convert DES and DH manuals from pod to mdoc

8 files changed, 1244 insertions, 8 deletions

diff --git a/lib/libcrypto/man/DES_set_key.3 b/lib/libcrypto/man/DES_set_key.3
new file mode 100644
index 00000000000..9c33bf29e6b
--- /dev/null
+++ b/lib/libcrypto/man/DES_set_key.3
@@ -0,0 +1,697 @@
+.Dd $Mdocdate: November 2 2016 $
+.Dt DES_SET_KEY 3
+.Os
+.Sh NAME
+.Nm DES_random_key ,
+.Nm DES_set_key ,
+.Nm DES_key_sched ,
+.Nm DES_set_key_checked ,
+.Nm DES_set_key_unchecked ,
+.Nm DES_set_odd_parity ,
+.Nm DES_is_weak_key ,
+.Nm DES_ecb_encrypt ,
+.Nm DES_ecb2_encrypt ,
+.Nm DES_ecb3_encrypt ,
+.Nm DES_ncbc_encrypt ,
+.Nm DES_cfb_encrypt ,
+.Nm DES_ofb_encrypt ,
+.Nm DES_pcbc_encrypt ,
+.Nm DES_cfb64_encrypt ,
+.Nm DES_ofb64_encrypt ,
+.Nm DES_xcbc_encrypt ,
+.Nm DES_ede2_cbc_encrypt ,
+.Nm DES_ede2_cfb64_encrypt ,
+.Nm DES_ede2_ofb64_encrypt ,
+.Nm DES_ede3_cbc_encrypt ,
+.Nm DES_ede3_cbcm_encrypt ,
+.Nm DES_ede3_cfb64_encrypt ,
+.Nm DES_ede3_ofb64_encrypt ,
+.Nm DES_cbc_cksum ,
+.Nm DES_quad_cksum ,
+.Nm DES_string_to_key ,
+.Nm DES_string_to_2keys ,
+.Nm DES_fcrypt ,
+.Nm DES_crypt ,
+.Nm DES_enc_read ,
+.Nm DES_enc_write
+.Nd DES encryption
+.Sh SYNOPSIS
+.In openssl/des.h
+.Ft void
+.Fo DES_random_key
+.Fa "DES_cblock *ret"
+.Fc
+.Ft int
+.Fo DES_set_key
+.Fa "const_DES_cblock *key"
+.Fa "DES_key_schedule *schedule"
+.Fc
+.Ft int
+.Fo DES_key_sched
+.Fa "const_DES_cblock *key"
+.Fa "DES_key_schedule *schedule"
+.Fc
+.Ft int
+.Fo DES_set_key_checked
+.Fa "const_DES_cblock *key"
+.Fa "DES_key_schedule *schedule"
+.Fc
+.Ft void
+.Fo DES_set_key_unchecked
+.Fa "const_DES_cblock *key"
+.Fa "DES_key_schedule *schedule"
+.Fc
+.Ft void
+.Fo DES_set_odd_parity
+.Fa "DES_cblock *key"
+.Fc
+.Ft int
+.Fo DES_is_weak_key
+.Fa "const_DES_cblock *key"
+.Fc
+.Ft void
+.Fo DES_ecb_encrypt
+.Fa "const_DES_cblock *input"
+.Fa "DES_cblock *output"
+.Fa "DES_key_schedule *ks"
+.Fa "int enc"
+.Fc
+.Ft void
+.Fo DES_ecb2_encrypt
+.Fa "const_DES_cblock *input"
+.Fa "DES_cblock *output"
+.Fa "DES_key_schedule *ks1"
+.Fa "DES_key_schedule *ks2"
+.Fa "int enc"
+.Fc
+.Ft void
+.Fo DES_ecb3_encrypt
+.Fa "const_DES_cblock *input"
+.Fa "DES_cblock *output"
+.Fa "DES_key_schedule *ks1"
+.Fa "DES_key_schedule *ks2"
+.Fa "DES_key_schedule *ks3"
+.Fa "int enc"
+.Fc
+.Ft void
+.Fo DES_ncbc_encrypt
+.Fa "const unsigned char *input"
+.Fa "unsigned char *output"
+.Fa "long length"
+.Fa "DES_key_schedule *schedule"
+.Fa "DES_cblock *ivec"
+.Fa "int enc"
+.Fc
+.Ft void
+.Fo DES_cfb_encrypt
+.Fa "const unsigned char *in"
+.Fa "unsigned char *out"
+.Fa "int numbits"
+.Fa "long length"
+.Fa "DES_key_schedule *schedule"
+.Fa "DES_cblock *ivec"
+.Fa "int enc"
+.Fc
+.Ft void
+.Fo DES_ofb_encrypt
+.Fa "const unsigned char *in"
+.Fa "unsigned char *out"
+.Fa "int numbits"
+.Fa "long length"
+.Fa "DES_key_schedule *schedule"
+.Fa "DES_cblock *ivec"
+.Fc
+.Ft void
+.Fo DES_pcbc_encrypt
+.Fa "const unsigned char *input"
+.Fa "unsigned char *output"
+.Fa "long length"
+.Fa "DES_key_schedule *schedule"
+.Fa "DES_cblock *ivec"
+.Fa "int enc"
+.Fc
+.Ft void
+.Fo DES_cfb64_encrypt
+.Fa "const unsigned char *in"
+.Fa "unsigned char *out"
+.Fa "long length"
+.Fa "DES_key_schedule *schedule"
+.Fa "DES_cblock *ivec"
+.Fa "int *num"
+.Fa "int enc"
+.Fc
+.Ft void
+.Fo DES_ofb64_encrypt
+.Fa "const unsigned char *in"
+.Fa "unsigned char *out"
+.Fa "long length"
+.Fa "DES_key_schedule *schedule"
+.Fa "DES_cblock *ivec"
+.Fa "int *num"
+.Fc
+.Ft void
+.Fo DES_xcbc_encrypt
+.Fa "const unsigned char *input"
+.Fa "unsigned char *output"
+.Fa "long length"
+.Fa "DES_key_schedule *schedule"
+.Fa "DES_cblock *ivec"
+.Fa "const_DES_cblock *inw"
+.Fa "const_DES_cblock *outw"
+.Fa "int enc"
+.Fc
+.Ft void
+.Fo DES_ede2_cbc_encrypt
+.Fa "const unsigned char *input"
+.Fa "unsigned char *output"
+.Fa "long length"
+.Fa "DES_key_schedule *ks1"
+.Fa "DES_key_schedule *ks2"
+.Fa "DES_cblock *ivec"
+.Fa "int enc"
+.Fc
+.Ft void
+.Fo DES_ede2_cfb64_encrypt
+.Fa "const unsigned char *in"
+.Fa "unsigned char *out"
+.Fa "long length"
+.Fa "DES_key_schedule *ks1"
+.Fa "DES_key_schedule *ks2"
+.Fa "DES_cblock *ivec"
+.Fa "int *num"
+.Fa "int enc"
+.Fc
+.Ft void
+.Fo DES_ede2_ofb64_encrypt
+.Fa "const unsigned char *in"
+.Fa "unsigned char *out"
+.Fa "long length"
+.Fa "DES_key_schedule *ks1"
+.Fa "DES_key_schedule *ks2"
+.Fa "DES_cblock *ivec"
+.Fa "int *num"
+.Fc
+.Ft void
+.Fo DES_ede3_cbc_encrypt
+.Fa "const unsigned char *input"
+.Fa "unsigned char *output"
+.Fa "long length"
+.Fa "DES_key_schedule *ks1"
+.Fa "DES_key_schedule *ks2"
+.Fa "DES_key_schedule *ks3"
+.Fa "DES_cblock *ivec"
+.Fa "int enc"
+.Fc
+.Ft void
+.Fo DES_ede3_cbcm_encrypt
+.Fa "const unsigned char *in"
+.Fa "unsigned char *out"
+.Fa "long length"
+.Fa "DES_key_schedule *ks1"
+.Fa "DES_key_schedule *ks2"
+.Fa "DES_key_schedule *ks3"
+.Fa "DES_cblock *ivec1"
+.Fa "DES_cblock *ivec2"
+.Fa "int enc"
+.Fc
+.Ft void
+.Fo DES_ede3_cfb64_encrypt
+.Fa "const unsigned char *in"
+.Fa "unsigned char *out"
+.Fa "long length"
+.Fa "DES_key_schedule *ks1"
+.Fa "DES_key_schedule *ks2"
+.Fa "DES_key_schedule *ks3"
+.Fa "DES_cblock *ivec"
+.Fa "int *num"
+.Fa "int enc"
+.Fc
+.Ft void
+.Fo DES_ede3_ofb64_encrypt
+.Fa "const unsigned char *in"
+.Fa "unsigned char *out"
+.Fa "long length"
+.Fa "DES_key_schedule *ks1"
+.Fa "DES_key_schedule *ks2"
+.Fa "DES_key_schedule *ks3"
+.Fa "DES_cblock *ivec"
+.Fa "int *num"
+.Fc
+.Ft DES_LONG
+.Fo DES_cbc_cksum
+.Fa "const unsigned char *input"
+.Fa "DES_cblock *output"
+.Fa "long length"
+.Fa "DES_key_schedule *schedule"
+.Fa "const_DES_cblock *ivec"
+.Fc
+.Ft DES_LONG
+.Fo DES_quad_cksum
+.Fa "const unsigned char *input"
+.Fa "DES_cblock output[]"
+.Fa "long length"
+.Fa "int out_count"
+.Fa "DES_cblock *seed"
+.Fc
+.Ft void
+.Fo DES_string_to_key
+.Fa "const char *str"
+.Fa "DES_cblock *key"
+.Fc
+.Ft void
+.Fo DES_string_to_2keys
+.Fa "const char *str"
+.Fa "DES_cblock *key1"
+.Fa "DES_cblock *key2"
+.Fc
+.Ft char *
+.Fo DES_fcrypt
+.Fa "const char *buf"
+.Fa "const char *salt"
+.Fa "char *ret"
+.Fc
+.Ft char *
+.Fo DES_crypt
+.Fa "const char *buf"
+.Fa "const char *salt"
+.Fc
+.Ft int
+.Fo DES_enc_read
+.Fa "int fd"
+.Fa "void *buf"
+.Fa "int len"
+.Fa "DES_key_schedule *sched"
+.Fa "DES_cblock *iv"
+.Fc
+.Ft int
+.Fo DES_enc_write
+.Fa "int fd"
+.Fa "const void *buf"
+.Fa "int len"
+.Fa "DES_key_schedule *sched"
+.Fa "DES_cblock *iv"
+.Fc
+.Sh DESCRIPTION
+This library contains a fast implementation of the DES encryption
+algorithm.
+.Pp
+There are two phases to the use of DES encryption.
+The first is the generation of a
+.Vt DES_key_schedule
+from a key, the second is the actual encryption.
+A DES key is of type
+.Vt DES_cblock .
+This type is consists of 8 bytes with odd parity.
+The least significant bit in each byte is the parity bit.
+The key schedule is an expanded form of the key; it is used to speed the
+encryption process.
+.Pp
+.Fn DES_random_key
+generates a random key in odd parity.
+.Pp
+Before a DES key can be used, it must be converted into the architecture
+dependent
+.Vt DES_key_schedule
+via the
+.Fn DES_set_key_checked
+or
+.Fn DES_set_key_unchecked
+function.
+.Pp
+.Fn DES_set_key_checked
+will check that the key passed is of odd parity and is not a week or
+semi-weak key.
+If the parity is wrong, then -1 is returned.
+If the key is a weak key, then -2 is returned.
+If an error is returned, the key schedule is not generated.
+.Pp
+.Fn DES_set_key
+works like
+.Fn DES_set_key_checked
+if the
+.Em DES_check_key
+flag is non-zero, otherwise like
+.Fn DES_set_key_unchecked .
+These functions are available for compatibility; it is recommended to
+use a function that does not depend on a global variable.
+.Pp
+.Fn DES_set_odd_parity
+sets the parity of the passed
+.Fa key
+to odd.
+.Pp
+.Fn DES_is_weak_key
+returns 1 is the passed key is a weak key, 0 if it is ok.
+.Pp
+The following routines mostly operate on an input and output stream of
+.Vt DES_cblock Ns s.
+.Pp
+.Fn DES_ecb_encrypt
+is the basic DES encryption routine that encrypts or decrypts a single
+8-byte
+.Vt DES_cblock
+in electronic code book (ECB) mode.
+It always transforms the input data, pointed to by
+.Fa input ,
+into the output data, pointed to by the
+.Fa output
+argument.
+If the
+.Fa enc
+argument is non-zero
+.Pq Dv DES_ENCRYPT ,
+the
+.Fa input
+(cleartext) is encrypted in to the
+.Fa output
+(ciphertext) using the key_schedule specified by the
+.Fa schedule
+argument, previously set via
+.Fn DES_set_key .
+If
+.Fa enc
+is zero
+.Pq Dv DES_DECRYPT ,
+the
+.Fa input
+(now ciphertext) is decrypted into the
+.Fa output
+(now cleartext).
+Input and output may overlap.
+.Fn DES_ecb_encrypt
+does not return a value.
+.Pp
+.Fn DES_ecb3_encrypt
+encrypts/decrypts the
+.Fa input
+block by using three-key Triple-DES encryption in ECB mode.
+This involves encrypting the input with
+.Fa ks1 ,
+decrypting with the key schedule
+.Fa ks2 ,
+and then encrypting with
+.Fa ks3 .
+This routine greatly reduces the chances of brute force breaking of DES
+and has the advantage of if
+.Fa ks1 ,
+.Fa ks2 ,
+and
+.Fa ks3
+are the same, it is equivalent to just encryption using ECB mode and
+.Fa ks1
+as the key.
+.Pp
+The macro
+.Fn DES_ecb2_encrypt
+is provided to perform two-key Triple-DES encryption by using
+.Fa ks1
+for the final encryption.
+.Pp
+.Fn DES_ncbc_encrypt
+encrypts/decrypts using the cipher-block-chaining (CBC) mode of DES.
+If the
+.Fa enc
+argument is non-zero, the routine cipher-block-chain encrypts the
+cleartext data pointed to by the
+.Fa input
+argument into the ciphertext pointed to by the
+.Fa output
+argument, using the key schedule provided by the
+.Fa schedule
+argument, and initialization vector provided by the
+.Fa ivec
+argument.
+If the
+.Fa length
+argument is not an integral multiple of eight bytes, the last block is
+copied to a temporary area and zero filled.
+The output is always an integral multiple of eight bytes.
+.Pp
+.Fn DES_xcbc_encrypt
+is RSA's DESX mode of DES.
+It uses
+.Fa inw
+and
+.Fa outw
+to 'whiten' the encryption.
+.Fa inw
+and
+.Fa outw
+are secret (unlike the iv) and are as such, part of the key.
+So the key is sort of 24 bytes.
+This is much better than CBC DES.
+.Pp
+.Fn DES_ede3_cbc_encrypt
+implements outer triple CBC DES encryption with three keys.
+This means that each DES operation inside the CBC mode is really an
+.Qq Li C=E(ks3,D(ks2,E(ks1,M))) .
+This mode is used by SSL.
+.Pp
+The
+.Fn DES_ede2_cbc_encrypt
+macro implements two-key Triple-DES by reusing
+.Fa ks1
+for the final encryption.
+.Qq Li C=E(ks1,D(ks2,E(ks1,M))) .
+This form of Triple-DES is used by the RSAREF library.
+.Pp
+.Fn DES_pcbc_encrypt
+encrypt/decrypts using the propagating cipher block chaining mode used
+by Kerberos v4.
+Its parameters are the same as
+.Fn DES_ncbc_encrypt .
+.Pp
+.Fn DES_cfb_encrypt
+encrypt/decrypts using cipher feedback mode.
+This method takes an array of characters as input and outputs and array
+of characters.
+It does not require any padding to 8 character groups.
+Note: the
+.Fa ivec
+variable is changed and the new changed value needs to be passed to the
+next call to this function.
+Since this function runs a complete DES ECB encryption per
+.Fa numbits ,
+this function is only suggested for use when sending small numbers of
+characters.
+.Pp
+.Fn DES_cfb64_encrypt
+implements CFB mode of DES with 64bit feedback.
+Why is this useful you ask?
+Because this routine will allow you to encrypt an arbitrary number of
+bytes, no 8 byte padding.
+Each call to this routine will encrypt the input bytes to output and
+then update ivec and num.
+num contains 'how far' we are though ivec.
+If this does not make much sense, read more about cfb mode of DES :-).
+.Pp
+.Fn DES_ede3_cfb64_encrypt
+and
+.Fn DES_ede2_cfb64_encrypt
+is the same as
+.Fn DES_cfb64_encrypt
+except that Triple-DES is used.
+.Pp
+.Fn DES_ofb_encrypt
+encrypts using output feedback mode.
+This method takes an array of characters as input and outputs and array
+of characters.
+It does not require any padding to 8 character groups.
+Note: the
+.Fa ivec
+variable is changed and the new changed value needs to be passed to the
+next call to this function.
+Since this function runs a complete DES ECB encryption per numbits, this
+function is only suggested for use when sending small numbers of
+characters.
+.Pp
+.Fn DES_ofb64_encrypt
+is the same as
+.Fn DES_cfb64_encrypt
+using Output Feed Back mode.
+.Pp
+.Fn DES_ede3_ofb64_encrypt
+and
+.Fn DES_ede2_ofb64_encrypt
+is the same as
+.Fn DES_ofb64_encrypt ,
+using Triple-DES.
+.Pp
+The following functions are included in the DES library for
+compatibility with the MIT Kerberos library.
+.Pp
+.Fn DES_cbc_cksum
+produces an 8 byte checksum based on the input stream (via CBC
+encryption).
+The last 4 bytes of the checksum are returned and the complete 8 bytes
+are placed in
+.Fa output .
+This function is used by Kerberos v4.
+Other applications should use
+.Xr EVP_DigestInit 3
+etc. instead.
+.Pp
+.Fn DES_quad_cksum
+is a Kerberos v4 function.
+It returns a 4 byte checksum from the input bytes.
+The algorithm can be iterated over the input, depending on
+.Fa out_count ,
+1, 2, 3 or 4 times.
+If
+.Fa output
+is
+.Pf non- Dv NULL ,
+the 8 bytes generated by each pass are written into
+.Fa output .
+.Pp
+The following are DES-based transformations:
+.Pp
+.Fn DES_fcrypt
+is a fast version of the Unix
+.Xr crypt 3
+function.
+This version takes only a small amount of space relative to other
+fast crypt implementations.
+This is different to the normal crypt in that the third parameter is the
+buffer that the return value is written into.
+It needs to be at least 14 bytes long.
+This function is thread safe, unlike the normal crypt.
+.Pp
+.Fn DES_crypt
+is a faster replacement for the normal system
+.Xr crypt 3 .
+This function calls
+.Fn DES_fcrypt
+with a static array passed as the third parameter.
+This emulates the normal non-thread safe semantics of
+.Xr crypt 3 .
+.Pp
+.Fn DES_enc_write
+writes
+.Fa len
+bytes to file descriptor
+.Fa fd
+from buffer
+.Fa buf .
+The data is encrypted via
+.Em pcbc_encrypt
+(default) using
+.Fa sched
+for the key and
+.Fa iv
+as a starting vector.
+The actual data send down
+.Fa fd
+consists of 4 bytes (in network byte order) containing the length of the
+following encrypted data.
+The encrypted data then follows, padded with random data out to a
+multiple of 8 bytes.
+.Pp
+.Fn DES_enc_read
+is used to read
+.Fa len
+bytes from file descriptor
+.Fa fd
+into buffer
+.Fa buf .
+The data being read from
+.Fa fd
+is assumed to have come from
+.Fn DES_enc_write
+and is decrypted using
+.Fa sched
+for the key schedule and
+.Fa iv
+for the initial vector.
+.Pp
+.Sy Warning:
+The data format used by
+.Fn DES_enc_write
+and
+.Fn DES_enc_read
+has a cryptographic weakness: When asked to write more than
+.Dv MAXWRITE
+bytes,
+.Fn DES_enc_write
+will split the data into several chunks that are all encrypted using the
+same IV.
+So don't use these functions unless you are sure you know what
+you do (in which case you might not want to use them anyway).
+They cannot handle non-blocking sockets.
+.Fn DES_enc_read
+uses an internal state and thus cannot be used on multiple files.
+.Pp
+.Em DES_rw_mode
+is used to specify the encryption mode to use with
+.Fn DES_enc_read .
+If set to
+.Dv DES_PCBC_MODE
+(the default), DES_pcbc_encrypt is used.
+If set to
+.Dv DES_CBC_MODE
+DES_cbc_encrypt is used.
+.Sh SEE ALSO
+.Xr crypt 3 ,
+.Xr rand 3
+.Pp
+The
+.Xr evp 3
+library provides higher-level encryption functions.
+.Sh STANDARDS
+ANSI X3.106
+.Pp
+The DES library was initially written to be source code compatible
+with the MIT Kerberos library.
+.Sh HISTORY
+In OpenSSL 0.9.7, all des_ functions were renamed to DES_ to avoid
+clashes with older versions of libdes.
+.Pp
+.Fn DES_set_key_checked
+and
+.Fn DES_set_key_unchecked
+were added in OpenSSL 0.9.5.
+.Pp
+.Fn des_generate_random_block ,
+.Fn des_init_random_number_generator ,
+.Fn des_new_random_key ,
+.Fn des_set_random_generator_seed ,
+.Xr des_set_sequence_number ,
+and
+.Fn des_rand_data 3
+are used in newer versions of Kerberos but are not implemented here.
+.Pp
+.Fn DES_random_key
+generated cryptographically weak random data in SSLeay and in OpenSSL
+prior version 0.9.5, as well as in the original MIT library.
+.Sh AUTHORS
+.An Eric Young Aq Mt eay@cryptsoft.com
+.Sh CAVEATS
+Single-key DES is insecure due to its short key size.
+ECB mode is not suitable for most applications.
+.Sh BUGS
+.Xr DES_cbc_encrypt 3
+does not modify
+.Fa ivec ;
+use
+.Fn DES_ncbc_encrypt
+instead.
+.Pp
+.Fn DES_cfb_encrypt
+and
+.Fn DES_ofb_encrypt
+operates on input of 8 bits.
+What this means is that if you set numbits to 12, and length to 2, the
+first 12 bits will come from the 1st input byte and the low half of the
+second input byte.
+The second 12 bits will have the low 8 bits taken from the 3rd input
+byte and the top 4 bits taken from the 4th input byte.
+The same holds for output.
+This function has been implemented this way because most people will be
+using a multiple of 8 and because once you get into pulling bytes input
+bytes apart things get ugly!
+.Pp
+.Fn DES_string_to_key
+is available for backward compatibility with the MIT library.
+New applications should use a cryptographic hash function.
+The same applies for
+.Fn DES_string_to_2key .
diff --git a/lib/libcrypto/man/DH_generate_key.3 b/lib/libcrypto/man/DH_generate_key.3
new file mode 100644
index 00000000000..6e2edbadb3e
--- /dev/null
+++ b/lib/libcrypto/man/DH_generate_key.3
@@ -0,0 +1,71 @@
+.Dd $Mdocdate: November 2 2016 $
+.Dt DH_GENERATE_KEY 3
+.Os
+.Sh NAME
+.Nm DH_generate_key ,
+.Nm DH_compute_key
+.Nd perform Diffie-Hellman key exchange
+.Sh SYNOPSIS
+.In openssl/dh.h
+.Ft int
+.Fo DH_generate_key
+.Fa "DH *dh"
+.Fc
+.Ft int
+.Fo DH_compute_key
+.Fa "unsigned char *key"
+.Fa "BIGNUM *pub_key"
+.Fa "DH *dh"
+.Fc
+.Sh DESCRIPTION
+.Fn DH_generate_key
+performs the first step of a Diffie-Hellman key exchange by generating
+private and public DH values.
+By calling
+.Fn DH_compute_key ,
+these are combined with the other party's public value to compute the
+shared key.
+.Pp
+.Fn DH_generate_key
+expects
+.Fa dh
+to contain the shared parameters
+.Sy dh->p
+and
+.Sy dh->g .
+It generates a random private DH value unless
+.Sy dh->priv_key
+is already set, and computes the corresponding public value
+.Sy dh->pub_key ,
+which can then be published.
+.Pp
+.Fn DH_compute_key
+computes the shared secret from the private DH value in
+.Fa dh
+and the other party's public value in
+.Fa pub_key
+and stores it in
+.Fa key .
+.Fa key
+must point to
+.Fn DH_size dh
+bytes of memory.
+.Sh RETURN VALUES
+.Fn DH_generate_key
+returns 1 on success, 0 otherwise.
+.Pp
+.Fn DH_compute_key
+returns the size of the shared secret on success, -1 on error.
+.Pp
+The error codes can be obtained by
+.Xr ERR_get_error 3 .
+.Sh SEE ALSO
+.Xr dh 3 ,
+.Xr DH_size 3 ,
+.Xr ERR_get_error 3 ,
+.Xr rand 3
+.Sh HISTORY
+.Fn DH_generate_key
+and
+.Fn DH_compute_key
+are available in all versions of SSLeay and OpenSSL.
diff --git a/lib/libcrypto/man/DH_generate_parameters.3 b/lib/libcrypto/man/DH_generate_parameters.3
new file mode 100644
index 00000000000..431ffd634c8
--- /dev/null
+++ b/lib/libcrypto/man/DH_generate_parameters.3
@@ -0,0 +1,125 @@
+.Dd $Mdocdate: November 2 2016 $
+.Dt DH_GENERATE_PARAMETERS 3
+.Os
+.Sh NAME
+.Nm DH_generate_parameters_ex ,
+.Nm DH_generate_parameters ,
+.Nm DH_check
+.Nd generate and check Diffie-Hellman parameters
+.Sh SYNOPSIS
+.In openssl/dh.h
+.Ft int
+.Fo DH_generate_parameters_ex
+.Fa "DH *dh"
+.Fa "int prime_len"
+.Fa "int generator"
+.Fa "BN_GENCB *cb"
+.Fc
+.Ft int
+.Fo DH_check
+.Fa "DH *dh"
+.Fa "int *codes"
+.Fc
+.Pp
+Deprecated:
+.Pp
+.Ft DH *
+.Fo DH_generate_parameters
+.Fa "int prime_len"
+.Fa "int generator"
+.Fa "void (*callback)(int"
+.Fa int
+.Fa "void *)"
+.Fa "void *cb_arg"
+.Fc
+.Sh DESCRIPTION
+.Fn DH_generate_parameters_ex
+generates Diffie-Hellman parameters that can be shared among a group of
+users, and stores them in the provided
+.Vt DH
+structure.
+.Pp
+.Fa prime_len
+is the length in bits of the safe prime to be generated.
+.Fa generator
+is a small number > 1, typically 2 or 5.
+.Pp
+A callback function may be used to provide feedback about the progress
+of the key generation.
+If
+.Fa cb
+is not
+.Dv NULL ,
+it will be called as described in
+.Xr BN_generate_prime 3
+while a random prime number is generated, and when a prime has been
+found,
+.Fn BN_GENCB_call cb 3 0
+is called; see
+.Xr BN_GENCB_call 3 .
+.Pp
+.Fn DH_check
+validates Diffie-Hellman parameters.
+It checks that
+.Fa dh->p
+is a safe prime, and that
+.Fa dh->g
+is a suitable generator.
+In the case of an error, the bit flags
+.Dv DH_CHECK_P_NOT_SAFE_PRIME
+or
+.Dv DH_NOT_SUITABLE_GENERATOR
+are set in
+.Pf * Fa codes .
+.Dv DH_UNABLE_TO_CHECK_GENERATOR
+is set if the generator cannot be checked, i.e. if it does not equal 2 or 5.
+.Sh RETURN VALUES
+.Fn DH_generate_parameters_ex
+and
+.Fn DH_check
+return 1 if the check could be performed, 0 otherwise.
+.Pp
+.Fn DH_generate_parameters
+(deprecated) returns a pointer to the
+.Vt DH
+structure, or
+.Dv NULL
+if the parameter generation fails.
+.Pp
+The error codes can be obtained by
+.Xr ERR_get_error 3 .
+.Sh SEE ALSO
+.Xr dh 3 ,
+.Xr DH_free 3 ,
+.Xr ERR_get_error 3 ,
+.Xr rand 3
+.Sh HISTORY
+.Fn DH_check
+is available in all versions of SSLeay and OpenSSL.
+The
+.Fa cb_arg
+argument to
+.Fn DH_generate_parameters
+was added in SSLeay 0.9.0.
+.Pp
+In versions before OpenSSL 0.9.5,
+.Dv DH_CHECK_P_NOT_STRONG_PRIME
+is used instead of
+.Dv DH_CHECK_P_NOT_SAFE_PRIME .
+.Sh CAVEATS
+.Fn DH_generate_parameters_ex
+and
+.Fn DH_generate_parameters
+may run for several hours before finding a suitable prime.
+.Pp
+The parameters generated by
+.Fn DH_generate_parameters_ex
+and
+.Fn DH_generate_parameters
+are not to be used in signature schemes.
+.Sh BUGS
+If
+.Fa generator
+is not 2 or 5,
+.Fa dh->g Ns = Ns Fa generator
+is not a usable generator.
diff --git a/lib/libcrypto/man/DH_get_ex_new_index.3 b/lib/libcrypto/man/DH_get_ex_new_index.3
new file mode 100644
index 00000000000..c93efa73d6d
--- /dev/null
+++ b/lib/libcrypto/man/DH_get_ex_new_index.3
@@ -0,0 +1,47 @@
+.Dd $Mdocdate: November 2 2016 $
+.Dt DH_GET_EX_NEW_INDEX 3
+.Os
+.Sh NAME
+.Nm DH_get_ex_new_index ,
+.Nm DH_set_ex_data ,
+.Nm DH_get_ex_data
+.Nd add application specific data to DH structures
+.Sh SYNOPSIS
+.In openssl/dh.h
+.Ft int
+.Fo DH_get_ex_new_index
+.Fa "long argl"
+.Fa "void *argp"
+.Fa "CRYPTO_EX_new *new_func"
+.Fa "CRYPTO_EX_dup *dup_func"
+.Fa "CRYPTO_EX_free *free_func"
+.Fc
+.Ft int
+.Fo DH_set_ex_data
+.Fa "DH *d"
+.Fa "int idx"
+.Fa "void *arg"
+.Fc
+.Ft char *
+.Fo DH_get_ex_data
+.Fa "DH *d"
+.Fa "int idx"
+.Fc
+.Sh DESCRIPTION
+These functions handle application specific data in
+.Vt DH
+structures.
+Their usage is identical to that of
+.Xr RSA_get_ex_new_index 3 ,
+.Xr RSA_set_ex_data 3 ,
+and
+.Xr RSA_get_ex_data 3 .
+.Sh SEE ALSO
+.Xr dh 3 ,
+.Xr RSA_get_ex_new_index 3
+.Sh HISTORY
+.Fn DH_get_ex_new_index ,
+.Fn DH_set_ex_data ,
+and
+.Fn DH_get_ex_data
+are available since OpenSSL 0.9.5.
diff --git a/lib/libcrypto/man/DH_new.3 b/lib/libcrypto/man/DH_new.3
new file mode 100644
index 00000000000..46b1570765a
--- /dev/null
+++ b/lib/libcrypto/man/DH_new.3
@@ -0,0 +1,44 @@
+.Dd $Mdocdate: November 2 2016 $
+.Dt DH_NEW 3
+.Os
+.Sh NAME
+.Nm DH_new ,
+.Nm DH_free
+.Nd allocate and free DH objects
+.Sh SYNOPSIS
+.In openssl/dh.h
+.Ft DH*
+.Fn DH_new void
+.Ft void
+.Fo DH_free
+.Fa "DH *dh"
+.Fc
+.Sh DESCRIPTION
+.Fn DH_new
+allocates and initializes a
+.Vt DH
+structure.
+.Pp
+.Fn DH_free
+frees the
+.Vt DH
+structure and its components.
+The values are erased before the memory is returned to the system.
+.Sh RETURN VALUES
+If the allocation fails,
+.Fn DH_new
+returns
+.Dv NULL
+and sets an error code that can be obtained by
+.Xr ERR_get_error 3 .
+Otherwise it returns a pointer to the newly allocated structure.
+.Sh SEE ALSO
+.Xr dh 3 ,
+.Xr DH_generate_key 3 ,
+.Xr DH_generate_parameters 3 ,
+.Xr ERR_get_error 3
+.Sh HISTORY
+.Fn DH_new
+and
+.Fn DH_free
+are available in all versions of SSLeay and OpenSSL.
diff --git a/lib/libcrypto/man/DH_set_method.3 b/lib/libcrypto/man/DH_set_method.3
new file mode 100644
index 00000000000..86dae1728cd
--- /dev/null
+++ b/lib/libcrypto/man/DH_set_method.3
@@ -0,0 +1,223 @@
+.Dd $Mdocdate: November 2 2016 $
+.Dt DH_SET_METHOD 3
+.Os
+.Sh NAME
+.Nm DH_set_default_method ,
+.Nm DH_get_default_method ,
+.Nm DH_set_method ,
+.Nm DH_new_method ,
+.Nm DH_OpenSSL ,
+.Nm DH_set_default_openssl_method ,
+.Nm DH_get_default_openssl_method
+.Nd select DH method
+.Sh SYNOPSIS
+.In openssl/dh.h
+.In openssl/engine.h
+.Ft void
+.Fo DH_set_default_method
+.Fa "const DH_METHOD *meth"
+.Fc
+.Ft const DH_METHOD *
+.Fo DH_get_default_method
+.Fa void
+.Fc
+.Ft int
+.Fo DH_set_method
+.Fa "DH *dh"
+.Fa "const DH_METHOD *meth"
+.Fc
+.Ft DH *
+.Fo DH_new_method
+.Fa "ENGINE *engine"
+.Fc
+.Ft const DH_METHOD *
+.Fo DH_OpenSSL
+.Fa void
+.Fc
+.Sh DESCRIPTION
+A
+.Vt DH_METHOD
+specifies the functions that OpenSSL uses for Diffie-Hellman operations.
+By modifying the method, alternative implementations such as hardware
+accelerators may be used.
+See the
+.Sx CAVEATS
+section for how these DH API functions are affected by the use of
+.Xr engine 3
+API calls.
+.Pp
+Initially, the default
+.Vt DH_METHOD
+is the OpenSSL internal implementation as returned by
+.Fn DH_OpenSSL .
+.Pp
+.Fn DH_set_default_method
+makes
+.Fa meth
+the default method for all
+.Vt DH
+structures created later.
+.Sy NB :
+This is true only whilst no
+.Vt ENGINE
+has been set as a default for DH, so this function is no longer
+recommended.
+.Pp
+.Fn DH_get_default_method
+returns a pointer to the current default
+.Vt DH_METHOD .
+However, the meaningfulness of this result is dependent on whether the
+.Xr engine 3
+API is being used, so this function is no longer recommended.
+.Pp
+.Fn DH_set_method
+selects
+.Fa meth
+to perform all operations using the key
+.Fa dh .
+This will replace the
+.Vt DH_METHOD
+used by the
+.Fa dh
+key and if the previous method was supplied by an
+.Vt ENGINE ,
+the handle to that
+.Vt ENGINE
+will be released during the change.
+It is possible to have
+.Vt DH
+keys that only work with certain
+.Vt DH_METHOD
+implementations (eg. from an
+.Vt ENGINE
+module that supports embedded hardware-protected keys),
+and in such cases attempting to change the
+.Vt DH_METHOD
+for the key can have unexpected results.
+.Pp
+.Fn DH_new_method
+allocates and initializes a
+.Vt DH
+structure so that
+.Fa engine
+will be used for the DH operations.
+If
+.Fa engine
+is
+.Dv NULL ,
+the default
+.Vt ENGINE
+for DH operations is used, and if no default
+.Vt ENGINE
+is set, the
+.Vt DH_METHOD
+controlled by
+.Fn DH_set_default_method
+is used.
+.Sh THE DH_METHOD STRUCTURE
+.Bd -literal
+typedef struct dh_meth_st
+{
+     /* name of the implementation */
+	const char *name;
+
+     /* generate private and public DH values for key agreement */
+        int (*generate_key)(DH *dh);
+
+     /* compute shared secret */
+        int (*compute_key)(unsigned char *key, BIGNUM *pub_key, DH *dh);
+
+     /* compute r = a ^ p mod m (May be NULL for some implementations) */
+        int (*bn_mod_exp)(DH *dh, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
+                                const BIGNUM *m, BN_CTX *ctx,
+                                BN_MONT_CTX *m_ctx);
+
+     /* called at DH_new */
+        int (*init)(DH *dh);
+
+     /* called at DH_free */
+        int (*finish)(DH *dh);
+
+        int flags;
+
+        char *app_data; /* ?? */
+
+} DH_METHOD;
+.Ed
+.Sh RETURN VALUES
+.Fn DH_OpenSSL
+and
+.Fn DH_get_default_method
+return pointers to the respective
+.Sy DH_METHOD Ns s.
+.Pp
+.Fn DH_set_method
+returns non-zero if the provided
+.Fa meth
+was successfully set as the method for
+.Fa dh
+(including unloading the
+.Vt ENGINE
+handle if the previous method was supplied by an
+.Vt ENGINE ) .
+.Pp
+.Fn DH_new_method
+returns
+.Dv NULL
+and sets an error code that can be obtained by
+.Xr ERR_get_error 3
+if the allocation fails.
+Otherwise it returns a pointer to the newly allocated structure.
+.Sh SEE ALSO
+.Xr dh 3 ,
+.Xr DH_new 3
+.Sh HISTORY
+.Fn DH_set_default_method ,
+.Fn DH_get_default_method ,
+.Fn DH_set_method ,
+.Fn DH_new_method
+and
+.Fn DH_OpenSSL
+were added in OpenSSL 0.9.4.
+.Pp
+.Fn DH_set_default_openssl_method
+and
+.Fn DH_get_default_openssl_method
+replaced
+.Fn DH_set_default_method
+and
+.Fn DH_get_default_method
+respectively, and
+.Fn DH_set_method
+and
+.Fn DH_new_method
+were altered to use
+.Vt ENGINE Ns s
+rather than
+.Vt DH_METHOD Ns s
+during development of the engine version of OpenSSL 0.9.6.
+For 0.9.7, the handling of defaults in the
+.Xr engine 3
+API was restructured so that this change was reversed, and behaviour
+of the other functions resembled more closely the previous behaviour.
+The behaviour of defaults in the
+.Xr engine 3
+API now transparently overrides the behaviour of defaults in the
+DH API without requiring changing these function prototypes.
+.Sh CAVEATS
+As of version 0.9.7,
+.Vt DH_METHOD
+implementations are grouped together with other algorithmic APIs
+(eg. RSA_METHOD, EVP_CIPHER, etc) in
+.Vt ENGINE
+modules.
+If a default
+.Vt ENGINE
+is specified for DH functionality using an
+.Xr engine 3
+API function, that will override any DH defaults set using the DH API
+.Pq ie. Fn DH_set_default_method .
+For this reason, the
+.Xr engine 3
+API is the recommended way to control default implementations
+for use in DH and other cryptographic algorithms.
diff --git a/lib/libcrypto/man/DH_size.3 b/lib/libcrypto/man/DH_size.3
new file mode 100644
index 00000000000..3675f7b12bd
--- /dev/null
+++ b/lib/libcrypto/man/DH_size.3
@@ -0,0 +1,29 @@
+.Dd $Mdocdate: November 2 2016 $
+.Dt DH_SIZE 3
+.Os
+.Sh NAME
+.Nm DH_size
+.Nd get Diffie-Hellman prime size
+.Sh SYNOPSIS
+.In openssl/dh.h
+.Ft int
+.Fo DH_size
+.Fa "DH *dh"
+.Fc
+.Sh DESCRIPTION
+This function returns the Diffie-Hellman size in bytes.
+It can be used to determine how much memory must be allocated for the
+shared secret computed by
+.Xr DH_compute_key 3 .
+.Pp
+.Fa dh->p
+must not be
+.Dv NULL .
+.Sh RETURN VALUE
+The size in bytes.
+.Sh SEE ALSO
+.Xr dh 3 ,
+.Xr DH_generate_key 3
+.Sh HISTORY
+.Fn DH_size
+is available in all versions of SSLeay and OpenSSL.
diff --git a/lib/libcrypto/man/Makefile b/lib/libcrypto/man/Makefile
index 1dfcf8700d4..a40bb39167a 100644
--- a/lib/libcrypto/man/Makefile
+++ b/lib/libcrypto/man/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.34 2016/09/05 10:43:42 schwarze Exp $
+# $OpenBSD: Makefile,v 1.35 2016/11/02 09:11:53 schwarze Exp $
 
 .include <bsd.own.mk>		# for NOMAN
 
@@ -56,6 +56,13 @@ MAN=	\
 	CONF_modules_load_file.3 \
 	CRYPTO_set_ex_data.3 \
 	CRYPTO_set_locking_callback.3 \
+	DES_set_key.3 \
+	DH_generate_key.3 \
+	DH_generate_parameters.3 \
+	DH_get_ex_new_index.3 \
+	DH_new.3 \
+	DH_set_method.3 \
+	DH_size.3 \
 	ECDSA_SIG_new.3 \
 	EVP_AEAD_CTX_init.3 \
 	UI_new.3 \
@@ -66,13 +73,6 @@ MAN=	\
 	lh_new.3 \
 
 GENMAN= \
-	DES_set_key.3 \
-	DH_generate_key.3 \
-	DH_generate_parameters.3 \
-	DH_get_ex_new_index.3 \
-	DH_new.3 \
-	DH_set_method.3 \
-	DH_size.3 \
 	DSA_SIG_new.3 \
 	DSA_do_sign.3 \
 	DSA_dup_DH.3 \