "const BIGNUM *a"
+.Fa "int n"
+.Fc
+.Ft int
+.Fo BN_mask_bits
+.Fa "BIGNUM *a"
+.Fa "int n"
+.Fc
+.Ft int
+.Fo BN_lshift
+.Fa "BIGNUM *r"
+.Fa "const BIGNUM *a"
+.Fa "int n"
+.Fc
+.Ft int
+.Fo BN_lshift1
+.Fa "BIGNUM *r"
+.Fa "BIGNUM *a"
+.Fc
+.Ft int
+.Fo BN_rshift
+.Fa "BIGNUM *r"
+.Fa "BIGNUM *a"
+.Fa "int n"
+.Fc
+.Ft int
+.Fo BN_rshift1
+.Fa "BIGNUM *r"
+.Fa "BIGNUM *a"
+.Fc
+.Sh DESCRIPTION
+.Fn BN_set_bit
+sets bit
+.Fa n
+in
+.Fa a
+to 1
+.Pq Li a|=(1<<n) .
+The number is expanded if necessary.
+.Pp
+.Fn BN_clear_bit
+sets bit
+.Fa n
+in
+.Fa a
+to 0
+.Pq Li a&=~(1<<n) .
+An error occurs if
+.Fa a
+is shorter than
+.Fa n
+bits.
+.Pp
+.Fn BN_is_bit_set
+tests if bit
+.Fa n
+in
+.Fa a
+is set.
+.Pp
+.Fn BN_mask_bits
+truncates
+.Fa a
+to an
+.Fa n
+bit number
+.Pq Li a&=~((~0)>>n) .
+An error occurs if
+.Fa a
+already is shorter than
+.Fa n
+bits.
+.Pp
+.Fn BN_lshift
+shifts
+.Fa a
+left by
+.Fa n
+bits and places the result in
+.Fa r
+.Pq Li r=a*2^n .
+.Fn BN_lshift1
+shifts
+.Fa a
+left by one and places the result in
+.Fa r
+.Pq Li r=2*a .
+.Pp
+.Fn BN_rshift
+shifts
+.Fa a
+right by
+.Fa n
+bits and places the result in
+.Fa r
+.Pq Li r=a/2^n .
+.Fn BN_rshift1
+shifts
+.Fa a
+right by one and places the result in
+.Fa r
+.Pq Li r=a/2 .
+.Pp
+For the shift functions,
+.Fa r
+and
+.Fa a
+may be the same variable.
+.Sh RETURN VALUES
+.Fn BN_is_bit_set
+returns 1 if the bit is set, 0 otherwise.
+.Pp
+All other functions return 1 for success, 0 on error.
+The error codes can be obtained by
+.Xr ERR_get_error 3 .
+.Sh SEE ALSO
+.Xr bn 3 ,
+.Xr BN_add 3 ,
+.Xr BN_num_bytes 3
+.Sh HISTORY
+.Fn BN_set_bit ,
+.Fn BN_clear_bit ,
+.Fn BN_is_bit_set ,
+.Fn BN_mask_bits ,
+.Fn BN_lshift ,
+.Fn BN_lshift1 ,
+.Fn BN_rshift ,
+and
+.Fn BN_rshift1
+are available in all versions of SSLeay and OpenSSL.
diff --git a/src/lib/libcrypto/man/BN_swap.3 b/src/lib/libcrypto/man/BN_swap.3
new file mode 100644
index 0000000000..b252261067
--- /dev/null
+++ b/src/lib/libcrypto/man/BN_swap.3
@@ -0,0 +1,23 @@
+.Dd $Mdocdate: February 23 2015 $
+.Dt BN_SWAP 3
+.Os
+.Sh NAME
+.Nm BN_swap
+.Nd exchange BIGNUMs
+.Sh SYNOPSIS
+.In openssl/bn.h
+.Ft void
+.Fo BN_swap
+.Fa "BIGNUM *a"
+.Fa "BIGNUM *b"
+.Fc
+.Sh DESCRIPTION
+.Fn BN_swap
+exchanges the values of
+.Fa a
+and
+.Fa b .
+.Sh SEE ALSO
+.Xr bn 3
+.Sh HISTORY
+BN_swap was added in OpenSSL 0.9.7.
diff --git a/src/lib/libcrypto/man/BN_zero.3 b/src/lib/libcrypto/man/BN_zero.3
new file mode 100644
index 0000000000..adfd6a0c65
--- /dev/null
+++ b/src/lib/libcrypto/man/BN_zero.3
@@ -0,0 +1,101 @@
+.Dd $Mdocdate: February 23 2015 $
+.Dt BN_ZERO 3
+.Os
+.Sh NAME
+.Nm BN_zero ,
+.Nm BN_one ,
+.Nm BN_value_one ,
+.Nm BN_set_word ,
+.Nm BN_get_word
+.Nd BIGNUM assignment operations
+.Sh SYNOPSIS
+.In openssl/bn.h
+.Ft int
+.Fo BN_zero
+.Fa "BIGNUM *a"
+.Fc
+.Ft int
+.Fo BN_one
+.Fa "BIGNUM *a"
+.Fc
+.Ft const BIGNUM *
+.Fo BN_value_one
+.Fa void
+.Fc
+.Ft int
+.Fo BN_set_word
+.Fa "BIGNUM *a"
+.Fa "unsigned long w"
+.Fc
+.Ft unsigned long
+.Fo BN_get_word
+.Fa "BIGNUM *a"
+.Fc
+.Sh DESCRIPTION
+.Fn BN_zero ,
+.Fn BN_one ,
+and
+.Fn BN_set_word
+set
+.Fa a
+to the values 0, 1 and
+.Fa w
+respectively.
+.Fn BN_zero
+and
+.Fn BN_one
+are macros.
+.Pp
+.Fn BN_value_one
+returns a
+.Vt BIGNUM
+constant of value 1.
+This constant is useful for use in comparisons and assignment.
+.Pp
+.Fn BN_get_word
+returns
+.Fa a
+if it can be represented as an
+.Vt unsigned long .
+.Sh RETURN VALUES
+.Fn BN_get_word
+returns the value
+.Fa a ,
+or 0xffffffffL if
+.Fa a
+cannot be represented as an
+.Vt unsigned long .
+.Pp
+.Fn BN_zero ,
+.Fn BN_one ,
+and
+.Fn BN_set_word
+return 1 on success, 0 otherwise.
+.Fn BN_value_one
+returns the constant.
+.Sh SEE ALSO
+.Xr bn 3 ,
+.Xr BN_bn2bin 3
+.Sh HISTORY
+.Fn BN_zero ,
+.Fn BN_one ,
+and
+.Fn BN_set_word
+are available in all versions of SSLeay and OpenSSL.
+.Fn BN_value_one
+and
+.Fn BN_get_word
+were added in SSLeay 0.8.
+.Pp
+.Fn BN_value_one
+was changed to return a true
+.Vt const BIGNUM *
+in OpenSSL 0.9.7.
+.Sh BUGS
+Someone might change the constant.
+.Pp
+If a
+.Vt BIGNUM
+is equal to 0xffffffffL it can be represented as an
+.Vt unsigned long
+but this value is also returned on error.
diff --git a/src/lib/libcrypto/man/Makefile b/src/lib/libcrypto/man/Makefile
index 2ac6e5b6f6..bce02f647f 100644
--- a/src/lib/libcrypto/man/Makefile
+++ b/src/lib/libcrypto/man/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.18 2015/02/16 16:42:14 schwarze Exp $
+# $OpenBSD: Makefile,v 1.19 2015/02/23 17:43:24 schwarze Exp $
 
 .include <bsd.own.mk>           # for NOMAN
 
@@ -33,8 +33,6 @@ MAN=	\
         BIO_s_socket.3 \
         BIO_set_callback.3 \
         BIO_should_retry.3 \
-
-GENMAN= \
         BN_BLINDING_new.3 \
         BN_CTX_new.3 \
         BN_CTX_start.3 \
@@ -53,6 +51,8 @@ GENMAN= \
         BN_set_bit.3 \
         BN_swap.3 \
         BN_zero.3 \
+
+GENMAN= \
         BUF_MEM_new.3 \
         CONF_modules_free.3 \
         CONF_modules_load_file.3 \