convert ERR manuals from pod to mdoc; while reading this,

i wtfed, laughed, puked, and cried in more or less that order...

12 files changed, 963 insertions, 10 deletions

diff --git a/lib/libcrypto/man/ERR.3 b/lib/libcrypto/man/ERR.3
new file mode 100644
index 00000000000..2c9a4479f76
--- /dev/null
+++ b/lib/libcrypto/man/ERR.3
@@ -0,0 +1,297 @@
+.Dd $Mdocdate: November 2 2016 $
+.Dt ERR 3
+.Os
+.Sh NAME
+.Nm ERR
+.Nd OpenSSL error codes
+.Sh SYNOPSIS
+.In openssl/err.h
+.Ft unsigned long
+.Fn ERR_get_error void
+.Ft unsigned long
+.Fn ERR_peek_error void
+.Ft unsigned long
+.Fo ERR_get_error_line
+.Fa "const char **file"
+.Fa "int *line"
+.Fc
+.Ft unsigned long
+.Fo ERR_peek_error_line
+.Fa "const char **file"
+.Fa "int *line"
+.Fc
+.Ft unsigned long
+.Fo ERR_get_error_line_data
+.Fa "const char **file"
+.Fa "int *line"
+.Fa "const char **data"
+.Fa "int *flags"
+.Fc
+.Ft unsigned long
+.Fo ERR_peek_error_line_data
+.Fa "const char **file"
+.Fa "int *line"
+.Fa "const char **data"
+.Fa "int *flags"
+.Fc
+.Ft int
+.Fo ERR_GET_LIB
+.Fa "unsigned long e"
+.Fc
+.Ft int
+.Fo ERR_GET_FUNC
+.Fa "unsigned long e"
+.Fc
+.Ft int
+.Fo ERR_GET_REASON
+.Fa "unsigned long e"
+.Fc
+.Ft void
+.Fn ERR_clear_error void
+.Ft char *
+.Fo ERR_error_string
+.Fa "unsigned long e"
+.Fa "char *buf"
+.Fc
+.Ft const char *
+.Fo ERR_lib_error_string
+.Fa "unsigned long e"
+.Fc
+.Ft const char *
+.Fo ERR_func_error_string
+.Fa "unsigned long e"
+.Fc
+.Ft const char *
+.Fo ERR_reason_error_string
+.Fa "unsigned long e"
+.Fc
+.Ft void
+.Fo ERR_print_errors
+.Fa "BIO *bp"
+.Fc
+.Ft void
+.Fo ERR_print_errors_fp
+.Fa "FILE *fp"
+.Fc
+.Ft void
+.Fn ERR_load_crypto_strings void
+.Ft void
+.Fn ERR_free_strings void
+.Ft void
+.Fo ERR_remove_state
+.Fa "unsigned long pid"
+.Fc
+.Ft void
+.Fo ERR_put_error
+.Fa "int lib"
+.Fa "int func"
+.Fa "int reason"
+.Fa "const char *file"
+.Fa "int line"
+.Fc
+.Ft void
+.Fo ERR_add_error_data
+.Fa "int num"
+.Fa ...
+.Fc
+.Ft void
+.Fo ERR_load_strings
+.Fa "int lib"
+.Fa "ERR_STRING_DATA str[]"
+.Fc
+.Ft unsigned long
+.Fo ERR_PACK
+.Fa "int lib"
+.Fa "int func"
+.Fa "int reason"
+.Fc
+.Ft int
+.Fn ERR_get_next_error_library void
+.Sh DESCRIPTION
+When a call to the OpenSSL library fails, this is usually signalled by
+the return value, and an error code is stored in an error queue
+associated with the current thread.
+The
+.Nm
+library provides functions to obtain these error codes and textual error
+messages.
+The
+.Xr ERR_get_error 3
+manpage describes how to access error codes.
+.Pp
+Error codes contain information about where the error occurred, and what
+went wrong.
+.Xr ERR_GET_LIB 3
+describes how to extract this information.
+A method to obtain human-readable error messages is described in
+.Xr ERR_error_string 3 .
+.Pp
+.Xr ERR_clear_error 3
+can be used to clear the error queue.
+.Pp
+Note that
+.Xr ERR_remove_state 3
+should be used to avoid memory leaks when threads are terminated.
+.Sh ADDING NEW ERROR CODES TO OPENSSL
+See
+.Xr ERR_put_error 3
+if you want to record error codes in the OpenSSL error system from
+within your application.
+.Pp
+The remainder of this section is of interest only if you want to add new
+error codes to OpenSSL or add error codes from external libraries.
+.Ss Reporting errors
+Each sub-library has a specific macro
+.Fn XXXerr f r
+that is used to report errors.
+Its first argument is a function code
+.Dv XXX_F_* ,
+the second argument is a reason code
+.Dv XXX_R_* .
+Function codes are derived from the function names; reason codes consist
+of textual error descriptions.
+For example, the function
+.Fn ssl23_read
+reports a "handshake failure" as follows:
+.Pp
+.Dl SSLerr(SSL_F_SSL23_READ, SSL_R_SSL_HANDSHAKE_FAILURE);
+.Pp
+Function and reason codes should consist of upper case characters,
+numbers and underscores only.
+The error file generation script translates function codes into function
+names by looking in the header files for an appropriate function name,
+if none is found it just uses the capitalized form such as "SSL23_READ"
+in the above example.
+.Pp
+The trailing section of a reason code (after the "_R_") is translated
+into lower case and underscores changed to spaces.
+.Pp
+When you are using new function or reason codes, run
+.Sy make errors .
+The necessary
+.Sy #define Ns s
+will then automatically be added to the sub-library's header file.
+.Pp
+Although a library will normally report errors using its own specific
+.Fn XXXerr
+macro, another library's macro can be used.
+This is normally only done when a library wants to include ASN1 code
+which must use the
+.Fn ASN1err
+macro.
+.Ss Adding new libraries
+When adding a new sub-library to OpenSSL, assign it a library number
+.Dv ERR_LIB_XXX ,
+define a macro
+.Fn XXXerr
+(both in
+.In openssl/err.h ) ,
+add its name to
+.Va ERR_str_libraries[]
+(in
+.Pa /usr/src/lib/libcrypto/err/err.c ) ,
+and add
+.Fn ERR_load_XXX_strings
+to the
+.Fn ERR_load_crypto_strings
+function (in
+.Sy /usr/src/lib/libcrypto/err/err_all.c ) .
+Finally, add an entry
+.Pp
+.Dl L XXX xxx.h xxx_err.c
+.Pp
+to
+.Sy /usr/src/lib/libcrypto/err/openssl.ec ,
+and add
+.Pa xxx_err.c
+to the
+.Pa Makefile .
+Running
+.Sy make errors
+will then generate a file
+.Pa xxx_err.c ,
+and add all error codes used in the library to
+.Pa xxx.h .
+.Pp
+Additionally the library include file must have a certain form.
+Typically it will initially look like this:
+.Bd -literal -offset indent
+#ifndef HEADER_XXX_H
+#define HEADER_XXX_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* Include files */
+
+#include <openssl/bio.h>
+#include <openssl/x509.h>
+
+/* Macros, structures and function prototypes */
+
+/* BEGIN ERROR CODES */
+.Ed
+.Pp
+The
+.Sy BEGIN ERROR CODES
+sequence is used by the error code generation script as the point to
+place new error codes, any text after this point will be overwritten
+when
+.Sy make errors
+is run.
+The closing #endif etc. will be automatically added by the script.
+.Pp
+The generated C error code file
+.Pa xxx_err.c
+will load the header files
+.In stdio.h ,
+.In openssl/err.h
+and
+.In openssl/xxx.h
+so the header file must load any additional header files containing any
+definitions it uses.
+.Sh USING ERROR CODES IN EXTERNAL LIBRARIES
+It is also possible to use OpenSSL's error code scheme in external
+libraries.
+The library needs to load its own codes and call the OpenSSL error code
+insertion script
+.Pa mkerr.pl
+explicitly to add codes to the header file and generate the C error code
+file.
+This will normally be done if the external library needs to generate new
+ASN1 structures but it can also be used to add more general purpose
+error code handling.
+.Sh INTERNALS
+The error queues are stored in a hash table with one
+.Vt ERR_STATE
+entry for each pid.
+.Fn ERR_get_state
+returns the current thread's
+.Vt ERR_STATE .
+An
+.Vt ERR_STATE
+can hold up to
+.Dv ERR_NUM_ERRORS
+error codes.
+When more error codes are added, the old ones are overwritten, on the
+assumption that the most recent errors are most important.
+.Pp
+Error strings are also stored in hash table.
+The hash tables can be obtained by calling
+.Fn ERR_get_err_state_table
+and
+.Fn ERR_get_string_table .
+.Sh SEE ALSO
+.Xr CRYPTO_set_id_callback 3 ,
+.Xr CRYPTO_set_locking_callback 3 ,
+.Xr ERR_clear_error 3 ,
+.Xr ERR_error_string 3 ,
+.Xr ERR_get_error 3 ,
+.Xr ERR_GET_LIB 3 ,
+.Xr ERR_load_crypto_strings 3 ,
+.Xr ERR_load_strings 3 ,
+.Xr ERR_print_errors 3 ,
+.Xr ERR_put_error 3 ,
+.Xr ERR_remove_state 3 ,
+.Xr SSL_get_error 3
diff --git a/lib/libcrypto/man/ERR_GET_LIB.3 b/lib/libcrypto/man/ERR_GET_LIB.3
new file mode 100644
index 00000000000..9b50ce39e64
--- /dev/null
+++ b/lib/libcrypto/man/ERR_GET_LIB.3
@@ -0,0 +1,63 @@
+.Dd $Mdocdate: November 2 2016 $
+.Dt ERR_GET_LIB 3
+.Os
+.Sh NAME
+.Nm ERR_GET_LIB ,
+.Nm ERR_GET_FUNC ,
+.Nm ERR_GET_REASON
+.Nd get library, function and reason codes for OpenSSL errors
+.Sh SYNOPSIS
+.In openssl/err.h
+.Ft int
+.Fo ERR_GET_LIB
+.Fa "unsigned long e"
+.Fc
+.Ft int
+.Fo ERR_GET_FUNC
+.Fa "unsigned long e"
+.Fc
+.Ft int
+.Fo ERR_GET_REASON
+.Fa "unsigned long e"
+.Fc
+.Sh DESCRIPTION
+The error code returned by
+.Xr ERR_get_error 3
+consists of a library number, function code, and reason code.
+.Fn ERR_GET_LIB ,
+.Fn ERR_GET_FUNC ,
+and
+.Fn ERR_GET_REASON
+can be used to extract these.
+.Pp
+The library number and function code describe where the error occurred,
+the reason code is the information about what went wrong.
+.Pp
+Each sub-library of OpenSSL has a unique library number; function and
+reason codes are unique within each sub-library.
+Note that different libraries may use the same value to signal different
+functions and reasons.
+.Pp
+.Dv ERR_R_*
+reason codes such as
+.Dv ERR_R_MALLOC_FAILURE
+are globally unique.
+However, when checking for sub-library specific reason codes, be sure to
+also compare the library number.
+.Pp
+.Fn ERR_GET_LIB ,
+.Fn ERR_GET_FUNC ,
+and
+.Fn ERR_GET_REASON
+are macros.
+.Sh RETURN VALUES
+The library number, function code, and reason code, respectively.
+.Sh SEE ALSO
+.Xr ERR 3 ,
+.Xr ERR_get_error 3
+.Sh HISTORY
+.Fn ERR_GET_LIB ,
+.Fn ERR_GET_FUNC ,
+and
+.Fn ERR_GET_REASON
+are available in all versions of SSLeay and OpenSSL.
diff --git a/lib/libcrypto/man/ERR_clear_error.3 b/lib/libcrypto/man/ERR_clear_error.3
new file mode 100644
index 00000000000..f5beb14b100
--- /dev/null
+++ b/lib/libcrypto/man/ERR_clear_error.3
@@ -0,0 +1,22 @@
+.Dd $Mdocdate: November 2 2016 $
+.Dt ERR_CLEAR_ERROR 3
+.Os
+.Sh NAME
+.Nm ERR_clear_error
+.Nd clear the OpenSSL error queue
+.Sh SYNOPSIS
+.In openssl/err.h
+.Ft void
+.Fn ERR_clear_error void
+.Sh DESCRIPTION
+.Fn ERR_clear_error
+empties the current thread's error queue.
+.Sh RETURN VALUES
+.Fn ERR_clear_error
+has no return value.
+.Sh SEE ALSO
+.Xr ERR 3 ,
+.Xr ERR_get_error 3
+.Sh HISTORY
+.Fn ERR_clear_error
+is available in all versions of SSLeay and OpenSSL.
diff --git a/lib/libcrypto/man/ERR_error_string.3 b/lib/libcrypto/man/ERR_error_string.3
new file mode 100644
index 00000000000..75878d233ee
--- /dev/null
+++ b/lib/libcrypto/man/ERR_error_string.3
@@ -0,0 +1,114 @@
+.Dd $Mdocdate: November 2 2016 $
+.Dt ERR_ERROR_STRING 3
+.Os
+.Sh NAME
+.Nm ERR_error_string ,
+.Nm ERR_error_string_n ,
+.Nm ERR_lib_error_string ,
+.Nm ERR_func_error_string ,
+.Nm ERR_reason_error_string
+.Nd obtain human-readable OpenSSL error messages
+.Sh SYNOPSIS
+.In openssl/err.h
+.Ft char *
+.Fo ERR_error_string
+.Fa "unsigned long e"
+.Fa "char *buf"
+.Fc
+.Ft void
+.Fo ERR_error_string_n
+.Fa "unsigned long e"
+.Fa "char *buf"
+.Fa "size_t len"
+.Fc
+.Ft const char *
+.Fo ERR_lib_error_string
+.Fa "unsigned long e"
+.Fc
+.Ft const char *
+.Fo ERR_func_error_string
+.Fa "unsigned long e"
+.Fc
+.Ft const char *
+.Fo ERR_reason_error_string
+.Fa "unsigned long e"
+.Fc
+.Sh DESCRIPTION
+.Fn ERR_error_string
+generates a human-readable string representing the error code
+.Fa e
+and places it in
+.Fa buf .
+.Fa buf
+must be at least 120 bytes long.
+If
+.Fa buf
+is
+.Dv NULL ,
+the error string is placed in a static buffer.
+.Fn ERR_error_string_n
+is a variant of
+.Fn ERR_error_string
+that writes at most
+.Fa len
+characters (including the terminating NUL) and truncates the string
+if necessary.
+For
+.Fn ERR_error_string_n ,
+.Fa buf
+may not be
+.Dv NULL .
+.Pp
+The string will have the following format:
+.Pp
+.Dl error:[error code]:[library name]:[function name]:[reason string]
+.Pp
+The error code is an 8 digit hexadecimal number.
+The library name, the function name, and the reason string are ASCII
+text.
+.Pp
+.Fn ERR_lib_error_string ,
+.Fn ERR_func_error_string ,
+and
+.Fn ERR_reason_error_string
+return the library name, the function name, and the reason string,
+respectively.
+.Pp
+The OpenSSL error strings should be loaded by calling
+.Xr ERR_load_crypto_strings 3
+or, for SSL applications,
+.Xr SSL_load_error_strings 3
+first.
+If there is no text string registered for the given error code, the
+error string will contain the numeric code.
+.Pp
+.Xr ERR_print_errors 3
+can be used to print all error codes currently in the queue.
+.Sh RETURN VALUES
+.Fn ERR_error_string
+returns a pointer to a static buffer containing the string if
+.Fa buf
+is
+.Dv NULL ,
+or
+.Fa buf
+otherwise.
+.Pp
+.Fn ERR_lib_error_string ,
+.Fn ERR_func_error_string ,
+and
+.Fn ERR_reason_error_string
+return the strings, or
+.Dv NULL
+if none is registered for the error code.
+.Sh SEE ALSO
+.Xr ERR 3 ,
+.Xr ERR_get_error 3 ,
+.Xr ERR_load_crypto_strings 3 ,
+.Xr ERR_print_errors 3 ,
+.Xr SSL_load_error_strings 3
+.Sh HISTORY
+.Fn ERR_error_string
+is available in all versions of SSLeay and OpenSSL.
+.Fn ERR_error_string_n
+was added in OpenSSL 0.9.6.
diff --git a/lib/libcrypto/man/ERR_get_error.3 b/lib/libcrypto/man/ERR_get_error.3
new file mode 100644
index 00000000000..8b11f792c16
--- /dev/null
+++ b/lib/libcrypto/man/ERR_get_error.3
@@ -0,0 +1,135 @@
+.Dd $Mdocdate: November 2 2016 $
+.Dt ERR_GET_ERROR 3
+.Os
+.Sh NAME
+.Nm ERR_get_error ,
+.Nm ERR_peek_error ,
+.Nm ERR_peek_last_error ,
+.Nm ERR_get_error_line ,
+.Nm ERR_peek_error_line ,
+.Nm ERR_peek_last_error_line ,
+.Nm ERR_get_error_line_data ,
+.Nm ERR_peek_error_line_data ,
+.Nm ERR_peek_last_error_line_data
+.Nd obtain OpenSSL error code and data
+.Sh SYNOPSIS
+.In openssl/err.h
+.Ft unsigned long
+.Fn ERR_get_error void
+.Ft unsigned long
+.Fn ERR_peek_error void
+.Ft unsigned long
+.Fn ERR_peek_last_error void
+.Ft unsigned long
+.Fo ERR_get_error_line
+.Fa "const char **file"
+.Fa "int *line"
+.Fc
+.Ft unsigned long
+.Fo ERR_peek_error_line
+.Fa "const char **file"
+.Fa "int *line"
+.Fc
+.Ft unsigned long
+.Fo ERR_peek_last_error_line
+.Fa "const char **file"
+.Fa "int *line"
+.Fc
+.Ft unsigned long
+.Fo ERR_get_error_line_data
+.Fa "const char **file"
+.Fa "int *line"
+.Fa "const char **data"
+.Fa "int *flags"
+.Fc
+.Ft unsigned long
+.Fo ERR_peek_error_line_data
+.Fa "const char **file"
+.Fa "int *line"
+.Fa "const char **data"
+.Fa "int *flags"
+.Fc
+.Ft unsigned long
+.Fo ERR_peek_last_error_line_data
+.Fa "const char **file"
+.Fa "int *line"
+.Fa "const char **data"
+.Fa "int *flags"
+.Fc
+.Sh DESCRIPTION
+.Fn ERR_get_error
+returns the earliest error code from the thread's error queue and
+removes the entry.
+This function can be called repeatedly until there are no more error
+codes to return.
+.Pp
+.Fn ERR_peek_error
+returns the earliest error code from the thread's error queue without
+modifying it.
+.Pp
+.Fn ERR_peek_last_error
+returns the latest error code from the thread's error queue without
+modifying it.
+.Pp
+See
+.Xr ERR_GET_LIB 3
+for obtaining information about location and reason of the error, and
+.Xr ERR_error_string 3
+for human-readable error messages.
+.Pp
+.Fn ERR_get_error_line ,
+.Fn ERR_peek_error_line ,
+and
+.Fn ERR_peek_last_error_line
+are the same as the above, but they additionally store the file name and
+line number where the error occurred in
+.Pf * Fa file
+and
+.Pf * Fa line ,
+unless these are
+.Dv NULL .
+.Pp
+.Fn ERR_get_error_line_data ,
+.Fn ERR_peek_error_line_data ,
+and
+.Fn ERR_peek_last_error_line_data
+store additional data and flags associated with the error code in
+.Pf * Fa data
+and
+.Pf * Fa flags ,
+unless these are
+.Dv NULL .
+.Pf * Fa data
+contains a string if
+.Pf * Fa flags Ns & Ns Dv ERR_TXT_STRING
+is true.
+.Pp
+An application
+.Sy MUST NOT
+free the
+.Pf * Fa data
+pointer (or any other pointers returned by these functions) with
+.Xr free 3
+as freeing is handled automatically by the error library.
+.Sh RETURN VALUES
+The error code, or 0 if there is no error in the queue.
+.Sh SEE ALSO
+.Xr ERR 3 ,
+.Xr ERR_error_string 3 ,
+.Xr ERR_GET_LIB 3
+.Sh HISTORY
+.Fn ERR_get_error ,
+.Fn ERR_peek_error ,
+.Fn ERR_get_error_line ,
+and
+.Fn ERR_peek_error_line
+are available in all versions of SSLeay and OpenSSL.
+.Fn ERR_get_error_line_data
+and
+.Fn ERR_peek_error_line_data
+were added in SSLeay 0.9.0.
+.Fn ERR_peek_last_error ,
+.Fn ERR_peek_last_error_line ,
+and
+.Fn ERR_peek_last_error_line_data
+were added in OpenSSL 0.9.7.
diff --git a/lib/libcrypto/man/ERR_load_crypto_strings.3 b/lib/libcrypto/man/ERR_load_crypto_strings.3
new file mode 100644
index 00000000000..7d14b1e572d
--- /dev/null
+++ b/lib/libcrypto/man/ERR_load_crypto_strings.3
@@ -0,0 +1,48 @@
+.Dd $Mdocdate: November 2 2016 $
+.Dt ERR_LOAD_CRYPTO_STRINGS 3
+.Os
+.Sh NAME
+.Nm ERR_load_crypto_strings ,
+.Nm SSL_load_error_strings ,
+.Nm ERR_free_strings
+.Nd load and free OpenSSL error strings
+.Sh SYNOPSIS
+.In openssl/err.h
+.Ft void
+.Fn ERR_load_crypto_strings void
+.Ft void
+.Fn ERR_free_strings void
+.In openssl/ssl.h
+.Ft void
+.Fn SSL_load_error_strings void
+.Sh DESCRIPTION
+.Fn ERR_load_crypto_strings
+registers the error strings for all
+.Xr crypto 3
+functions.
+.Fn SSL_load_error_strings
+does the same, but also registers the
+.Xr ssl 3
+error strings.
+.Pp
+One of these functions should be called before generating textual error
+messages.
+However, this is not required when memory usage is an issue.
+.Pp
+.Fn ERR_free_strings
+frees all previously loaded error strings.
+.Sh RETURN VALUES
+.Fn ERR_load_crypto_strings ,
+.Fn SSL_load_error_strings ,
+and
+.Fn ERR_free_strings
+return no values.
+.Sh SEE ALSO
+.Xr ERR 3 ,
+.Xr ERR_error_string 3
+.Sh HISTORY
+.Xr ERR_load_error_strings 3 ,
+.Fn SSL_load_error_strings ,
+and
+.Fn ERR_free_strings
+are available in all versions of SSLeay and OpenSSL.
diff --git a/lib/libcrypto/man/ERR_load_strings.3 b/lib/libcrypto/man/ERR_load_strings.3
new file mode 100644
index 00000000000..691a4067d3f
--- /dev/null
+++ b/lib/libcrypto/man/ERR_load_strings.3
@@ -0,0 +1,66 @@
+.Dd $Mdocdate: November 2 2016 $
+.Dt ERR_LOAD_STRINGS 3
+.Os
+.Sh NAME
+.Nm ERR_load_strings ,
+.Nm ERR_PACK ,
+.Nm ERR_get_next_error_library
+.Nd load arbitrary OpenSSL error strings
+.Sh SYNOPSIS
+.In openssl/err.h
+.Ft void
+.Fo ERR_load_strings
+.Fa "int lib"
+.Fa "ERR_STRING_DATA str[]"
+.Fc
+.Ft int
+.Fn ERR_get_next_error_library void
+.Ft unsigned long
+.Fo ERR_PACK
+.Fa "int lib"
+.Fa "int func"
+.Fa "int reason"
+.Fc
+.Sh DESCRIPTION
+.Fn ERR_load_strings
+registers error strings for library number
+.Fa lib .
+.Pp
+.Fa str
+is an array of error string data:
+.Bd -literal -offset indent
+typedef struct ERR_string_data_st
+{
+        unsigned long error;
+        char *string;
+} ERR_STRING_DATA;
+.Ed
+.Pp
+The error code is generated from the library number and a function and
+reason code:
+.Pp
+.Dl error = ERR_PACK(lib, func, reason)
+.Pp
+.Fn ERR_PACK
+is a macro.
+.Pp
+The last entry in the array is
+.Brq 0 , Dv NULL .
+.Pp
+.Fn ERR_get_next_error_library
+can be used to assign library numbers to user libraries at runtime.
+.Sh RETURN VALUE
+.Fn ERR_PACK
+returns the error code.
+.Fn ERR_get_next_error_library
+returns a new library number.
+.Sh SEE ALSO
+.Xr ERR 3 ,
+.Xr ERR_load_strings 3
+.Sh HISTORY
+.Xr ERR_load_error_strings 3
+and
+.Fn ERR_PACK
+are available in all versions of SSLeay and OpenSSL.
+.Fn ERR_get_next_error_library
+was added in SSLeay 0.9.0.
diff --git a/lib/libcrypto/man/ERR_print_errors.3 b/lib/libcrypto/man/ERR_print_errors.3
new file mode 100644
index 00000000000..1fc80d93f7a
--- /dev/null
+++ b/lib/libcrypto/man/ERR_print_errors.3
@@ -0,0 +1,57 @@
+.Dd $Mdocdate: November 2 2016 $
+.Dt ERR_PRINT_ERRORS 3
+.Os
+.Sh NAME
+.Nm ERR_print_errors ,
+.Nm ERR_print_errors_fp
+.Nd print OpenSSL error messages
+.Sh SYNOPSIS
+.In openssl/err.h
+.Ft void
+.Fo ERR_print_errors
+.Fa "BIO *bp"
+.Fc
+.Ft void
+.Fo ERR_print_errors_fp
+.Fa "FILE *fp"
+.Fc
+.Sh DESCRIPTION
+.Fn ERR_print_errors
+is a convenience function that prints the error strings for all errors
+that OpenSSL has recorded to
+.Fa bp ,
+thus emptying the error queue.
+.Pp
+.Fn ERR_print_errors_fp
+is the same, except that the output goes to a
+.Vt FILE .
+.Pp
+The error strings have the following format:
+.Bd -literal
+[pid]:error:[error code]:[library name]:[function name]:[reason string]:
+[file name]:[line]:[optional text message]
+.Ed
+.Pp
+The error code is an 8 digit hexadecimal number.
+The library name, the function name, and the reason string are ASCII
+text, as is the optional text message if one was set for the
+respective error code.
+.Pp
+If there is no text string registered for the given error code, the
+error string will contain the numeric code.
+.Sh RETURN VALUES
+.Fn ERR_print_errors
+and
+.Fn ERR_print_errors_fp
+return no values.
+.Sh SEE ALSO
+.Xr ERR 3 ,
+.Xr ERR_error_string 3 ,
+.Xr ERR_get_error 3 ,
+.Xr ERR_load_crypto_strings 3 ,
+.Xr SSL_load_error_strings 3
+.Sh HISTORY
+.Fn ERR_print_errors
+and
+.Fn ERR_print_errors_fp
+are available in all versions of SSLeay and OpenSSL.
diff --git a/lib/libcrypto/man/ERR_put_error.3 b/lib/libcrypto/man/ERR_put_error.3
new file mode 100644
index 00000000000..703b74d7138
--- /dev/null
+++ b/lib/libcrypto/man/ERR_put_error.3
@@ -0,0 +1,58 @@
+.Dd $Mdocdate: November 2 2016 $
+.Dt ERR_PUT_ERROR 3
+.Os
+.Sh NAME
+.Nm ERR_put_error ,
+.Nm ERR_add_error_data
+.Nd record an OpenSSL error
+.Sh SYNOPSIS
+.In openssl/err.h
+.Ft void
+.Fo ERR_put_error
+.Fa "int lib"
+.Fa "int func"
+.Fa "int reason"
+.Fa "const char *file"
+.Fa "int line"
+.Fc
+.Ft void
+.Fo ERR_add_error_data
+.Fa "int num"
+.Fa ...
+.Fc
+.Sh DESCRIPTION
+.Fn ERR_put_error
+adds an error code to the thread's error queue.
+It signals that the error of reason code
+.Fa reason
+occurred in function
+.Fa func
+of library
+.Fa lib ,
+in line number
+.Fa line
+of
+.Fa file .
+This function is usually called by a macro.
+.Pp
+.Fn ERR_add_error_data
+associates the concatenation of its
+.Fa num
+string arguments with the error code added last.
+.Pp
+.Xr ERR_load_strings 3
+can be used to register error strings so that the application can a
+generate human-readable error messages for the error code.
+.Sh RETURN VALUES
+.Fn ERR_put_error
+and
+.Fn ERR_add_error_data
+return no values.
+.Sh SEE ALSO
+.Xr ERR 3 ,
+.Xr ERR_load_strings 3
+.Sh HISTORY
+.Fn ERR_put_error
+is available in all versions of SSLeay and OpenSSL.
+.Fn ERR_add_error_data
+was added in SSLeay 0.9.0.
diff --git a/lib/libcrypto/man/ERR_remove_state.3 b/lib/libcrypto/man/ERR_remove_state.3
new file mode 100644
index 00000000000..c15779edfcf
--- /dev/null
+++ b/lib/libcrypto/man/ERR_remove_state.3
@@ -0,0 +1,58 @@
+.Dd $Mdocdate: November 2 2016 $
+.Dt ERR_REMOVE_STATE 3
+.Os
+.Sh NAME
+.Nm ERR_remove_thread_state ,
+.Nm ERR_remove_state
+.Nd free a thread's OpenSSL error queue
+.Sh SYNOPSIS
+.In openssl/err.h
+.Ft void
+.Fo ERR_remove_thread_state
+.Fa "const CRYPTO_THREADID *tid"
+.Fc
+.Pp
+Deprecated:
+.Pp
+.Ft void
+.Fo ERR_remove_state
+.Fa "unsigned long pid"
+.Fc
+.Sh DESCRIPTION
+.Fn ERR_remove_thread_state
+frees the error queue associated with thread
+.Fa tid .
+If
+.Fa tid
+is
+.Dv NULL ,
+the current thread will have its error queue removed.
+.Pp
+Since error queue data structures are allocated automatically for new
+threads, they must be freed when threads are terminated in order to
+avoid memory leaks.
+.Pp
+.Fn ERR_remove_state
+is deprecated and has been replaced by
+.Fn ERR_remove_thread_state .
+Since threads in OpenSSL are no longer identified by unsigned long
+values, any argument to this function is ignored.
+Calling
+.Fn ERR_remove_state
+is equivalent to
+.Fn ERR_remove_thread_state NULL .
+.Sh RETURN VALUE
+.Fn ERR_remove_thread_state
+and
+.Fn ERR_remove_state
+return no value.
+.Sh SEE ALSO
+.Xr ERR 3
+.Sh HISTORY
+.Fn ERR_remove_state
+is available in all versions of SSLeay and OpenSSL.
+It was deprecated in OpenSSL 1.0.0 when
+.Fn ERR_remove_thread_state
+was introduced and thread IDs were introduced to identify threads
+instead of
+.Vt unsigned long .
diff --git a/lib/libcrypto/man/ERR_set_mark.3 b/lib/libcrypto/man/ERR_set_mark.3
new file mode 100644
index 00000000000..e2682714182
--- /dev/null
+++ b/lib/libcrypto/man/ERR_set_mark.3
@@ -0,0 +1,35 @@
+.Dd $Mdocdate: November 2 2016 $
+.Dt ERR_SET_MARK 3
+.Os
+.Sh NAME
+.Nm ERR_set_mark ,
+.Nm ERR_pop_to_mark
+.Nd set marks and pop OpenSSL errors until mark
+.Sh SYNOPSIS
+.In openssl/err.h
+.Ft int
+.Fn ERR_set_mark void
+.Ft int
+.Fn ERR_pop_to_mark void
+.Sh DESCRIPTION
+.Fn ERR_set_mark
+sets a mark on the current topmost error record if there is one.
+.Pp
+.Fn ERR_pop_to_mark
+will pop the top of the error stack until a mark is found.
+The mark is then removed.
+If there is no mark, the whole stack is removed.
+.Sh RETURN VALUES
+.Fn ERR_set_mark
+returns 0 if the error stack is empty, otherwise 1.
+.Pp
+.Fn ERR_pop_to_mark
+returns 0 if there was no mark in the error stack, which implies that
+the stack became empty, otherwise 1.
+.Sh SEE ALSO
+.Xr ERR 3
+.Sh HISTORY
+.Fn ERR_set_mark
+and
+.Fn ERR_pop_to_mark
+were added in OpenSSL 0.9.8.
diff --git a/lib/libcrypto/man/Makefile b/lib/libcrypto/man/Makefile
index f676472ff67..5d19e023ab2 100644
--- a/lib/libcrypto/man/Makefile
+++ b/lib/libcrypto/man/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.36 2016/11/02 11:57:56 schwarze Exp $
+# $OpenBSD: Makefile,v 1.37 2016/11/02 15:23:41 schwarze Exp $
 
 .include <bsd.own.mk>		# for NOMAN
 
@@ -80,15 +80,6 @@ MAN=	\
 	EC_POINT_add.3 \
 	EC_POINT_new.3 \
 	ECDSA_SIG_new.3 \
-	EVP_AEAD_CTX_init.3 \
-	UI_new.3 \
-	bn_dump.3 \
-	crypto.3 \
-	d2i_PKCS8PrivateKey_bio.3 \
-	des_read_pw.3 \
-	lh_new.3 \
-
-GENMAN= \
 	ERR.3 \
 	ERR_GET_LIB.3 \
 	ERR_clear_error.3 \
@@ -100,6 +91,15 @@ GENMAN= \
 	ERR_put_error.3 \
 	ERR_remove_state.3 \
 	ERR_set_mark.3 \
+	EVP_AEAD_CTX_init.3 \
+	UI_new.3 \
+	bn_dump.3 \
+	crypto.3 \
+	d2i_PKCS8PrivateKey_bio.3 \
+	des_read_pw.3 \
+	lh_new.3 \
+
+GENMAN= \
 	EVP_BytesToKey.3 \
 	EVP_DigestInit.3 \
 	EVP_DigestSignInit.3 \