Import OpenSSL 1.1.1i

doc/man3/ASN1_INTEGER_get_int64.pod

@@ -81,7 +81,7 @@ instead.
 
 In general an B<ASN1_INTEGER> or B<ASN1_ENUMERATED> type can contain an
 integer of almost arbitrary size and so cannot always be represented by a C
-B<int64_t> type. However in many cases (for example version numbers) they
+B<int64_t> type. However, in many cases (for example version numbers) they
 represent small integers which can be more easily manipulated if converted to
 an appropriate C integer type.
 
@@ -123,7 +123,7 @@ were added in OpenSSL 1.1.0.
 
 =head1 COPYRIGHT
 
-Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

doc/man3/ASN1_STRING_length.pod

@@ -72,7 +72,7 @@ In general it cannot be assumed that the data returned by ASN1_STRING_data()
 is null terminated or does not contain embedded nulls. The actual format
 of the data will depend on the actual string type itself: for example
 for an IA5String the data will be ASCII, for a BMPString two bytes per
-character in big endian format, and for an UTF8String it will be in UTF8 format.
+character in big endian format, and for a UTF8String it will be in UTF8 format.
 
 Similar care should be take to ensure the data is in the correct format
 when calling ASN1_STRING_set().
@@ -103,7 +103,7 @@ L<ERR_get_error(3)>
 
 =head1 COPYRIGHT
 
-Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2002-2020 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

doc/man3/ASN1_TIME_set.pod

@@ -117,7 +117,7 @@ one or both (depending on the time difference) of B<*pday> and B<*psec>
 will be positive. If B<to> represents a time earlier than B<from> then
 one or both of B<*pday> and B<*psec> will be negative. If B<to> and B<from>
 represent the same time then B<*pday> and B<*psec> will both be zero.
-If both B<*pday> and B<*psec> are non-zero they will always have the same
+If both B<*pday> and B<*psec> are nonzero they will always have the same
 sign. The value of B<*psec> will always be less than the number of seconds
 in a day. If B<from> or B<to> is NULL the current time is used.
 
@@ -167,7 +167,7 @@ format.
 =head1 BUGS
 
 ASN1_TIME_print(), ASN1_UTCTIME_print() and ASN1_GENERALIZEDTIME_print()
-do not print out the time zone: it either prints out "GMT" or nothing. But all
+do not print out the timezone: it either prints out "GMT" or nothing. But all
 certificates complying with RFC5280 et al use GMT anyway.
 
 Use the ASN1_TIME_normalize() function to normalize the time value before
@@ -248,7 +248,7 @@ The ASN1_TIME_compare() function was added in OpenSSL 1.1.1.
 
 =head1 COPYRIGHT
 
-Copyright 2015-2019 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

doc/man3/ASN1_TYPE_get.pod

@@ -33,7 +33,7 @@ up after the call.
 ASN1_TYPE_set1() sets the value of B<a> to B<type> a copy of B<value>.
 
 ASN1_TYPE_cmp() compares ASN.1 types B<a> and B<b> and returns 0 if
-they are identical and non-zero otherwise.
+they are identical and nonzero otherwise.
 
 ASN1_TYPE_unpack_sequence() attempts to parse the SEQUENCE present in
 B<t> using the ASN.1 structure B<it>. If successful it returns a pointer
@@ -62,12 +62,12 @@ length octets).
 
 ASN1_TYPE_cmp() may not return zero if two types are equivalent but have
 different encodings. For example the single content octet of the boolean TRUE
-value under BER can have any non-zero encoding but ASN1_TYPE_cmp() will
+value under BER can have any nonzero encoding but ASN1_TYPE_cmp() will
 only return zero if the values are the same.
 
 If either or both of the parameters passed to ASN1_TYPE_cmp() is NULL the
-return value is non-zero. Technically if both parameters are NULL the two
-types could be absent OPTIONAL fields and so should match, however passing
+return value is nonzero. Technically if both parameters are NULL the two
+types could be absent OPTIONAL fields and so should match, however, passing
 NULL values could also indicate a programming error (for example an
 unparsable type which returns NULL) for types which do B<not> match. So
 applications should handle the case of two absent values separately.
@@ -80,7 +80,7 @@ ASN1_TYPE_set() does not return a value.
 
 ASN1_TYPE_set1() returns 1 for success and 0 for failure.
 
-ASN1_TYPE_cmp() returns 0 if the types are identical and non-zero otherwise.
+ASN1_TYPE_cmp() returns 0 if the types are identical and nonzero otherwise.
 
 ASN1_TYPE_unpack_sequence() returns a pointer to an ASN.1 structure or
 NULL on failure.

doc/man3/ASYNC_WAIT_CTX_new.pod

@@ -50,7 +50,7 @@ job in B<*fd>. The number of file descriptors returned will be stored in
 B<*numfds>. It is the caller's responsibility to ensure that sufficient memory
 has been allocated in B<*fd> to receive all the file descriptors. Calling
 ASYNC_WAIT_CTX_get_all_fds() with a NULL B<fd> value will return no file
-descriptors but will still populate B<*numfds>. Therefore application code is
+descriptors but will still populate B<*numfds>. Therefore, application code is
 typically expected to call this function twice: once to get the number of fds,
 and then again when sufficient memory has been allocated. If only one
 asynchronous engine is being used then normally this call will only ever return
@@ -117,7 +117,7 @@ success or 0 on error.
 On Windows platforms the openssl/async.h header is dependent on some
 of the types customarily made available by including windows.h. The
 application developer is likely to require control over when the latter
-is included, commonly as one of the first included headers. Therefore
+is included, commonly as one of the first included headers. Therefore,
 it is defined as an application developer's responsibility to include
 windows.h prior to async.h.
 
@@ -134,7 +134,7 @@ were added in OpenSSL 1.1.0.
 
 =head1 COPYRIGHT
 
-Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

doc/man3/ASYNC_start_job.pod

@@ -166,7 +166,7 @@ otherwise.
 On Windows platforms the openssl/async.h header is dependent on some
 of the types customarily made available by including windows.h. The
 application developer is likely to require control over when the latter
-is included, commonly as one of the first included headers. Therefore
+is included, commonly as one of the first included headers. Therefore,
 it is defined as an application developer's responsibility to include
 windows.h prior to async.h.
 
@@ -321,7 +321,7 @@ added in OpenSSL 1.1.0.
 
 =head1 COPYRIGHT
 
-Copyright 2015-2019 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

doc/man3/BF_encrypt.pod

@@ -60,7 +60,7 @@ recipient needs to know what it was initialized with, or it won't be able
 to decrypt.  Some programs and protocols simplify this, like SSH, where
 B<ivec> is simply initialized to zero.
 BF_cbc_encrypt() operates on data that is a multiple of 8 bytes long, while
-BF_cfb64_encrypt() and BF_ofb64_encrypt() are used to encrypt an variable
+BF_cfb64_encrypt() and BF_ofb64_encrypt() are used to encrypt a variable
 number of bytes (the amount does not have to be an exact multiple of 8).  The
 purpose of the latter two is to simulate stream ciphers, and therefore, they
 need the parameter B<num>, which is a pointer to an integer where the current
@@ -109,7 +109,7 @@ L<des_modes(7)>
 
 =head1 COPYRIGHT
 
-Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

doc/man3/BIO_ADDR.pod

@@ -42,7 +42,7 @@ BIO_ADDR_free() frees a B<BIO_ADDR> created with BIO_ADDR_new().
 BIO_ADDR_clear() clears any data held within the provided B<BIO_ADDR> and sets
 it back to an uninitialised state.
 
-BIO_ADDR_rawmake() takes a protocol B<family>, an byte array of
+BIO_ADDR_rawmake() takes a protocol B<family>, a byte array of
 size B<wherelen> with an address in network byte order pointed at
 by B<where> and a port number in network byte order in B<port> (except
 for the B<AF_UNIX> protocol family, where B<port> is meaningless and
@@ -115,7 +115,7 @@ L<BIO_connect(3)>, L<BIO_s_connect(3)>
 
 =head1 COPYRIGHT
 
-Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

doc/man3/BIO_ADDRINFO.pod

@@ -94,7 +94,7 @@ information they should return isn't available.
 
 The BIO_lookup_ex() implementation uses the platform provided getaddrinfo()
 function. On Linux it is known that specifying 0 for the protocol will not
-return any SCTP based addresses when calling getaddrinfo(). Therefore if an SCTP
+return any SCTP based addresses when calling getaddrinfo(). Therefore, if an SCTP
 address is required then the B<protocol> parameter to BIO_lookup_ex() should be
 explicitly set to IPPROTO_SCTP. The same may be true on other platforms.
 
@@ -104,7 +104,7 @@ The BIO_lookup_ex() function was added in OpenSSL 1.1.1.
 
 =head1 COPYRIGHT
 
-Copyright 2016-2017 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

doc/man3/BIO_connect.pod

@@ -55,7 +55,7 @@ Enables regular sending of keep-alive messages.
 
 =item BIO_SOCK_NONBLOCK
 
-Sets the socket to non-blocking mode.
+Sets the socket to nonblocking mode.
 
 =item BIO_SOCK_NODELAY
 
@@ -107,7 +107,7 @@ Use the functions described above instead.
 
 =head1 COPYRIGHT
 
-Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

doc/man3/BIO_ctrl.pod

@@ -109,7 +109,7 @@ Filter BIOs if they do not internally handle a particular BIO_ctrl()
 operation usually pass the operation to the next BIO in the chain.
 This often means there is no need to locate the required BIO for
 a particular operation, it can be called on a chain and it will
-be automatically passed to the relevant BIO. However this can cause
+be automatically passed to the relevant BIO. However, this can cause
 unexpected results: for example no current filter BIOs implement
 BIO_seek(), but this may still succeed if the chain ends in a FILE
 or file descriptor BIO.
@@ -126,7 +126,7 @@ the case of BIO_seek() on a file BIO for a successful operation.
 
 =head1 COPYRIGHT
 
-Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

doc/man3/BIO_get_data.pod

@@ -25,7 +25,7 @@ the BIO. This data can subsequently be retrieved via a call to BIO_get_data().
 This can be used by custom BIOs for storing implementation specific information.
 
 The BIO_set_init() function sets the value of the BIO's "init" flag to indicate
-whether initialisation has been completed for this BIO or not. A non-zero value
+whether initialisation has been completed for this BIO or not. A nonzero value
 indicates that initialisation is complete, whilst zero indicates that it is not.
 Often initialisation will complete during initial construction of the BIO. For
 some BIOs however, initialisation may not complete until after additional steps
@@ -55,7 +55,7 @@ The functions described here were added in OpenSSL 1.1.0.
 
 =head1 COPYRIGHT
 
-Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

doc/man3/BIO_parse_hostserv.pod

@@ -19,10 +19,10 @@ BIO_parse_hostserv
 =head1 DESCRIPTION
 
 BIO_parse_hostserv() will parse the information given in B<hostserv>,
-create strings with the host name and service name and give those
+create strings with the hostname and service name and give those
 back via B<host> and B<service>.  Those will need to be freed after
 they are used.  B<hostserv_prio> helps determine if B<hostserv> shall
-be interpreted primarily as a host name or a service name in ambiguous
+be interpreted primarily as a hostname or a service name in ambiguous
 cases.
 
 The syntax the BIO_parse_hostserv() recognises is:
@@ -68,7 +68,7 @@ L<BIO_ADDRINFO(3)>
 
 =head1 COPYRIGHT
 
-Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

doc/man3/BIO_read.pod

@@ -55,7 +55,7 @@ NUL is not included in the length returned by BIO_gets().
 =head1 NOTES
 
 A 0 or -1 return is not necessarily an indication of an error. In
-particular when the source/sink is non-blocking or of a certain type
+particular when the source/sink is nonblocking or of a certain type
 it may merely be an indication that no data is currently available and that
 the application should retry the operation later.
 
@@ -87,7 +87,7 @@ keep the '\n' at the end of the line in the buffer.
 
 =head1 COPYRIGHT
 
-Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

doc/man3/BIO_s_accept.pod

@@ -143,7 +143,7 @@ however because the accept BIO will still accept additional incoming
 connections. This can be resolved by using BIO_pop() (see above)
 and freeing up the accept BIO after the initial connection.
 
-If the underlying accept socket is non-blocking and BIO_do_accept() is
+If the underlying accept socket is nonblocking and BIO_do_accept() is
 called to await an incoming connection it is possible for
 BIO_should_io_special() with the reason BIO_RR_ACCEPT. If this happens
 then it is an indication that an accept attempt would block: the application
@@ -224,7 +224,7 @@ down each and finally closes both down.
 
 =head1 COPYRIGHT
 
-Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

doc/man3/BIO_s_bio.pod

@@ -144,7 +144,7 @@ without having to go through the SSL-interface.
  ...
  BIO_new_bio_pair(&internal_bio, 0, &network_bio, 0);
  SSL_set_bio(ssl, internal_bio, internal_bio);
- SSL_operations(); /* e.g SSL_read and SSL_write */
+ SSL_operations(); /* e.g. SSL_read and SSL_write */
  ...
 
  application |   TLS-engine
@@ -167,7 +167,7 @@ without having to go through the SSL-interface.
   ...
 
 As the BIO pair will only buffer the data and never directly access the
-connection, it behaves non-blocking and will return as soon as the write
+connection, it behaves nonblocking and will return as soon as the write
 buffer is full or the read buffer is drained. Then the application has to
 flush the write buffer and/or fill the read buffer.
 
@@ -191,7 +191,7 @@ L<BIO_should_retry(3)>, L<BIO_read_ex(3)>
 
 =head1 COPYRIGHT
 
-Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

doc/man3/BIO_s_connect.pod

@@ -106,7 +106,7 @@ If blocking I/O is set then a non positive return value from any
 I/O call is caused by an error condition, although a zero return
 will normally mean that the connection was closed.
 
-If the port name is supplied as part of the host name then this will
+If the port name is supplied as part of the hostname then this will
 override any value set with BIO_set_conn_port(). This may be undesirable
 if the application does not wish to allow connection to arbitrary
 ports. This can be avoided by checking for the presence of the ':'
@@ -203,7 +203,7 @@ Use BIO_set_conn_address() and BIO_get_conn_address() instead.
 
 =head1 COPYRIGHT
 
-Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

doc/man3/BIO_s_file.pod

@@ -78,7 +78,7 @@ in stdio behaviour will be mirrored by the corresponding BIO.
 
 On Windows BIO_new_files reserves for the filename argument to be
 UTF-8 encoded. In other words if you have to make it work in multi-
-lingual environment, encode file names in UTF-8.
+lingual environment, encode filenames in UTF-8.
 
 =head1 RETURN VALUES
 
@@ -158,7 +158,7 @@ L<BIO_set_close(3)>, L<BIO_get_close(3)>
 
 =head1 COPYRIGHT
 
-Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

doc/man3/BIO_set_callback.pod

@@ -31,7 +31,7 @@ BIO_callback_fn_ex, BIO_callback_fn
 =head1 DESCRIPTION
 
 BIO_set_callback_ex() and BIO_get_callback_ex() set and retrieve the BIO
-callback. The callback is called during most high level BIO operations. It can
+callback. The callback is called during most high-level BIO operations. It can
 be used for debugging purposes to trace operations on a BIO or to modify its
 operation.
 
@@ -230,7 +230,7 @@ in crypto/bio/bio_cb.c
 
 =head1 COPYRIGHT
 
-Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

doc/man3/BN_add.pod

@@ -68,16 +68,16 @@ For division by powers of 2, use BN_rshift(3).
 
 BN_mod() corresponds to BN_div() with I<dv> set to B<NULL>.
 
-BN_nnmod() reduces I<a> modulo I<m> and places the non-negative
+BN_nnmod() reduces I<a> modulo I<m> and places the nonnegative
 remainder in I<r>.
 
-BN_mod_add() adds I<a> to I<b> modulo I<m> and places the non-negative
+BN_mod_add() adds I<a> to I<b> modulo I<m> and places the nonnegative
 result in I<r>.
 
 BN_mod_sub() subtracts I<b> from I<a> modulo I<m> and places the
-non-negative result in I<r>.
+nonnegative result in I<r>.
 
-BN_mod_mul() multiplies I<a> by I<b> and finds the non-negative
+BN_mod_mul() multiplies I<a> by I<b> and finds the nonnegative
 remainder respective to modulus I<m> (C<r=(a*b) mod m>). I<r> may be
 the same B<BIGNUM> as I<a> or I<b>. For more efficient algorithms for
 repeated computations using the same modulus, see
@@ -119,7 +119,7 @@ L<BN_add_word(3)>, L<BN_set_bit(3)>
 
 =head1 COPYRIGHT
 
-Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

doc/man3/BN_bn2bin.pod

@@ -37,7 +37,7 @@ memory.
 
 BN_bn2binpad() also converts the absolute value of B<a> into big-endian form
 and stores it at B<to>. B<tolen> indicates the length of the output buffer
-B<to>. The result is padded with zeroes if necessary. If B<tolen> is less than
+B<to>. The result is padded with zeros if necessary. If B<tolen> is less than
 BN_num_bytes(B<a>) an error is returned.
 
 BN_bin2bn() converts the positive integer in big-endian form of length
@@ -106,7 +106,7 @@ L<BN_num_bytes(3)>
 
 =head1 COPYRIGHT
 
-Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

doc/man3/BN_generate_prime.pod

@@ -127,7 +127,7 @@ For instance, to reach the 128 bit security level, B<nchecks> should be set to
 
 If B<cb> is not B<NULL>, B<BN_GENCB_call(cb, 1, j)> is called
 after the j-th iteration (j = 0, 1, ...). B<ctx> is a
-pre-allocated B<BN_CTX> (to save the overhead of allocating and
+preallocated B<BN_CTX> (to save the overhead of allocating and
 freeing the structure in a loop), or B<NULL>.
 
 BN_GENCB_call() calls the callback function held in the B<BN_GENCB> structure

doc/man3/BN_mod_mul_montgomery.pod

@@ -49,7 +49,7 @@ the result in I<r>.
 BN_from_montgomery() performs the Montgomery reduction I<r> = I<a>*R^-1.
 
 BN_to_montgomery() computes Mont(I<a>,R^2), i.e. I<a>*R.
-Note that I<a> must be non-negative and smaller than the modulus.
+Note that I<a> must be nonnegative and smaller than the modulus.
 
 For all functions, I<ctx> is a previously allocated B<BN_CTX> used for
 temporary variables.
@@ -80,7 +80,7 @@ BN_MONT_CTX_init() was removed in OpenSSL 1.1.0
 
 =head1 COPYRIGHT
 
-Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

doc/man3/BN_set_bit.pod

@@ -33,15 +33,15 @@ error occurs if B<a> is shorter than B<n> bits.
 BN_is_bit_set() tests if bit B<n> in B<a> is set.
 
 BN_mask_bits() truncates B<a> to an B<n> bit number
-(C<a&=~((~0)E<gt>E<gt>n)>).  An error occurs if B<a> already is
+(C<a&=~((~0)E<lt>E<lt>n)>).  An error occurs if B<a> already is
 shorter than B<n> bits.
 
 BN_lshift() shifts B<a> left by B<n> bits and places the result in
-B<r> (C<r=a*2^n>). Note that B<n> must be non-negative. BN_lshift1() shifts
+B<r> (C<r=a*2^n>). Note that B<n> must be nonnegative. BN_lshift1() shifts
 B<a> left by one and places the result in B<r> (C<r=2*a>).
 
 BN_rshift() shifts B<a> right by B<n> bits and places the result in
-B<r> (C<r=a/2^n>). Note that B<n> must be non-negative. BN_rshift1() shifts
+B<r> (C<r=a/2^n>). Note that B<n> must be nonnegative. BN_rshift1() shifts
 B<a> right by one and places the result in B<r> (C<r=a/2>).
 
 For the shift functions, B<r> and B<a> may be the same variable.
@@ -59,7 +59,7 @@ L<BN_num_bytes(3)>, L<BN_add(3)>
 
 =head1 COPYRIGHT
 
-Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

doc/man3/CMS_verify.pod

@@ -24,7 +24,7 @@ present in B<cms>. The content is written to B<out> if it is not NULL.
 B<flags> is an optional set of flags, which can be used to modify the verify
 operation.
 
-CMS_get0_signers() retrieves the signing certificate(s) from B<cms>, it must
+CMS_get0_signers() retrieves the signing certificate(s) from B<cms>, it may only
 be called after a successful CMS_verify() operation.
 
 =head1 VERIFY PROCESS
@@ -94,7 +94,7 @@ useful if one merely wishes to write the content to B<out> and its validity
 is not considered important.
 
 Chain verification should arguably be performed using the signing time rather
-than the current time. However since the signing time is supplied by the
+than the current time. However, since the signing time is supplied by the
 signer it cannot be trusted without additional evidence (such as a trusted
 timestamp).
 
@@ -122,7 +122,7 @@ L<ERR_get_error(3)>, L<CMS_sign(3)>
 
 =head1 COPYRIGHT
 
-Copyright 2008-2019 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2008-2020 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

doc/man3/CRYPTO_THREAD_run_once.pod

@@ -93,7 +93,7 @@ On Windows platforms the CRYPTO_THREAD_* types and functions in the
 openssl/crypto.h header are dependent on some of the types customarily
 made available by including windows.h. The application developer is
 likely to require control over when the latter is included, commonly as
-one of the first included headers. Therefore it is defined as an
+one of the first included headers. Therefore, it is defined as an
 application developer's responsibility to include windows.h prior to
 crypto.h where use of CRYPTO_THREAD_* types and functions is required.
 
@@ -161,7 +161,7 @@ L<crypto(7)>
 
 =head1 COPYRIGHT
 
-Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

doc/man3/CRYPTO_memcmp.pod

@@ -19,17 +19,17 @@ contents of the memory regions pointed to by B<a> and B<b>.
 
 =head1 RETURN VALUES
 
-CRYPTO_memcmp() returns 0 if the memory regions are equal and non-zero
+CRYPTO_memcmp() returns 0 if the memory regions are equal and nonzero
 otherwise.
 
 =head1 NOTES
 
 Unlike memcmp(2), this function cannot be used to order the two memory regions
-as the return value when they differ is undefined, other than being non-zero.
+as the return value when they differ is undefined, other than being nonzero.
 
 =head1 COPYRIGHT
 
-Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

doc/man3/DES_random_key.pod

@@ -120,7 +120,7 @@ is returned.  If the key is a weak key, then -2 is returned.  If an
 error is returned, the key schedule is not generated.
 
 DES_set_key() works like
-DES_set_key_checked() if the I<DES_check_key> flag is non-zero,
+DES_set_key_checked() if the I<DES_check_key> flag is nonzero,
 otherwise like DES_set_key_unchecked().  These functions are available
 for compatibility; it is recommended to use a function that does not
 depend on a global variable.
@@ -137,7 +137,7 @@ DES_ecb_encrypt() is the basic DES encryption routine that encrypts or
 decrypts a single 8-byte I<DES_cblock> in I<electronic code book>
 (ECB) mode.  It always transforms the input data, pointed to by
 I<input>, into the output data, pointed to by the I<output> argument.
-If the I<encrypt> argument is non-zero (DES_ENCRYPT), the I<input>
+If the I<encrypt> argument is nonzero (DES_ENCRYPT), the I<input>
 (cleartext) is encrypted in to the I<output> (ciphertext) using the
 key_schedule specified by the I<schedule> argument, previously set via
 I<DES_set_key>. If I<encrypt> is zero (DES_DECRYPT), the I<input> (now
@@ -156,7 +156,7 @@ The macro DES_ecb2_encrypt() is provided to perform two-key Triple-DES
 encryption by using I<ks1> for the final encryption.
 
 DES_ncbc_encrypt() encrypts/decrypts using the I<cipher-block-chaining>
-(CBC) mode of DES.  If the I<encrypt> argument is non-zero, the
+(CBC) mode of DES.  If the I<encrypt> argument is nonzero, the
 routine cipher-block-chain encrypts the cleartext data pointed to by
 the I<input> argument into the ciphertext pointed to by the I<output>
 argument, using the key schedule provided by the I<schedule> argument,
@@ -313,7 +313,7 @@ on some platforms.
 
 =head1 COPYRIGHT
 
-Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

doc/man3/DH_get0_pqg.pod

@@ -81,7 +81,7 @@ DH_get0_engine() returns a handle to the ENGINE that has been set for this DH
 object, or NULL if no such ENGINE has been set.
 
 The DH_get_length() and DH_set_length() functions get and set the optional
-length parameter associated with this DH object. If the length is non-zero then
+length parameter associated with this DH object. If the length is nonzero then
 it is used, otherwise it is ignored. The B<length> parameter indicates the
 length of the secret exponent (private key) in bits.
 
@@ -118,7 +118,7 @@ The functions described here were added in OpenSSL 1.1.0.
 
 =head1 COPYRIGHT
 
-Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

doc/man3/DH_set_method.pod

@@ -45,7 +45,7 @@ DH_set_method() selects B<meth> to perform all operations using the key B<dh>.
 This will replace the DH_METHOD used by the DH key and if the previous method
 was supplied by an ENGINE, the handle to that ENGINE will be released during the
 change. It is possible to have DH keys that only work with certain DH_METHOD
-implementations (eg. from an ENGINE module that supports embedded
+implementations (e.g. from an ENGINE module that supports embedded
 hardware-protected keys), and in such cases attempting to change the DH_METHOD
 for the key can have unexpected results.
 
@@ -64,7 +64,7 @@ B<DH_METHOD>s.
 
 DH_set_default_method() returns no value.
 
-DH_set_method() returns non-zero if the provided B<meth> was successfully set as
+DH_set_method() returns nonzero if the provided B<meth> was successfully set as
 the method for B<dh> (including unloading the ENGINE handle if the previous
 method was supplied by an ENGINE).
 
@@ -78,7 +78,7 @@ L<DH_new(3)>, L<DH_new(3)>, L<DH_meth_new(3)>
 
 =head1 COPYRIGHT
 
-Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

doc/man3/DSA_set_method.pod

@@ -46,7 +46,7 @@ DSA_set_method() selects B<meth> to perform all operations using the key
 B<rsa>. This will replace the DSA_METHOD used by the DSA key and if the
 previous method was supplied by an ENGINE, the handle to that ENGINE will
 be released during the change. It is possible to have DSA keys that only
-work with certain DSA_METHOD implementations (eg. from an ENGINE module
+work with certain DSA_METHOD implementations (e.g. from an ENGINE module
 that supports embedded hardware-protected keys), and in such cases
 attempting to change the DSA_METHOD for the key can have unexpected
 results. See L<DSA_meth_new> for information on constructing custom DSA_METHOD
@@ -64,7 +64,7 @@ B<DSA_METHOD>s.
 
 DSA_set_default_method() returns no value.
 
-DSA_set_method() returns non-zero if the provided B<meth> was successfully set as
+DSA_set_method() returns nonzero if the provided B<meth> was successfully set as
 the method for B<dsa> (including unloading the ENGINE handle if the previous
 method was supplied by an ENGINE).
 
@@ -78,7 +78,7 @@ L<DSA_new(3)>, L<DSA_new(3)>, L<DSA_meth_new(3)>
 
 =head1 COPYRIGHT
 
-Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

doc/man3/DTLSv1_listen.pod

@@ -35,7 +35,7 @@ message then the amplification attack has succeeded.
 If DTLS is used over UDP (or any datagram based protocol that does not validate
 the source IP) then it is susceptible to this type of attack. TLSv1.3 is
 designed to operate over a stream-based transport protocol (such as TCP).
-If TCP is being used then there is no need to use SSL_stateless(). However some
+If TCP is being used then there is no need to use SSL_stateless(). However, some
 stream-based transport protocols (e.g. QUIC) may not validate the source
 address. In this case a TLSv1.3 application would be susceptible to this attack.
 
@@ -98,7 +98,7 @@ will be set up ready to continue the handshake.  the B<peer> value will also be
 filled in.
 
 A return value of 0 indicates a non-fatal error. This could (for
-example) be because of non-blocking IO, or some invalid message having been
+example) be because of nonblocking IO, or some invalid message having been
 received from a peer. Errors may be placed on the OpenSSL error queue with
 further information if appropriate. Typically user code is expected to retry the
 call to DTLSv1_listen() in the event of a non-fatal error.
@@ -126,7 +126,7 @@ The type of "peer" also changed in OpenSSL 1.1.0.
 
 =head1 COPYRIGHT
 
-Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

doc/man3/ECDSA_SIG_new.pod

@@ -5,7 +5,7 @@
 ECDSA_SIG_get0, ECDSA_SIG_get0_r, ECDSA_SIG_get0_s, ECDSA_SIG_set0,
 ECDSA_SIG_new, ECDSA_SIG_free, ECDSA_size, ECDSA_sign, ECDSA_do_sign,
 ECDSA_verify, ECDSA_do_verify, ECDSA_sign_setup, ECDSA_sign_ex,
-ECDSA_do_sign_ex - low level elliptic curve digital signature algorithm (ECDSA)
+ECDSA_do_sign_ex - low-level elliptic curve digital signature algorithm (ECDSA)
 functions
 
 =head1 SYNOPSIS
@@ -40,7 +40,7 @@ functions
 
 =head1 DESCRIPTION
 
-Note: these functions provide a low level interface to ECDSA. Most
+Note: these functions provide a low-level interface to ECDSA. Most
 applications should use the higher level B<EVP> interface such as
 L<EVP_DigestSignInit(3)> or L<EVP_DigestVerifyInit(3)> instead.
 
@@ -199,7 +199,7 @@ L<d2i_ECDSA_SIG(3)>
 
 =head1 COPYRIGHT
 
-Copyright 2004-2019 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2004-2020 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

doc/man3/EC_GROUP_new.pod

@@ -84,7 +84,7 @@ specific PK B<params>.
 EC_GROUP_set_curve() sets the curve parameters B<p>, B<a> and B<b>. For a curve
 over Fp B<p> is the prime for the field. For a curve over F2^m B<p> represents
 the irreducible polynomial - each bit represents a term in the polynomial.
-Therefore there will either be three or five bits set dependent on whether the
+Therefore, there will either be three or five bits set dependent on whether the
 polynomial is a trinomial or a pentanomial.
 In either case, B<a> and B<b> represents the coefficients a and b from the
 relevant equation introduced above.
@@ -152,7 +152,7 @@ L<EC_GFp_simple_method(3)>, L<d2i_ECPKParameters(3)>
 
 =head1 COPYRIGHT
 
-Copyright 2013-2019 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2013-2020 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

doc/man3/EC_KEY_new.pod

@@ -9,7 +9,8 @@ EC_KEY_get0_engine,
 EC_KEY_get0_group, EC_KEY_set_group, EC_KEY_get0_private_key,
 EC_KEY_set_private_key, EC_KEY_get0_public_key, EC_KEY_set_public_key,
 EC_KEY_get_conv_form,
-EC_KEY_set_conv_form, EC_KEY_set_asn1_flag, EC_KEY_precompute_mult,
+EC_KEY_set_conv_form, EC_KEY_set_asn1_flag,
+EC_KEY_decoded_from_explicit_params, EC_KEY_precompute_mult,
 EC_KEY_generate_key, EC_KEY_check_key, EC_KEY_set_public_key_affine_coordinates,
 EC_KEY_oct2key, EC_KEY_key2buf, EC_KEY_oct2priv, EC_KEY_priv2oct,
 EC_KEY_priv2buf - Functions for creating, destroying and manipulating
@@ -38,6 +39,7 @@ EC_KEY objects
  point_conversion_form_t EC_KEY_get_conv_form(const EC_KEY *key);
  void EC_KEY_set_conv_form(EC_KEY *eckey, point_conversion_form_t cform);
  void EC_KEY_set_asn1_flag(EC_KEY *eckey, int asn1_flag);
+ int EC_KEY_decoded_from_explicit_params(const EC_KEY *key);
  int EC_KEY_precompute_mult(EC_KEY *key, BN_CTX *ctx);
  int EC_KEY_generate_key(EC_KEY *key);
  int EC_KEY_check_key(const EC_KEY *key);
@@ -118,11 +120,15 @@ EC_KEY_set_asn1_flag() sets the asn1_flag on the underlying EC_GROUP object
 (if set). Refer to L<EC_GROUP_copy(3)> for further information on the
 asn1_flag.
 
+EC_KEY_decoded_from_explicit_params() returns 1 if the group of the I<key> was
+decoded from data with explicitly encoded group parameters, -1 if the I<key>
+is NULL or the group parameters are missing, and 0 otherwise.
+
 EC_KEY_precompute_mult() stores multiples of the underlying EC_GROUP generator
 for faster point multiplication. See also L<EC_POINT_add(3)>.
 
 EC_KEY_oct2key() and EC_KEY_key2buf() are identical to the functions
-EC_POINT_oct2point() and EC_KEY_point2buf() except they use the public key
+EC_POINT_oct2point() and EC_POINT_point2buf() except they use the public key
 EC_POINT in B<eckey>.
 
 EC_KEY_oct2priv() and EC_KEY_priv2oct() convert between the private key
@@ -178,7 +184,7 @@ L<d2i_ECPKParameters(3)>
 
 =head1 COPYRIGHT
 
-Copyright 2013-2017 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2013-2020 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

doc/man3/EC_POINT_new.pod

@@ -148,7 +148,7 @@ EC_POINT_get_Jprojective_coordinates_GFp() respectively.
 
 Points can also be described in terms of their compressed co-ordinates. For a
 point (x, y), for any given value for x such that the point is on the curve
-there will only ever be two possible values for y. Therefore a point can be set
+there will only ever be two possible values for y. Therefore, a point can be set
 using the EC_POINT_set_compressed_coordinates() function where B<x> is the x
 co-ordinate and B<y_bit> is a value 0 or 1 to identify which of the two
 possible values for y should be used.
@@ -243,7 +243,7 @@ L<EC_GFp_simple_method(3)>, L<d2i_ECPKParameters(3)>
 
 =head1 COPYRIGHT
 
-Copyright 2013-2018 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2013-2020 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

doc/man3/ENGINE_add.pod

@@ -181,7 +181,7 @@ implementation includes the following abstractions;
 =head2 Reference counting and handles
 
 Due to the modular nature of the ENGINE API, pointers to ENGINEs need to be
-treated as handles - ie. not only as pointers, but also as references to
+treated as handles - i.e. not only as pointers, but also as references to
 the underlying ENGINE object. Ie. one should obtain a new reference when
 making copies of an ENGINE pointer if the copies will be used (and
 released) independently.
@@ -252,15 +252,15 @@ operational ENGINE for a given cryptographic purpose.
 
 To obtain a functional reference from an existing structural reference,
 call the ENGINE_init() function. This returns zero if the ENGINE was not
-already operational and couldn't be successfully initialised (eg. lack of
+already operational and couldn't be successfully initialised (e.g. lack of
 system drivers, no special hardware attached, etc), otherwise it will
-return non-zero to indicate that the ENGINE is now operational and will
+return nonzero to indicate that the ENGINE is now operational and will
 have allocated a new B<functional> reference to the ENGINE. All functional
 references are released by calling ENGINE_finish() (which removes the
 implicit structural reference as well).
 
 The second way to get a functional reference is by asking OpenSSL for a
-default implementation for a given task, eg. by ENGINE_get_default_RSA(),
+default implementation for a given task, e.g. by ENGINE_get_default_RSA(),
 ENGINE_get_default_cipher_engine(), etc. These are discussed in the next
 section, though they are not usually required by application programmers as
 they are used automatically when creating and using the relevant
@@ -278,7 +278,7 @@ In the case of other abstractions like RSA, DSA, etc, there is only one
 "algorithm" so all implementations implicitly register using the same 'nid'
 index.
 
-When a default ENGINE is requested for a given abstraction/algorithm/mode, (eg.
+When a default ENGINE is requested for a given abstraction/algorithm/mode, (e.g.
 when calling RSA_new_method(NULL)), a "get_default" call will be made to the
 ENGINE subsystem to process the corresponding state table and return a
 functional reference to an initialised ENGINE whose implementation should be
@@ -328,7 +328,7 @@ is something for the application to control. Some applications
 will want to allow the user to specify exactly which ENGINE they want used
 if any is to be used at all. Others may prefer to load all support and have
 OpenSSL automatically use at run-time any ENGINE that is able to
-successfully initialise - ie. to assume that this corresponds to
+successfully initialise - i.e. to assume that this corresponds to
 acceleration hardware attached to the machine or some such thing. There are
 probably numerous other ways in which applications may prefer to handle
 things, so we will simply illustrate the consequences as they apply to a
@@ -417,7 +417,7 @@ so that it can be initialised for use. This could include the path to any
 driver or config files it needs to load, required network addresses,
 smart-card identifiers, passwords to initialise protected devices,
 logging information, etc etc. This class of commands typically needs to be
-passed to an ENGINE B<before> attempting to initialise it, ie. before
+passed to an ENGINE B<before> attempting to initialise it, i.e. before
 calling ENGINE_init(). The other class of commands consist of settings or
 operations that tweak certain behaviour or cause certain operations to take
 place, and these commands may work either before or after ENGINE_init(), or
@@ -477,7 +477,7 @@ boolean success or failure.
  }
 
 Note that ENGINE_ctrl_cmd_string() accepts a boolean argument that can
-relax the semantics of the function - if set non-zero it will only return
+relax the semantics of the function - if set nonzero it will only return
 failure if the ENGINE supported the given command name but failed while
 executing it, if the ENGINE doesn't support the command name it will simply
 return success without doing anything. In this case we assume the user is
@@ -490,7 +490,7 @@ It is possible to discover at run-time the names, numerical-ids, descriptions
 and input parameters of the control commands supported by an ENGINE using a
 structural reference. Note that some control commands are defined by OpenSSL
 itself and it will intercept and handle these control commands on behalf of the
-ENGINE, ie. the ENGINE's ctrl() handler is not used for the control command.
+ENGINE, i.e. the ENGINE's ctrl() handler is not used for the control command.
 openssl/engine.h defines an index, ENGINE_CMD_BASE, that all control commands
 implemented by ENGINEs should be numbered from. Any command value lower than
 this symbol is considered a "generic" command is handled directly by the
@@ -556,7 +556,7 @@ by applications, administrations, users, etc. These can support arbitrary
 operations via ENGINE_ctrl(), including passing to and/or from the control
 commands data of any arbitrary type. These commands are supported in the
 discovery mechanisms simply to allow applications to determine if an ENGINE
-supports certain specific commands it might want to use (eg. application "foo"
+supports certain specific commands it might want to use (e.g. application "foo"
 might query various ENGINEs to see if they implement "FOO_GET_VENDOR_LOGO_GIF" -
 and ENGINE could therefore decide whether or not to support this "foo"-specific
 extension).
@@ -657,7 +657,7 @@ and should not be used.
 
 =head1 COPYRIGHT
 
-Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2002-2020 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

doc/man3/ERR_get_error.pod

@@ -45,7 +45,7 @@ messages.
 
 ERR_get_error_line(), ERR_peek_error_line() and
 ERR_peek_last_error_line() are the same as the above, but they
-additionally store the file name and line number where
+additionally store the filename and line number where
 the error occurred in *B<file> and *B<line>, unless these are B<NULL>.
 
 ERR_get_error_line_data(), ERR_peek_error_line_data() and
@@ -69,7 +69,7 @@ L<ERR_GET_LIB(3)>
 
 =head1 COPYRIGHT
 
-Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

doc/man3/ERR_print_errors.pod

@@ -29,7 +29,7 @@ B<u> as the callback parameters.
 
 The error strings will have the following format:
 
- [pid]:error:[error code]:[library name]:[function name]:[reason string]:[file name]:[line]:[optional text message]
+ [pid]:error:[error code]:[library name]:[function name]:[reason string]:[filename]:[line]:[optional text message]
 
 I<error code> is an 8 digit hexadecimal number. I<library name>,
 I<function name> and I<reason string> are ASCII text, as is I<optional
@@ -49,7 +49,7 @@ L<ERR_get_error(3)>
 
 =head1 COPYRIGHT
 
-Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

doc/man3/ERR_put_error.pod

@@ -39,14 +39,14 @@ descriptions. For example, the function ssl3_read_bytes() reports a
 
  SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_SSL_HANDSHAKE_FAILURE);
 
-Function and reason codes should consist of upper case characters,
+Function and reason codes should consist of uppercase characters,
 numbers and underscores only. The error file generation script translates
 function codes into function names by looking in the header files
 for an appropriate function name, if none is found it just uses
 the capitalized form such as "SSL3_READ_BYTES" in the above example.
 
 The trailing section of a reason code (after the "_R_") is translated
-into lower case and underscores changed to spaces.
+into lowercase and underscores changed to spaces.
 
 Although a library will normally report errors using its own specific
 XXXerr macro, another library's macro can be used. This is normally
@@ -65,7 +65,7 @@ L<ERR_load_strings(3)>
 
 =head1 COPYRIGHT
 
-Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

doc/man3/EVP_DigestInit.pod

@@ -68,7 +68,7 @@ EVP_MD_CTX_pkey_ctx, EVP_MD_CTX_set_pkey_ctx - EVP digest routines
 
 =head1 DESCRIPTION
 
-The EVP digest routines are a high level interface to message digests,
+The EVP digest routines are a high-level interface to message digests,
 and should be used instead of the cipher-specific functions.
 
 =over 4
@@ -338,7 +338,7 @@ This function has no return value.
 =head1 NOTES
 
 The B<EVP> interface to message digests should almost always be used in
-preference to the low level interfaces. This is because the code then becomes
+preference to the low-level interfaces. This is because the code then becomes
 transparent to the digest used and much more flexible.
 
 New applications should use the SHA-2 (such as L<EVP_sha256(3)>) or the SHA-3
@@ -443,7 +443,7 @@ The EVP_MD_CTX_set_pkey_ctx() function was added in 1.1.1.
 
 =head1 COPYRIGHT
 
-Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

doc/man3/EVP_DigestSignInit.pod

@@ -20,7 +20,7 @@ EVP_DigestSign - EVP signing functions
 
 =head1 DESCRIPTION
 
-The EVP signature routines are a high level interface to digital signatures.
+The EVP signature routines are a high-level interface to digital signatures.
 
 EVP_DigestSignInit() sets up signing context B<ctx> to use digest B<type> from
 ENGINE B<e> and private key B<pkey>. B<ctx> must be created with
@@ -110,7 +110,7 @@ The error codes can be obtained from L<ERR_get_error(3)>.
 =head1 NOTES
 
 The B<EVP> interface to digital signatures should almost always be used in
-preference to the low level interfaces. This is because the code then becomes
+preference to the low-level interfaces. This is because the code then becomes
 transparent to the algorithm used and much more flexible.
 
 EVP_DigestSign() is a one shot operation which signs a single block of data

doc/man3/EVP_DigestVerifyInit.pod

@@ -19,7 +19,7 @@ EVP_DigestVerify - EVP signature verification functions
 
 =head1 DESCRIPTION
 
-The EVP signature routines are a high level interface to digital signatures.
+The EVP signature routines are a high-level interface to digital signatures.
 
 EVP_DigestVerifyInit() sets up verification context B<ctx> to use digest
 B<type> from ENGINE B<e> and public key B<pkey>. B<ctx> must be created
@@ -62,7 +62,7 @@ The error codes can be obtained from L<ERR_get_error(3)>.
 =head1 NOTES
 
 The B<EVP> interface to digital signatures should almost always be used in
-preference to the low level interfaces. This is because the code then becomes
+preference to the low-level interfaces. This is because the code then becomes
 transparent to the algorithm used and much more flexible.
 
 EVP_DigestVerify() is a one shot operation which verifies a single block of
@@ -104,7 +104,7 @@ were added in OpenSSL 1.0.0.
 
 =head1 COPYRIGHT
 
-Copyright 2006-2019 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

doc/man3/EVP_EncodeInit.pod

@@ -29,7 +29,7 @@ EVP_DecodeBlock - EVP base 64 encode/decode routines
 
 =head1 DESCRIPTION
 
-The EVP encode routines provide a high level interface to base 64 encoding and
+The EVP encode routines provide a high-level interface to base 64 encoding and
 decoding. Base 64 encoding converts binary data into a printable form that uses
 the characters A-Z, a-z, 0-9, "+" and "/" to represent the data. For every 3
 bytes of binary data provided 4 bytes of base 64 encoded data will be produced
@@ -83,8 +83,8 @@ EVP_ENCODE_CTX_num() will return the number of as yet unprocessed bytes still to
 be encoded or decoded that are pending in the B<ctx> object.
 
 EVP_EncodeBlock() encodes a full block of input data in B<f> and of length
-B<dlen> and stores it in B<t>. For every 3 bytes of input provided 4 bytes of
-output data will be produced. If B<dlen> is not divisible by 3 then the block is
+B<n> and stores it in B<t>. For every 3 bytes of input provided 4 bytes of
+output data will be produced. If B<n> is not divisible by 3 then the block is
 encoded as a final block of data and the output is padded such that it is always
 divisible by 4. Additionally a NUL terminator character will be added. For
 example if 16 bytes of input data is provided then 24 bytes of encoded data is
@@ -151,7 +151,7 @@ L<evp(7)>
 
 =head1 COPYRIGHT
 
-Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

doc/man3/EVP_EncryptInit.pod

@@ -120,7 +120,7 @@ EVP_enc_null
 
 =head1 DESCRIPTION
 
-The EVP cipher routines are a high level interface to certain
+The EVP cipher routines are a high-level interface to certain
 symmetric ciphers.
 
 EVP_CIPHER_CTX_new() creates a cipher context.
@@ -146,10 +146,15 @@ appropriate.
 EVP_EncryptUpdate() encrypts B<inl> bytes from the buffer B<in> and
 writes the encrypted version to B<out>. This function can be called
 multiple times to encrypt successive blocks of data. The amount
-of data written depends on the block alignment of the encrypted data:
-as a result the amount of data written may be anything from zero bytes
-to (inl + cipher_block_size - 1) so B<out> should contain sufficient
-room. The actual number of bytes written is placed in B<outl>. It also
+of data written depends on the block alignment of the encrypted data.
+For most ciphers and modes, the amount of data written can be anything
+from zero bytes to (inl + cipher_block_size - 1) bytes.
+For wrap cipher modes, the amount of data written can be anything
+from zero bytes to (inl + cipher_block_size) bytes.
+For stream ciphers, the amount of data written can be anything from zero
+bytes to inl bytes.
+Thus, B<out> should contain sufficient room for the operation being performed.
+The actual number of bytes written is placed in B<outl>. It also
 checks if B<in> and B<out> are partially overlapping, and if they are
 0 is returned to indicate failure.
 
@@ -422,8 +427,8 @@ Sets the CCM B<L> value. If not set a default is used (8 for AES).
 
 =item EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, ivlen, NULL)
 
-Sets the CCM nonce (IV) length. This call can only be made before specifying an
-nonce value. The nonce length is given by B<15 - L> so it is 7 by default for
+Sets the CCM nonce (IV) length. This call can only be made before specifying 
+a nonce value. The nonce length is given by B<15 - L> so it is 7 by default for
 AES.
 
 =back
@@ -463,10 +468,10 @@ This call is only valid when decrypting data.
 =head1 NOTES
 
 Where possible the B<EVP> interface to symmetric ciphers should be used in
-preference to the low level interfaces. This is because the code then becomes
+preference to the low-level interfaces. This is because the code then becomes
 transparent to the cipher used and much more flexible. Additionally, the
 B<EVP> interface will ensure the use of platform specific cryptographic
-acceleration such as AES-NI (the low level interfaces do not provide the
+acceleration such as AES-NI (the low-level interfaces do not provide the
 guarantee).
 
 PKCS padding works by adding B<n> padding bytes of value B<n> to make the total
@@ -591,7 +596,7 @@ with a 128-bit key:
 
      /* Don't set key or IV right away; we want to check lengths */
      ctx = EVP_CIPHER_CTX_new();
-     EVP_CipherInit_ex(&ctx, EVP_aes_128_cbc(), NULL, NULL, NULL,
+     EVP_CipherInit_ex(ctx, EVP_aes_128_cbc(), NULL, NULL, NULL,
                        do_encrypt);
      OPENSSL_assert(EVP_CIPHER_CTX_key_length(ctx) == 16);
      OPENSSL_assert(EVP_CIPHER_CTX_iv_length(ctx) == 16);
@@ -654,7 +659,7 @@ EVP_CIPHER_CTX_reset().
 
 =head1 COPYRIGHT
 
-Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

doc/man3/EVP_OpenInit.pod

@@ -16,7 +16,7 @@ EVP_OpenInit, EVP_OpenUpdate, EVP_OpenFinal - EVP envelope decryption
 
 =head1 DESCRIPTION
 
-The EVP envelope routines are a high level interface to envelope
+The EVP envelope routines are a high-level interface to envelope
 decryption. They decrypt a public key encrypted symmetric key and
 then decrypt data using it.
 
@@ -59,7 +59,7 @@ L<EVP_SealInit(3)>
 
 =head1 COPYRIGHT
 
-Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

doc/man3/EVP_PKEY_CTX_ctrl.pod

@@ -290,7 +290,7 @@ parameter generation. Use 0 for PKCS#3 DH and 1 for X9.42 DH.
 The default is 0.
 
 The EVP_PKEY_CTX_set_dh_pad() macro sets the DH padding mode. If B<pad> is
-1 the shared secret is padded with zeroes up to the size of the DH prime B<p>.
+1 the shared secret is padded with zeros up to the size of the DH prime B<p>.
 If B<pad> is zero (the default) then no padding is performed.
 
 EVP_PKEY_CTX_set_dh_nid() sets the DH parameters to values corresponding to
@@ -459,7 +459,7 @@ macros were added in 1.1.1, other functions were added in OpenSSL 1.0.0.
 
 =head1 COPYRIGHT
 
-Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

doc/man3/EVP_PKEY_CTX_new.pod

@@ -31,7 +31,7 @@ If B<ctx> is NULL, nothing is done.
 =head1 NOTES
 
 The B<EVP_PKEY_CTX> structure is an opaque public key algorithm context used
-by the OpenSSL high level public key API. Contexts B<MUST NOT> be shared between
+by the OpenSSL high-level public key API. Contexts B<MUST NOT> be shared between
 threads: that is it is not permissible to use the same context simultaneously
 in two threads.
 
@@ -52,7 +52,7 @@ These functions were added in OpenSSL 1.0.0.
 
 =head1 COPYRIGHT
 
-Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

doc/man3/EVP_PKEY_keygen.pod

@@ -51,7 +51,7 @@ generation callback.
 The function EVP_PKEY_CTX_get_keygen_info() returns parameters associated
 with the generation operation. If B<idx> is -1 the total number of
 parameters available is returned. Any non negative value returns the value of
-that parameter. EVP_PKEY_CTX_gen_keygen_info() with a non-negative value for
+that parameter. EVP_PKEY_CTX_gen_keygen_info() with a nonnegative value for
 B<idx> should only be called within the generation callback.
 
 If the callback returns 0 then the key generation operation is aborted and an
@@ -196,7 +196,7 @@ in OpenSSL 1.1.1.
 
 =head1 COPYRIGHT
 
-Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

doc/man3/EVP_PKEY_new.pod

@@ -66,7 +66,8 @@ B<EVP_PKEY_X25519>, B<EVP_PKEY_ED25519>, B<EVP_PKEY_X448> or B<EVP_PKEY_ED448>.
 EVP_PKEY_new_CMAC_key() works in the same way as EVP_PKEY_new_raw_private_key()
 except it is only for the B<EVP_PKEY_CMAC> algorithm type. In addition to the
 raw private key data, it also takes a cipher algorithm to be used during
-creation of a CMAC in the B<cipher> argument.
+creation of a CMAC in the B<cipher> argument. The cipher should be a standard
+encryption only cipher. For example AEAD and XTS ciphers should not be used.
 
 EVP_PKEY_new_mac_key() works in the same way as EVP_PKEY_new_raw_private_key().
 New applications should use EVP_PKEY_new_raw_private_key() instead.

doc/man3/EVP_SealInit.pod

@@ -17,7 +17,7 @@ EVP_SealInit, EVP_SealUpdate, EVP_SealFinal - EVP envelope encryption
 
 =head1 DESCRIPTION
 
-The EVP envelope routines are a high level interface to envelope
+The EVP envelope routines are a high-level interface to envelope
 encryption. They generate a random key and IV (if required) then
 "envelope" it by using public key encryption. Data can then be
 encrypted using this key.
@@ -82,7 +82,7 @@ L<RAND(7)>
 
 =head1 COPYRIGHT
 
-Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

doc/man3/EVP_SignInit.pod

@@ -17,7 +17,7 @@ EVP_SignInit, EVP_SignInit_ex, EVP_SignUpdate, EVP_SignFinal
 
 =head1 DESCRIPTION
 
-The EVP signature routines are a high level interface to digital
+The EVP signature routines are a high-level interface to digital
 signatures.
 
 EVP_SignInit_ex() sets up signing context I<ctx> to use digest
@@ -48,7 +48,7 @@ The error codes can be obtained by L<ERR_get_error(3)>.
 =head1 NOTES
 
 The B<EVP> interface to digital signatures should almost always be used in
-preference to the low level interfaces. This is because the code then becomes
+preference to the low-level interfaces. This is because the code then becomes
 transparent to the algorithm used and much more flexible.
 
 When signing with DSA private keys the random number generator must be seeded.

doc/man3/EVP_VerifyInit.pod

@@ -19,7 +19,7 @@ EVP_VerifyInit, EVP_VerifyUpdate, EVP_VerifyFinal
 
 =head1 DESCRIPTION
 
-The EVP signature verification routines are a high level interface to digital
+The EVP signature verification routines are a high-level interface to digital
 signatures.
 
 EVP_VerifyInit_ex() sets up verification context B<ctx> to use digest
@@ -49,7 +49,7 @@ The error codes can be obtained by L<ERR_get_error(3)>.
 =head1 NOTES
 
 The B<EVP> interface to digital signatures should almost always be used in
-preference to the low level interfaces. This is because the code then becomes
+preference to the low-level interfaces. This is because the code then becomes
 transparent to the algorithm used and much more flexible.
 
 The call to EVP_VerifyFinal() internally finalizes a copy of the digest context.
@@ -85,7 +85,7 @@ L<SHA1(3)>, L<dgst(1)>
 
 =head1 COPYRIGHT
 
-Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

doc/man3/HMAC.pod

@@ -21,7 +21,7 @@ HMAC_size
  #include <openssl/hmac.h>
 
  unsigned char *HMAC(const EVP_MD *evp_md, const void *key,
-                     int key_len, const unsigned char *d, int n,
+                     int key_len, const unsigned char *d, size_t n,
                      unsigned char *md, unsigned int *md_len);
 
  HMAC_CTX *HMAC_CTX_new(void);
@@ -29,7 +29,7 @@ HMAC_size
 
  int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int key_len,
                   const EVP_MD *md, ENGINE *impl);
- int HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, int len);
+ int HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, size_t len);
  int HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len);
 
  void HMAC_CTX_free(HMAC_CTX *ctx);
@@ -69,7 +69,7 @@ EVP_shake256().
 
 HMAC_CTX_new() creates a new HMAC_CTX in heap memory.
 
-HMAC_CTX_reset() zeroes an existing B<HMAC_CTX> and associated
+HMAC_CTX_reset() zeros an existing B<HMAC_CTX> and associated
 resources, making it suitable for new computations as if it was newly
 created with HMAC_CTX_new().
 
@@ -149,7 +149,7 @@ OpenSSL before version 1.0.0.
 
 =head1 COPYRIGHT
 
-Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

doc/man3/OCSP_cert_to_id.pod

@@ -52,7 +52,7 @@ corresponding parameter can be set to B<NULL>.
 OCSP_cert_to_id() and OCSP_cert_id_new() return either a pointer to a valid
 B<OCSP_CERTID> structure or B<NULL> if an error occurred.
 
-OCSP_id_cmp() and OCSP_id_issuer_cmp() returns zero for a match and non-zero
+OCSP_id_cmp() and OCSP_id_issuer_cmp() returns zero for a match and nonzero
 otherwise.
 
 OCSP_CERTID_free() does not return a value.
@@ -79,7 +79,7 @@ L<OCSP_sendreq_new(3)>
 
 =head1 COPYRIGHT
 
-Copyright 2015-2019 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

doc/man3/OCSP_request_add1_nonce.pod

@@ -57,7 +57,7 @@ performance reasons. As a result they do not support nonces.
 
 The return values of OCSP_check_nonce() can be checked to cover each case.  A
 positive return value effectively indicates success: nonces are both present
-and match, both absent or present in the response only. A non-zero return
+and match, both absent or present in the response only. A nonzero return
 additionally covers the case where the nonce is present in the request only:
 this will happen if the responder doesn't support nonces. A zero return value
 indicates present and mismatched nonces: this should be treated as an error

doc/man3/OCSP_resp_find_status.pod

@@ -112,7 +112,7 @@ no freeing of the results is necessary.
 
 OCSP_check_validity() checks the validity of B<thisupd> and B<nextupd> values
 which will be typically obtained from OCSP_resp_find_status() or
-OCSP_single_get0_status(). If B<sec> is non-zero it indicates how many seconds
+OCSP_single_get0_status(). If B<sec> is nonzero it indicates how many seconds
 leeway should be allowed in the check. If B<maxsec> is positive it indicates
 the maximum age of B<thisupd> in seconds.
 
@@ -167,7 +167,7 @@ can then take appropriate action based on the status of the certificate.
 
 An OCSP response for a certificate contains B<thisUpdate> and B<nextUpdate>
 fields. Normally the current time should be between these two values. To
-account for clock skew the B<maxsec> field can be set to non-zero in
+account for clock skew the B<maxsec> field can be set to nonzero in
 OCSP_check_validity(). Some responders do not set the B<nextUpdate> field, this
 would otherwise mean an ancient response would be considered valid: the
 B<maxsec> parameter to OCSP_check_validity() can be used to limit the permitted
@@ -189,7 +189,7 @@ L<OCSP_sendreq_new(3)>
 
 =head1 COPYRIGHT
 
-Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

doc/man3/OCSP_sendreq_new.pod

@@ -34,7 +34,7 @@ response header maximum line length of B<maxline>. If B<maxline> is zero a
 default value of 4k is used. The OCSP request B<req> may be set to B<NULL>
 and provided later if required.
 
-OCSP_sendreq_nbio() performs non-blocking I/O on the OCSP request context
+OCSP_sendreq_nbio() performs nonblocking I/O on the OCSP request context
 B<rctx>. When the operation is complete it returns the response in B<*presp>.
 
 OCSP_REQ_CTX_free() frees up the OCSP context B<rctx>.
@@ -96,7 +96,7 @@ corresponding BIO can be examined to determine which operation (read or
 write) should be retried and appropriate action taken (for example a select()
 call on the underlying socket).
 
-OCSP_sendreq_bio() does not support retries and so cannot handle non-blocking
+OCSP_sendreq_bio() does not support retries and so cannot handle nonblocking
 I/O efficiently. It is retained for compatibility and its use in new
 applications is not recommended.
 

doc/man3/OPENSSL_LH_COMPFUNC.pod

@@ -51,7 +51,7 @@ an unsigned long hash value for its key field.  The hash value is
 normally truncated to a power of 2, so make sure that your hash
 function returns well mixed low order bits.  The B<compare> callback
 takes two arguments (pointers to two hash table entries), and returns
-0 if their keys are equal, non-zero otherwise.
+0 if their keys are equal, nonzero otherwise.
 
 If your hash table
 will contain items of some particular type and the B<hash> and
@@ -196,7 +196,7 @@ all such parameters as constant.
 
 As an example, a hash table may be maintained by code that, for
 reasons of encapsulation, has only "const" access to the data being
-indexed in the hash table (ie. it is returned as "const" from
+indexed in the hash table (i.e. it is returned as "const" from
 elsewhere in their code) - in this case the LHASH prototypes are
 appropriate as-is.  Conversely, if the caller is responsible for the
 life-time of the data in question, then they may well wish to make
@@ -229,7 +229,7 @@ type checking.
 
 =head1 COPYRIGHT
 
-Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

doc/man3/OPENSSL_config.pod

@@ -41,7 +41,7 @@ initialization (that is before starting any threads).
 
 There are several reasons why calling the OpenSSL configuration routines is
 advisable. For example, to load dynamic ENGINEs from shared libraries (DSOs).
-However very few applications currently support the control interface and so
+However, very few applications currently support the control interface and so
 very few can load and use dynamic ENGINEs. Equally in future more sophisticated
 ENGINEs will require certain control operations to customize them. If an
 application calls OPENSSL_config() it doesn't need to know or care about
@@ -75,7 +75,7 @@ deprecated in OpenSSL 1.1.0 by OPENSSL_init_crypto().
 
 =head1 COPYRIGHT
 
-Copyright 2004-2018 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2004-2020 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

doc/man3/OPENSSL_ia32cap.pod

@@ -102,7 +102,7 @@ and RORX;
 =item bit #64+19 denoting availability of ADCX and ADOX instructions;
 
 =item bit #64+21 denoting availability of VPMADD52[LH]UQ instructions,
-a.k.a. AVX512IFMA extension;
+aka AVX512IFMA extension;
 
 =item bit #64+29 denoting availability of SHA extension;
 
@@ -157,7 +157,7 @@ Not available.
 
 =head1 COPYRIGHT
 
-Copyright 2004-2018 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2004-2020 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

doc/man3/OPENSSL_init_crypto.pod

@@ -39,13 +39,13 @@ needs so no explicit initialisation is required. Similarly it will also
 automatically deinitialise as required.
 
 However, there may be situations when explicit initialisation is desirable or
-needed, for example when some non-default initialisation is required. The
+needed, for example when some nondefault initialisation is required. The
 function OPENSSL_init_crypto() can be used for this purpose for
 libcrypto (see also L<OPENSSL_init_ssl(3)> for the libssl
 equivalent).
 
 Numerous internal OpenSSL functions call OPENSSL_init_crypto().
-Therefore, in order to perform non-default initialisation,
+Therefore, in order to perform nondefault initialisation,
 OPENSSL_init_crypto() MUST be called by application code prior to
 any other OpenSSL function calls.
 
@@ -216,10 +216,10 @@ The filename, application name, and flags can be customized by providing a
 non-null B<OPENSSL_INIT_SETTINGS> object.
 The object can be allocated via B<OPENSSL_init_new()>.
 The B<OPENSSL_INIT_set_config_filename()> function can be used to specify a
-non-default filename, which is copied and need not refer to persistent storage.
+nondefault filename, which is copied and need not refer to persistent storage.
 Similarly, OPENSSL_INIT_set_config_appname() can be used to specify a
-non-default application name.
-Finally, OPENSSL_INIT_set_file_flags can be used to specify non-default flags.
+nondefault application name.
+Finally, OPENSSL_INIT_set_file_flags can be used to specify nondefault flags.
 If the B<CONF_MFLAGS_IGNORE_RETURN_CODES> flag is not included, any errors in
 the configuration file will cause an error return from B<OPENSSL_init_crypto>
 or indirectly L<OPENSSL_init_ssl(3)>.
@@ -264,7 +264,7 @@ and OPENSSL_INIT_free() functions were added in OpenSSL 1.1.0.
 
 =head1 COPYRIGHT
 
-Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

doc/man3/OPENSSL_init_ssl.pod

@@ -23,14 +23,14 @@ needs so no explicit initialisation is required. Similarly it will also
 automatically deinitialise as required.
 
 However, there may be situations when explicit initialisation is desirable or
-needed, for example when some non-default initialisation is required. The
+needed, for example when some nondefault initialisation is required. The
 function OPENSSL_init_ssl() can be used for this purpose. Calling
 this function will explicitly initialise BOTH libcrypto and libssl. To
 explicitly initialise ONLY libcrypto see the
 L<OPENSSL_init_crypto(3)> function.
 
 Numerous internal OpenSSL functions call OPENSSL_init_ssl().
-Therefore, in order to perform non-default initialisation,
+Therefore, in order to perform nondefault initialisation,
 OPENSSL_init_ssl() MUST be called by application code prior to
 any other OpenSSL function calls.
 
@@ -74,7 +74,7 @@ The OPENSSL_init_ssl() function was added in OpenSSL 1.1.0.
 
 =head1 COPYRIGHT
 
-Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

doc/man3/OSSL_STORE_open.pod

@@ -46,21 +46,22 @@ OSSL_STORE_close() to work together.
 
 =head2 Functions
 
-OSSL_STORE_open() takes a uri or path B<uri>, password UI method
-B<ui_method> with associated data B<ui_data>, and post processing
-callback B<post_process> with associated data B<post_process_data>,
+OSSL_STORE_open() takes a uri or path I<uri>, password UI method
+I<ui_method> with associated data I<ui_data>, and post processing
+callback I<post_process> with associated data I<post_process_data>,
 opens a channel to the data located at that URI and returns a
 B<OSSL_STORE_CTX> with all necessary internal information.
-The given B<ui_method> and B<ui_data_data> will be reused by all
-functions that use B<OSSL_STORE_CTX> when interaction is needed.
-The given B<post_process> and B<post_process_data> will be reused by
+The given I<ui_method> and I<ui_data> will be reused by all
+functions that use B<OSSL_STORE_CTX> when interaction is needed,
+for instance to provide a password.
+The given I<post_process> and I<post_process_data> will be reused by
 OSSL_STORE_load() to manipulate or drop the value to be returned.
-The B<post_process> function drops values by returning B<NULL>, which
+The I<post_process> function drops values by returning NULL, which
 will cause OSSL_STORE_load() to start its process over with loading
-the next object, until B<post_process> returns something other than
-B<NULL>, or the end of data is reached as indicated by OSSL_STORE_eof().
+the next object, until I<post_process> returns something other than
+NULL, or the end of data is reached as indicated by OSSL_STORE_eof().
 
-OSSL_STORE_ctrl() takes a B<OSSL_STORE_CTX>, and command number B<cmd> and
+OSSL_STORE_ctrl() takes a B<OSSL_STORE_CTX>, and command number I<cmd> and
 more arguments not specified here.
 The available loader specific command numbers and arguments they each
 take depends on the loader that's used and is documented together with
@@ -94,6 +95,7 @@ OSSL_STORE_eof() shows that the end of data has been reached.
 OSSL_STORE_close() takes a B<OSSL_STORE_CTX>, closes the channel that was opened
 by OSSL_STORE_open() and frees all other information that was stored in the
 B<OSSL_STORE_CTX>, as well as the B<OSSL_STORE_CTX> itself.
+If I<ctx> is NULL it does nothing.
 
 =head1 SUPPORTED SCHEMES
 
@@ -123,12 +125,12 @@ See L<passphrase-encoding(7)> for further information.
 =head1 RETURN VALUES
 
 OSSL_STORE_open() returns a pointer to a B<OSSL_STORE_CTX> on success, or
-B<NULL> on failure.
+NULL on failure.
 
 OSSL_STORE_load() returns a pointer to a B<OSSL_STORE_INFO> on success, or
-B<NULL> on error or when end of data is reached.
+NULL on error or when end of data is reached.
 Use OSSL_STORE_error() and OSSL_STORE_eof() to determine the meaning of a
-returned B<NULL>.
+returned NULL.
 
 OSSL_STORE_eof() returns 1 if the end of data has been reached, otherwise
 0.
@@ -149,9 +151,12 @@ OSSL_STORE_CTX(), OSSL_STORE_post_process_info_fn(), OSSL_STORE_open(),
 OSSL_STORE_ctrl(), OSSL_STORE_load(), OSSL_STORE_eof() and OSSL_STORE_close()
 were added in OpenSSL 1.1.1.
 
+Handling of NULL I<ctx> argument for OSSL_STORE_close()
+was introduced in OpenSSL 1.1.1h.
+
 =head1 COPYRIGHT
 
-Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

doc/man3/PEM_read_bio_PrivateKey.pod

@@ -206,7 +206,7 @@ RSA structure. The public key is encoded using a PKCS#1 RSAPublicKey
 structure.
 
 The B<RSA_PUBKEY> functions also process an RSA public key using
-an RSA structure. However the public key is encoded using a
+an RSA structure. However, the public key is encoded using a
 SubjectPublicKeyInfo structure and an error occurs if the public
 key is not RSA.
 
@@ -387,7 +387,7 @@ The pseudo code to derive the key would look similar to:
 =head1 BUGS
 
 The PEM read routines in some versions of OpenSSL will not correctly reuse
-an existing structure. Therefore the following:
+an existing structure. Therefore, the following:
 
  PEM_read_bio_X509(bp, &x, 0, NULL);
 
@@ -483,7 +483,7 @@ as they will be formally deprecated in a future releases.
 
 =head1 COPYRIGHT
 
-Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

doc/man3/PKCS7_verify.pod

@@ -91,7 +91,7 @@ useful if one merely wishes to write the content to B<out> and its validity
 is not considered important.
 
 Chain verification should arguably be performed  using the signing time rather
-than the current time. However since the signing time is supplied by the
+than the current time. However, since the signing time is supplied by the
 signer it cannot be trusted without additional evidence (such as a trusted
 timestamp).
 
@@ -119,7 +119,7 @@ L<ERR_get_error(3)>, L<PKCS7_sign(3)>
 
 =head1 COPYRIGHT
 
-Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2002-2020 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

doc/man3/RAND_DRBG_new.pod

@@ -56,7 +56,7 @@ its type and to instantiate it.
 
 The optional B<flags> argument specifies a set of bit flags which can be
 joined using the | operator. Currently, the only flag is
-RAND_DRBG_FLAG_CTR_NO_DF, which disables the use of a the derivation function
+RAND_DRBG_FLAG_CTR_NO_DF, which disables the use of the derivation function
 ctr_df. For an explanation, see [NIST SP 800-90A Rev. 1].
 
 If a B<parent> instance is specified then this will be used instead of
@@ -117,7 +117,7 @@ The RAND_DRBG functions were added in OpenSSL 1.1.1.
 
 =head1 COPYRIGHT
 
-Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

doc/man3/RAND_DRBG_set_callbacks.pod

@@ -77,7 +77,7 @@ does not satisfy the conditions requested by [NIST SP 800-90C], then
 it must also indicate an error by returning a buffer length of 0.
 See NOTES section for more details.
 
-The B<cleanup_entropy>() callback is called from the B<drbg> to to clear and
+The B<cleanup_entropy>() callback is called from the B<drbg> to clear and
 free the buffer allocated previously by get_entropy().
 The values B<out> and B<outlen> are the random buffer's address and length,
 as returned by the get_entropy() callback.
@@ -136,7 +136,7 @@ The RAND_DRBG functions were added in OpenSSL 1.1.1.
 
 =head1 COPYRIGHT
 
-Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

doc/man3/RAND_add.pod

@@ -62,7 +62,7 @@ usage by the random seed sources. Some seed sources maintain open file
 descriptors by default, which allows such sources to operate in a
 chroot(2) jail without the associated device nodes being available. When
 the B<keep> argument is zero, this call disables the retention of file
-descriptors. Conversely, a non-zero argument enables the retention of
+descriptors. Conversely, a nonzero argument enables the retention of
 file descriptors. This function is usually called during initialization
 and it takes effect immediately.
 
@@ -94,7 +94,7 @@ not be used.
 
 =head1 COPYRIGHT
 
-Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

doc/man3/RAND_load_file.pod

@@ -17,7 +17,7 @@ RAND_load_file, RAND_write_file, RAND_file_name - PRNG seed file
 =head1 DESCRIPTION
 
 RAND_load_file() reads a number of bytes from file B<filename> and
-adds them to the PRNG. If B<max_bytes> is non-negative,
+adds them to the PRNG. If B<max_bytes> is nonnegative,
 up to B<max_bytes> are read;
 if B<max_bytes> is -1, the complete file is read.
 Do not load the same file multiple times unless its contents have
@@ -37,7 +37,7 @@ file. B<buf> points to a buffer of size B<num> in which to store the
 filename.
 
 On all systems, if the environment variable B<RANDFILE> is set, its
-value will be used as the seed file name.
+value will be used as the seed filename.
 Otherwise, the file is called C<.rnd>, found in platform dependent locations:
 
 =over 4
@@ -57,7 +57,7 @@ Otherwise, the file is called C<.rnd>, found in platform dependent locations:
 =back
 
 If C<$HOME> (on non-Windows and non-VMS system) is not set either, or
-B<num> is too small for the path name, an error occurs.
+B<num> is too small for the pathname, an error occurs.
 
 =head1 RETURN VALUES
 
@@ -77,7 +77,7 @@ L<RAND(7)>
 
 =head1 COPYRIGHT
 
-Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

doc/man3/RSA_blinding_on.pod

@@ -19,7 +19,7 @@ measure the time of RSA decryption or signature operations, blinding
 must be used to protect the RSA operation from that attack.
 
 RSA_blinding_on() turns blinding on for key B<rsa> and generates a
-random blinding factor. B<ctx> is B<NULL> or a pre-allocated and
+random blinding factor. B<ctx> is B<NULL> or a preallocated and
 initialized B<BN_CTX>.
 
 RSA_blinding_off() turns blinding off and frees the memory used for
@@ -33,7 +33,7 @@ RSA_blinding_off() returns no value.
 
 =head1 COPYRIGHT
 
-Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

doc/man3/RSA_private_encrypt.pod

@@ -2,7 +2,7 @@
 
 =head1 NAME
 
-RSA_private_encrypt, RSA_public_decrypt - low level signature operations
+RSA_private_encrypt, RSA_public_decrypt - low-level signature operations
 
 =head1 SYNOPSIS
 
@@ -16,7 +16,7 @@ RSA_private_encrypt, RSA_public_decrypt - low level signature operations
 
 =head1 DESCRIPTION
 
-These functions handle RSA signatures at a low level.
+These functions handle RSA signatures at a low-level.
 
 RSA_private_encrypt() signs the B<flen> bytes at B<from> (usually a
 message digest with an algorithm identifier) using the private key
@@ -64,7 +64,7 @@ L<RSA_sign(3)>, L<RSA_verify(3)>
 
 =head1 COPYRIGHT
 
-Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

doc/man3/RSA_set_method.pod

@@ -51,7 +51,7 @@ RSA_set_method() selects B<meth> to perform all operations using the key
 B<rsa>. This will replace the RSA_METHOD used by the RSA key and if the
 previous method was supplied by an ENGINE, the handle to that ENGINE will
 be released during the change. It is possible to have RSA keys that only
-work with certain RSA_METHOD implementations (eg. from an ENGINE module
+work with certain RSA_METHOD implementations (e.g. from an ENGINE module
 that supports embedded hardware-protected keys), and in such cases
 attempting to change the RSA_METHOD for the key can have unexpected
 results.
@@ -176,7 +176,7 @@ was replaced to always return NULL in OpenSSL 1.1.1.
 
 =head1 COPYRIGHT
 
-Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

doc/man3/SHA256_Init.pod

@@ -75,9 +75,6 @@ SHA512_DIGEST_LENGTH). Also note that, as for the SHA1() function above, the
 SHA224(), SHA256(), SHA384() and SHA512() functions are not thread safe if
 B<md> is NULL.
 
-The predecessor of SHA-1, SHA, is also implemented, but it should be
-used only when backward compatibility is required.
-
 =head1 RETURN VALUES
 
 SHA1(), SHA224(), SHA256(), SHA384() and SHA512() return a pointer to the hash
@@ -98,7 +95,7 @@ L<EVP_DigestInit(3)>
 
 =head1 COPYRIGHT
 
-Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

doc/man3/SSL_CONF_cmd.pod

@@ -79,7 +79,7 @@ B<ClientHello>.
 
 The B<value> argument is a colon separated list of groups. The group can be
 either the B<NIST> name (e.g. B<P-256>), some other commonly used name where
-applicable (e.g. B<X25519>) or an OpenSSL OID name (e.g B<prime256v1>). Group
+applicable (e.g. B<X25519>) or an OpenSSL OID name (e.g. B<prime256v1>). Group
 names are case sensitive. The list should be in order of preference with the
 most preferred group first.
 
@@ -95,7 +95,7 @@ servers
 The B<value> argument is a curve name or the special value B<auto> which
 picks an appropriate curve based on client and server preferences. The curve
 can be either the B<NIST> name (e.g. B<P-256>) or an OpenSSL OID name
-(e.g B<prime256v1>). Curve names are case sensitive.
+(e.g. B<prime256v1>). Curve names are case sensitive.
 
 =item B<-cipher>
 
@@ -147,13 +147,16 @@ B<SSL_OP_NO_RENEGOTIATION>.
 =item B<-min_protocol>, B<-max_protocol>
 
 Sets the minimum and maximum supported protocol.
-Currently supported protocol values are B<SSLv3>, B<TLSv1>,
-B<TLSv1.1>, B<TLSv1.2>, B<TLSv1.3> for TLS and B<DTLSv1>, B<DTLSv1.2> for DTLS,
-and B<None> for no limit.
-If either bound is not specified then only the other bound applies,
-if specified.
-To restrict the supported protocol versions use these commands rather
-than the deprecated alternative commands below.
+Currently supported protocol values are B<SSLv3>, B<TLSv1>, B<TLSv1.1>,
+B<TLSv1.2>, B<TLSv1.3> for TLS; B<DTLSv1>, B<DTLSv1.2> for DTLS, and B<None>
+for no limit.
+If either the lower or upper bound is not specified then only the other bound
+applies, if specified.
+If your application supports both TLS and DTLS you can specify any of these
+options twice, once with a bound for TLS and again with an appropriate bound
+for DTLS.
+To restrict the supported protocol versions use these commands rather than the
+deprecated alternative commands below.
 
 =item B<-no_ssl3>, B<-no_tls1>, B<-no_tls1_1>, B<-no_tls1_2>, B<-no_tls1_3>
 
@@ -356,7 +359,7 @@ B<ClientHello>.
 
 The B<value> argument is a colon separated list of groups. The group can be
 either the B<NIST> name (e.g. B<P-256>), some other commonly used name where
-applicable (e.g. B<X25519>) or an OpenSSL OID name (e.g B<prime256v1>). Group
+applicable (e.g. B<X25519>) or an OpenSSL OID name (e.g. B<prime256v1>). Group
 names are case sensitive. The list should be in order of preference with the
 most preferred group first.
 
@@ -370,7 +373,11 @@ This sets the minimum supported SSL, TLS or DTLS version.
 
 Currently supported protocol values are B<SSLv3>, B<TLSv1>, B<TLSv1.1>,
 B<TLSv1.2>, B<TLSv1.3>, B<DTLSv1> and B<DTLSv1.2>.
-The value B<None> will disable the limit.
+The SSL and TLS bounds apply only to TLS-based contexts, while the DTLS bounds
+apply only to DTLS-based contexts.
+The command can be repeated with one instance setting a TLS bound, and the
+other setting a DTLS bound.
+The value B<None> applies to both types of contexts and disables the limits.
 
 =item B<MaxProtocol>
 
@@ -378,7 +385,11 @@ This sets the maximum supported SSL, TLS or DTLS version.
 
 Currently supported protocol values are B<SSLv3>, B<TLSv1>, B<TLSv1.1>,
 B<TLSv1.2>, B<TLSv1.3>, B<DTLSv1> and B<DTLSv1.2>.
-The value B<None> will disable the limit.
+The SSL and TLS bounds apply only to TLS-based contexts, while the DTLS bounds
+apply only to DTLS-based contexts.
+The command can be repeated with one instance setting a TLS bound, and the
+other setting a DTLS bound.
+The value B<None> applies to both types of contexts and disables the limits.
 
 =item B<Protocol>
 
@@ -537,7 +548,7 @@ The value is a string without any specific structure.
 
 =item B<SSL_CONF_TYPE_FILE>
 
-The value is a file name.
+The value is a filename.
 
 =item B<SSL_CONF_TYPE_DIR>
 
@@ -683,7 +694,7 @@ B<AllowNoDHEKEX> and B<PrioritizeChaCha> were added in OpenSSL 1.1.1.
 
 =head1 COPYRIGHT
 
-Copyright 2012-2019 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2012-2020 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

doc/man3/SSL_CTX_dane_enable.pod

@@ -122,7 +122,7 @@ SSL_get0_dane_tlsa() can be used to retrieve the fields of the TLSA record that
 matched the peer certificate chain.
 The return value indicates the match depth or failure to match just as with
 SSL_get0_dane_authority().
-When the return value is non-negative, the storage pointed to by the B<usage>,
+When the return value is nonnegative, the storage pointed to by the B<usage>,
 B<selector>, B<mtype> and B<data> parameters is updated to the corresponding
 TLSA record fields.
 The B<data> field is in binary wire form, and is therefore not NUL-terminated,
@@ -136,7 +136,7 @@ SSL_CTX_dane_set_flags() and SSL_dane_set_flags() can be used to enable
 optional DANE verification features.
 SSL_CTX_dane_clear_flags() and SSL_dane_clear_flags() can be used to disable
 the same features.
-The B<flags> argument is a bitmask of the features to enable or disable.
+The B<flags> argument is a bit mask of the features to enable or disable.
 The B<flags> set for an B<SSL_CTX> context are copied to each B<SSL> handle
 associated with that context at the time the handle is created.
 Subsequent changes in the context's B<flags> have no effect on the B<flags> set
@@ -173,7 +173,7 @@ certificate or a public key that fails to parse.
 
 The functions SSL_get0_dane_authority() and SSL_get0_dane_tlsa() return a
 negative value when DANE authentication failed or was not enabled, a
-non-negative value indicates the chain depth at which the TLSA record matched a
+nonnegative value indicates the chain depth at which the TLSA record matched a
 chain certificate, or the depth of the top-most certificate, when the TLSA
 record is a full public key that is its signer.
 
@@ -372,7 +372,7 @@ These functions were added in OpenSSL 1.1.0.
 
 =head1 COPYRIGHT
 
-Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

doc/man3/SSL_CTX_set_alpn_select_cb.pod

@@ -114,7 +114,7 @@ provided by the callback.
 =head1 NOTES
 
 The protocol-lists must be in wire-format, which is defined as a vector of
-non-empty, 8-bit length-prefixed, byte strings. The length-prefix byte is not
+nonempty, 8-bit length-prefixed, byte strings. The length-prefix byte is not
 included in the length. Each string is limited to 255 bytes. A byte-string
 length of 0 is invalid. A truncated byte-string is invalid. The length of the
 vector is not in the vector itself, but in a separate variable.
@@ -187,7 +187,7 @@ L<SSL_CTX_set_tlsext_servername_arg(3)>
 
 =head1 COPYRIGHT
 
-Copyright 2016-2017 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

doc/man3/SSL_CTX_set_generate_session_id.pod

@@ -108,8 +108,8 @@ server id given, and will fill the rest with pseudo random bytes:
          /*
           * Prefix the session_id with the required prefix. NB: If our
           * prefix is too long, clip it - but there will be worse effects
-          * anyway, eg. the server could only possibly create 1 session
-          * ID (ie. the prefix!) so all future session negotiations will
+          * anyway, e.g. the server could only possibly create 1 session
+          * ID (i.e. the prefix!) so all future session negotiations will
           * fail due to conflicts.
           */
          memcpy(id, session_id_prefix, strlen(session_id_prefix) < *id_len ?
@@ -128,7 +128,7 @@ L<ssl(7)>, L<SSL_get_version(3)>
 
 =head1 COPYRIGHT
 
-Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

doc/man3/SSL_CTX_set_info_callback.pod

@@ -50,7 +50,7 @@ the callback function was called. If B<ret> is 0, an error condition occurred.
 If an alert is handled, SSL_CB_ALERT is set and B<ret> specifies the alert
 information.
 
-B<where> is a bitmask made up of the following bits:
+B<where> is a bit mask made up of the following bits:
 
 =over 4
 
@@ -64,7 +64,7 @@ per state in some situations.
 
 Callback has been called to indicate exit of a handshake function. This will
 happen after the end of a handshake, but may happen at other times too such as
-on error or when IO might otherwise block and non-blocking is being used.
+on error or when IO might otherwise block and nonblocking is being used.
 
 =item SSL_CB_READ
 
@@ -156,7 +156,7 @@ L<SSL_alert_type_string(3)>
 
 =head1 COPYRIGHT
 
-Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

doc/man3/SSL_CTX_set_max_cert_list.pod

@@ -39,7 +39,7 @@ received from a faulty or malicious peer, a maximum size for the certificate
 chain is set.
 
 The default value for the maximum certificate chain size is 100kB (30kB
-on the 16bit DOS platform). This should be sufficient for usual certificate
+on the 16-bit DOS platform). This should be sufficient for usual certificate
 chains (OpenSSL's default maximum chain length is 10, see
 L<SSL_CTX_set_verify(3)>, and certificates
 without special extensions have a typical size of 1-2kB).
@@ -72,7 +72,7 @@ L<SSL_CTX_set_verify(3)>
 
 =head1 COPYRIGHT
 
-Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

doc/man3/SSL_CTX_set_mode.pod

@@ -18,13 +18,13 @@ SSL_CTX_set_mode, SSL_CTX_clear_mode, SSL_set_mode, SSL_clear_mode, SSL_CTX_get_
 
 =head1 DESCRIPTION
 
-SSL_CTX_set_mode() adds the mode set via bitmask in B<mode> to B<ctx>.
+SSL_CTX_set_mode() adds the mode set via bit mask in B<mode> to B<ctx>.
 Options already set before are not cleared.
-SSL_CTX_clear_mode() removes the mode set via bitmask in B<mode> from B<ctx>.
+SSL_CTX_clear_mode() removes the mode set via bit mask in B<mode> from B<ctx>.
 
-SSL_set_mode() adds the mode set via bitmask in B<mode> to B<ssl>.
+SSL_set_mode() adds the mode set via bit mask in B<mode> to B<ssl>.
 Options already set before are not cleared.
-SSL_clear_mode() removes the mode set via bitmask in B<mode> from B<ssl>.
+SSL_clear_mode() removes the mode set via bit mask in B<mode> from B<ssl>.
 
 SSL_CTX_get_mode() returns the mode set for B<ctx>.
 
@@ -50,8 +50,8 @@ the behaviour of write().
 
 Make it possible to retry SSL_write_ex() or SSL_write() with changed buffer
 location (the buffer contents must stay the same). This is not the default to
-avoid the misconception that non-blocking SSL_write() behaves like
-non-blocking write().
+avoid the misconception that nonblocking SSL_write() behaves like
+nonblocking write().
 
 =item SSL_MODE_AUTO_RETRY
 
@@ -64,9 +64,9 @@ If such a non-application data record was processed, the flag
 B<SSL_MODE_AUTO_RETRY> causes it to try to process the next record instead of
 returning.
 
-In a non-blocking environment applications must be prepared to handle
+In a nonblocking environment applications must be prepared to handle
 incomplete read/write operations.
-Setting B<SSL_MODE_AUTO_RETRY> for a non-blocking B<BIO> will process
+Setting B<SSL_MODE_AUTO_RETRY> for a nonblocking B<BIO> will process
 non-application data records until either no more data is available or
 an application data record has been processed.
 
@@ -121,10 +121,10 @@ default since 1.1.1.
 
 =head1 RETURN VALUES
 
-SSL_CTX_set_mode() and SSL_set_mode() return the new mode bitmask
+SSL_CTX_set_mode() and SSL_set_mode() return the new mode bit mask
 after adding B<mode>.
 
-SSL_CTX_get_mode() and SSL_get_mode() return the current bitmask.
+SSL_CTX_get_mode() and SSL_get_mode() return the current bit mask.
 
 =head1 SEE ALSO
 
@@ -137,7 +137,7 @@ SSL_MODE_ASYNC was added in OpenSSL 1.1.0.
 
 =head1 COPYRIGHT
 
-Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

doc/man3/SSL_CTX_set_options.pod

@@ -23,16 +23,16 @@ SSL_get_secure_renegotiation_support - manipulate SSL options
 
 =head1 DESCRIPTION
 
-SSL_CTX_set_options() adds the options set via bitmask in B<options> to B<ctx>.
+SSL_CTX_set_options() adds the options set via bit mask in B<options> to B<ctx>.
 Options already set before are not cleared!
 
-SSL_set_options() adds the options set via bitmask in B<options> to B<ssl>.
+SSL_set_options() adds the options set via bit mask in B<options> to B<ssl>.
 Options already set before are not cleared!
 
-SSL_CTX_clear_options() clears the options set via bitmask in B<options>
+SSL_CTX_clear_options() clears the options set via bit mask in B<options>
 to B<ctx>.
 
-SSL_clear_options() clears the options set via bitmask in B<options> to B<ssl>.
+SSL_clear_options() clears the options set via bit mask in B<options> to B<ssl>.
 
 SSL_CTX_get_options() returns the options set for B<ctx>.
 
@@ -45,7 +45,7 @@ Note, this is implemented via a macro.
 =head1 NOTES
 
 The behaviour of the SSL library can be changed by setting several options.
-The options are coded as bitmasks and can be combined by a bitwise B<or>
+The options are coded as bit masks and can be combined by a bitwise B<or>
 operation (|).
 
 SSL_CTX_set_options() and SSL_set_options() affect the (external)
@@ -161,7 +161,7 @@ the session. In this way the server can operate statelessly - no session
 information needs to be cached locally.
 
 The TLSv1.3 protocol only supports tickets and does not directly support session
-ids. However OpenSSL allows two modes of ticket operation in TLSv1.3: stateful
+ids. However, OpenSSL allows two modes of ticket operation in TLSv1.3: stateful
 and stateless. Stateless tickets work the same way as in TLSv1.2 and below.
 Stateful tickets mimic the session id behaviour available in TLSv1.2 and below.
 The session information is cached on the server and the session id is wrapped up
@@ -340,13 +340,13 @@ and renegotiation between OpenSSL and unpatched clients or servers.
 
 =head1 RETURN VALUES
 
-SSL_CTX_set_options() and SSL_set_options() return the new options bitmask
+SSL_CTX_set_options() and SSL_set_options() return the new options bit mask
 after adding B<options>.
 
-SSL_CTX_clear_options() and SSL_clear_options() return the new options bitmask
+SSL_CTX_clear_options() and SSL_clear_options() return the new options bit mask
 after clearing B<options>.
 
-SSL_CTX_get_options() and SSL_get_options() return the current bitmask.
+SSL_CTX_get_options() and SSL_get_options() return the current bit mask.
 
 SSL_get_secure_renegotiation_support() returns 1 is the peer supports
 secure renegotiation and 0 if it does not.
@@ -368,7 +368,7 @@ were added in OpenSSL 1.1.1.
 
 =head1 COPYRIGHT
 
-Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

doc/man3/SSL_CTX_set_psk_client_callback.pod

@@ -123,7 +123,9 @@ and it will use that in preference. If no such callback is present then it will
 check to see if a callback has been set via SSL_CTX_set_psk_client_callback() or
 SSL_set_psk_client_callback() and use that. In this case the B<hint> value will
 always be NULL and the handshake digest will default to SHA-256 for any returned
-PSK.
+PSK. TLSv1.3 early data exchanges are possible in PSK connections only with the
+B<SSL_psk_use_session_cb_func> callback, and are not possible with the
+B<SSL_psk_client_cb_func> callback.
 
 =head1 NOTES
 
@@ -133,7 +135,7 @@ A connection established via a TLSv1.3 PSK will appear as if session resumption
 has occurred so that L<SSL_session_reused(3)> will return true.
 
 There are no known security issues with sharing the same PSK between TLSv1.2 (or
-below) and TLSv1.3. However the RFC has this note of caution:
+below) and TLSv1.3. However, the RFC has this note of caution:
 
 "While there is no known way in which the same PSK might produce related output
 in both versions, only limited analysis has been done.  Implementations can
@@ -166,7 +168,7 @@ were added in OpenSSL 1.1.1.
 
 =head1 COPYRIGHT
 
-Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

doc/man3/SSL_CTX_set_read_ahead.pod

@@ -21,7 +21,7 @@ SSL_CTX_get_default_read_ahead
 =head1 DESCRIPTION
 
 SSL_CTX_set_read_ahead() and SSL_set_read_ahead() set whether we should read as
-many input bytes as possible (for non-blocking reads) or not. For example if
+many input bytes as possible (for nonblocking reads) or not. For example if
 B<x> bytes are currently required by OpenSSL, but B<y> bytes are available from
 the underlying BIO (where B<y> > B<x>), then OpenSSL will read all B<y> bytes
 into its buffer (providing that the buffer is large enough) if reading ahead is
@@ -64,7 +64,7 @@ L<ssl(7)>, L<SSL_pending(3)>
 
 =head1 COPYRIGHT
 
-Copyright 2015-2019 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

doc/man3/SSL_CTX_set_security_level.pod

@@ -114,12 +114,6 @@ I<Documentation to be provided.>
 
 =head1 NOTES
 
-B<WARNING> at this time setting the security level higher than 1 for
-general internet use is likely to cause B<considerable> interoperability
-issues and is not recommended. This is because the B<SHA1> algorithm
-is very widely used in certificates and will be rejected at levels
-higher than 1 because it only offers 80 bits of security.
-
 The default security level can be configured when OpenSSL is compiled by
 setting B<-DOPENSSL_TLS_SECURITY_LEVEL=level>. If not set then 1 is used.
 
@@ -180,7 +174,7 @@ These functions were added in OpenSSL 1.1.0.
 
 =head1 COPYRIGHT
 
-Copyright 2014-2018 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2014-2020 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

doc/man3/SSL_CTX_set_session_cache_mode.pod

@@ -96,7 +96,7 @@ session caching (callback) that is configured for the SSL_CTX. This flag will
 prevent sessions being stored in the internal cache (though the application can
 add them manually using L<SSL_CTX_add_session(3)>). Note:
 in any SSL/TLS servers where external caching is configured, any successful
-session lookups in the external cache (ie. for session-resume requests) would
+session lookups in the external cache (i.e. for session-resume requests) would
 normally be copied into the local cache before processing continues - this flag
 prevents these additions to the internal cache as well.
 
@@ -131,7 +131,7 @@ L<SSL_CTX_flush_sessions(3)>
 
 =head1 COPYRIGHT
 
-Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

doc/man3/SSL_CTX_set_session_id_context.pod

@@ -26,7 +26,7 @@ B<sid_ctx_len> within which a session can be reused for the B<ssl> object.
 Sessions are generated within a certain context. When exporting/importing
 sessions with B<i2d_SSL_SESSION>/B<d2i_SSL_SESSION> it would be possible,
 to re-import a session generated from another context (e.g. another
-application), which might lead to malfunctions. Therefore each application
+application), which might lead to malfunctions. Therefore, each application
 must set its own session id context B<sid_ctx> which is used to distinguish
 the contexts and is stored in exported sessions. The B<sid_ctx> can be
 any kind of binary data with a given length, it is therefore possible
@@ -82,7 +82,7 @@ L<ssl(7)>
 
 =head1 COPYRIGHT
 
-Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

doc/man3/SSL_CTX_set_session_ticket_cb.pod

@@ -107,7 +107,7 @@ The return value can be any of these values:
 
 The handshake should be aborted, either because of an error or because of some
 policy. Note that in TLSv1.3 a client may send more than one ticket in a single
-handshake. Therefore just because one ticket is unacceptable it does not mean
+handshake. Therefore, just because one ticket is unacceptable it does not mean
 that all of them are. For this reason this option should be used with caution.
 
 =item SSL_TICKET_RETURN_IGNORE
@@ -177,12 +177,12 @@ L<SSL_get_session(3)>
 
 =head1 HISTORY
 
-The SSL_CTX_set_session_ticket_cb(), SSSL_SESSION_set1_ticket_appdata()
+The SSL_CTX_set_session_ticket_cb(), SSL_SESSION_set1_ticket_appdata()
 and SSL_SESSION_get_ticket_appdata() functions were added in OpenSSL 1.1.1.
 
 =head1 COPYRIGHT
 
-Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

doc/man3/SSL_CTX_set_split_send_fragment.pod

@@ -41,7 +41,7 @@ capability is known as "pipelining" within OpenSSL.
 
 In order to benefit from the pipelining capability. You need to have an engine
 that provides ciphers that support this. The OpenSSL "dasync" engine provides
-AES128-SHA based ciphers that have this capability. However these are for
+AES128-SHA based ciphers that have this capability. However, these are for
 development and test purposes only.
 
 SSL_CTX_set_max_send_fragment() and SSL_set_max_send_fragment() set the
@@ -178,7 +178,7 @@ and SSL_SESSION_get_max_fragment_length() functions were added in OpenSSL 1.1.1.
 
 =head1 COPYRIGHT
 
-Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

doc/man3/SSL_CTX_set_tlsext_servername_callback.pod

@@ -51,7 +51,7 @@ value is initialised to SSL_AD_UNRECOGNIZED_NAME.
 =item SSL_TLSEXT_ERR_ALERT_WARNING
 
 If this value is returned then the servername is not accepted by the server.
-However the handshake will continue and send a warning alert instead. The value
+However, the handshake will continue and send a warning alert instead. The value
 of the alert should be stored in the location pointed to by the B<al> parameter
 as for SSL_TLSEXT_ERR_ALERT_FATAL above. Note that TLSv1.3 does not support
 warning alerts, so if TLSv1.3 has been negotiated then this return value is
@@ -88,7 +88,7 @@ Otherwise it returns NULL.
 =item On the client, during or after the handshake and a TLSv1.2 (or below)
 resumption occurred
 
-If the session from the orignal handshake had a servername accepted by the
+If the session from the original handshake had a servername accepted by the
 server then it will return that servername.
 
 Otherwise it returns the servername set via SSL_set_tlsext_host_name() or NULL
@@ -157,12 +157,12 @@ corner cases. This has been fixed from OpenSSL 1.1.1e.
 
 Prior to 1.1.1e, when the client requested a servername in an initial TLSv1.2
 handshake, the server accepted it, and then the client successfully resumed but
-set a different explict servername in the second handshake then when called by
+set a different explicit servername in the second handshake then when called by
 the client it returned the servername from the second handshake. This has now
 been changed to return the servername requested in the original handshake.
 
 Also prior to 1.1.1e, if the client sent a servername in the first handshake but
-the server did not accept it, and then a second handshake occured where TLSv1.2
+the server did not accept it, and then a second handshake occurred where TLSv1.2
 resumption was successful then when called by the server it returned the
 servername requested in the original handshake. This has now been changed to
 NULL.

doc/man3/SSL_CTX_set_tlsext_ticket_key_cb.pod

@@ -136,6 +136,8 @@ Reference Implementation:
                                      unsigned char *iv, EVP_CIPHER_CTX *ctx,
                                      HMAC_CTX *hctx, int enc)
  {
+     your_type_t *key; /* something that you need to implement */
+
      if (enc) { /* create new session */
          if (RAND_bytes(iv, EVP_MAX_IV_LENGTH) <= 0)
              return -1; /* insufficient random */
@@ -154,21 +156,22 @@ Reference Implementation:
          }
          memcpy(key_name, key->name, 16);
 
-         EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, key->aes_key, iv);
-         HMAC_Init_ex(&hctx, key->hmac_key, 16, EVP_sha256(), NULL);
+         EVP_EncryptInit_ex(&ctx, EVP_aes_256_cbc(), NULL, key->aes_key, iv);
+         HMAC_Init_ex(&hctx, key->hmac_key, 32, EVP_sha256(), NULL);
 
          return 1;
 
      } else { /* retrieve session */
-         key = findkey(name);
+         time_t t = time(NULL);
+         key = findkey(key_name); /* something that you need to implement */
 
-         if (key == NULL || key->expire < now())
+         if (key == NULL || key->expire < t)
              return 0;
 
-         HMAC_Init_ex(&hctx, key->hmac_key, 16, EVP_sha256(), NULL);
-         EVP_DecryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, key->aes_key, iv);
+         HMAC_Init_ex(&hctx, key->hmac_key, 32, EVP_sha256(), NULL);
+         EVP_DecryptInit_ex(&ctx, EVP_aes_256_cbc(), NULL, key->aes_key, iv);
 
-         if (key->expire < now() - RENEW_TIME) {
+         if (key->expire < t - RENEW_TIME) { /* RENEW_TIME: implement */
              /*
               * return 2 - This session will get a new ticket even though the
               * current one is still valid.
@@ -190,7 +193,7 @@ L<SSL_CTX_set_session_id_context(3)>,
 
 =head1 COPYRIGHT
 
-Copyright 2014-2019 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2014-2020 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

doc/man3/SSL_CTX_use_psk_identity_hint.pod

@@ -83,7 +83,9 @@ via SSL_CTX_set_psk_find_session_callback() or SSL_set_psk_find_session_callback
 and it will use that in preference. If no such callback is present then it will
 check to see if a callback has been set via SSL_CTX_set_psk_server_callback() or
 SSL_set_psk_server_callback() and use that. In this case the handshake digest
-will default to SHA-256 for any returned PSK.
+will default to SHA-256 for any returned PSK. TLSv1.3 early data exchanges are
+possible in PSK connections only with the B<SSL_psk_find_session_cb_func>
+callback, and are not possible with the B<SSL_psk_server_cb_func> callback.
 
 =head1 NOTES
 
@@ -126,7 +128,7 @@ failure. In the event of failure the connection setup fails.
 =head1 NOTES
 
 There are no known security issues with sharing the same PSK between TLSv1.2 (or
-below) and TLSv1.3. However the RFC has this note of caution:
+below) and TLSv1.3. However, the RFC has this note of caution:
 
 "While there is no known way in which the same PSK might produce related output
 in both versions, only limited analysis has been done.  Implementations can
@@ -145,7 +147,7 @@ were added in OpenSSL 1.1.1.
 
 =head1 COPYRIGHT
 
-Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

doc/man3/SSL_accept.pod

@@ -23,14 +23,14 @@ The behaviour of SSL_accept() depends on the underlying BIO.
 If the underlying BIO is B<blocking>, SSL_accept() will only return once the
 handshake has been finished or an error occurred.
 
-If the underlying BIO is B<non-blocking>, SSL_accept() will also return
+If the underlying BIO is B<nonblocking>, SSL_accept() will also return
 when the underlying BIO could not satisfy the needs of SSL_accept()
 to continue the handshake, indicating the problem by the return value -1.
 In this case a call to SSL_get_error() with the
 return value of SSL_accept() will yield B<SSL_ERROR_WANT_READ> or
 B<SSL_ERROR_WANT_WRITE>. The calling process then must repeat the call after
 taking appropriate action to satisfy the needs of SSL_accept().
-The action depends on the underlying BIO. When using a non-blocking socket,
+The action depends on the underlying BIO. When using a nonblocking socket,
 nothing is to be done, but select() can be used to check for the required
 condition. When using a buffering BIO, like a BIO pair, data must be written
 into or retrieved out of the BIO before being able to continue.
@@ -57,7 +57,7 @@ established.
 The TLS/SSL handshake was not successful because a fatal error occurred either
 at the protocol level or a connection failure occurred. The shutdown was
 not clean. It can also occur if action is needed to continue the operation
-for non-blocking BIOs. Call SSL_get_error() with the return value B<ret>
+for nonblocking BIOs. Call SSL_get_error() with the return value B<ret>
 to find out the reason.
 
 =back

doc/man3/SSL_alloc_buffers.pod

@@ -22,7 +22,7 @@ control when buffers are freed and allocated.
 
 After freeing the buffers, the buffers are automatically reallocated upon a
 new read or write. The SSL_alloc_buffers() does not need to be called, but
-can be used to make sure the buffers are pre-allocated. This can be used to
+can be used to make sure the buffers are preallocated. This can be used to
 avoid allocation during data processing or with CRYPTO_set_mem_functions()
 to control where and how buffers are allocated.
 
@@ -57,7 +57,7 @@ L<CRYPTO_set_mem_functions>
 
 =head1 COPYRIGHT
 
-Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

doc/man3/SSL_connect.pod

@@ -23,14 +23,14 @@ The behaviour of SSL_connect() depends on the underlying BIO.
 If the underlying BIO is B<blocking>, SSL_connect() will only return once the
 handshake has been finished or an error occurred.
 
-If the underlying BIO is B<non-blocking>, SSL_connect() will also return
+If the underlying BIO is B<nonblocking>, SSL_connect() will also return
 when the underlying BIO could not satisfy the needs of SSL_connect()
 to continue the handshake, indicating the problem by the return value -1.
 In this case a call to SSL_get_error() with the
 return value of SSL_connect() will yield B<SSL_ERROR_WANT_READ> or
 B<SSL_ERROR_WANT_WRITE>. The calling process then must repeat the call after
 taking appropriate action to satisfy the needs of SSL_connect().
-The action depends on the underlying BIO. When using a non-blocking socket,
+The action depends on the underlying BIO. When using a nonblocking socket,
 nothing is to be done, but select() can be used to check for the required
 condition. When using a buffering BIO, like a BIO pair, data must be written
 into or retrieved out of the BIO before being able to continue.
@@ -72,7 +72,7 @@ established.
 The TLS/SSL handshake was not successful, because a fatal error occurred either
 at the protocol level or a connection failure occurred. The shutdown was
 not clean. It can also occur if action is needed to continue the operation
-for non-blocking BIOs. Call SSL_get_error() with the return value B<ret>
+for nonblocking BIOs. Call SSL_get_error() with the return value B<ret>
 to find out the reason.
 
 =back

doc/man3/SSL_do_handshake.pod

@@ -25,13 +25,13 @@ The behaviour of SSL_do_handshake() depends on the underlying BIO.
 If the underlying BIO is B<blocking>, SSL_do_handshake() will only return
 once the handshake has been finished or an error occurred.
 
-If the underlying BIO is B<non-blocking>, SSL_do_handshake() will also return
+If the underlying BIO is B<nonblocking>, SSL_do_handshake() will also return
 when the underlying BIO could not satisfy the needs of SSL_do_handshake()
 to continue the handshake. In this case a call to SSL_get_error() with the
 return value of SSL_do_handshake() will yield B<SSL_ERROR_WANT_READ> or
 B<SSL_ERROR_WANT_WRITE>. The calling process then must repeat the call after
 taking appropriate action to satisfy the needs of SSL_do_handshake().
-The action depends on the underlying BIO. When using a non-blocking socket,
+The action depends on the underlying BIO. When using a nonblocking socket,
 nothing is to be done, but select() can be used to check for the required
 condition. When using a buffering BIO, like a BIO pair, data must be written
 into or retrieved out of the BIO before being able to continue.
@@ -58,7 +58,7 @@ established.
 The TLS/SSL handshake was not successful because a fatal error occurred either
 at the protocol level or a connection failure occurred. The shutdown was
 not clean. It can also occur if action is needed to continue the operation
-for non-blocking BIOs. Call SSL_get_error() with the return value B<ret>
+for nonblocking BIOs. Call SSL_get_error() with the return value B<ret>
 to find out the reason.
 
 =back

doc/man3/SSL_get_all_async_fds.pod

@@ -32,7 +32,7 @@ appearing as "read ready" on the file descriptor (no actual data should be read
 from the file descriptor). This function should only be called if the SSL object
 is currently waiting for asynchronous work to complete (i.e.
 SSL_ERROR_WANT_ASYNC has been received - see L<SSL_get_error(3)>). Typically the
-list will only contain one file descriptor. However if multiple asynchronous
+list will only contain one file descriptor. However, if multiple asynchronous
 capable engines are in use then more than one is possible. The number of file
 descriptors returned is stored in B<*numfds> and the file descriptors themselves
 are in B<*fds>. The B<fds> parameter may be NULL in which case no file
@@ -63,7 +63,7 @@ SSL_get_all_async_fds() and SSL_get_changed_async_fds() return 1 on success or
 On Windows platforms the openssl/async.h header is dependent on some
 of the types customarily made available by including windows.h. The
 application developer is likely to require control over when the latter
-is included, commonly as one of the first included headers. Therefore
+is included, commonly as one of the first included headers. Therefore,
 it is defined as an application developer's responsibility to include
 windows.h prior to async.h.
 
@@ -78,7 +78,7 @@ and SSL_get_changed_async_fds() functions were added in OpenSSL 1.1.0.
 
 =head1 COPYRIGHT
 
-Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

doc/man3/SSL_get_error.pod

@@ -49,7 +49,7 @@ indicate that the underlying transport has been closed.
 The operation did not complete and can be retried later.
 
 B<SSL_ERROR_WANT_READ> is returned when the last operation was a read
-operation from a non-blocking B<BIO>.
+operation from a nonblocking B<BIO>.
 It means that not enough data was available at this time to complete the
 operation.
 If at a later time the underlying B<BIO> has data available for reading the same
@@ -61,8 +61,8 @@ for a blocking B<BIO>.
 See L<SSL_read(3)> for more information.
 
 B<SSL_ERROR_WANT_WRITE> is returned when the last operation was a write
-to a non-blocking B<BIO> and it was unable to sent all data to the B<BIO>.
-When the B<BIO> is writeable again, the same function can be called again.
+to a nonblocking B<BIO> and it was unable to sent all data to the B<BIO>.
+When the B<BIO> is writable again, the same function can be called again.
 
 Note that the retry may again lead to an B<SSL_ERROR_WANT_READ> or
 B<SSL_ERROR_WANT_WRITE> condition.
@@ -72,7 +72,7 @@ protocol level.
 
 It is safe to call SSL_read() or SSL_read_ex() when more data is available
 even when the call that set this error was an SSL_write() or SSL_write_ex().
-However if the call was an SSL_write() or SSL_write_ex(), it should be called
+However, if the call was an SSL_write() or SSL_write_ex(), it should be called
 again to continue sending the application data.
 
 For socket B<BIO>s (e.g. when SSL_set_fd() was used), select() or

doc/man3/SSL_new.pod

@@ -26,10 +26,75 @@ structure are freed.
 SSL_up_ref() increments the reference count for an
 existing B<SSL> structure.
 
-SSL_dup() duplicates an existing B<SSL> structure into a new allocated one. All
-settings are inherited from the original B<SSL> structure. Dynamic data (i.e.
-existing connection details) are not copied, the new B<SSL> is set into an
-initial accept (server) or connect (client) state.
+The function SSL_dup() creates and returns a new B<SSL> structure from the same
+B<SSL_CTX> that was used to create I<s>. It additionally duplicates a subset of
+the settings in I<s> into the new B<SSL> object.
+
+For SSL_dup() to work, the connection MUST be in its initial state and
+MUST NOT have yet started the SSL handshake.  For connections that are not in
+their initial state SSL_dup() just increments an internal
+reference count and returns the I<same> handle.  It may be possible to
+use L<SSL_clear(3)> to recycle an SSL handle that is not in its initial
+state for re-use, but this is best avoided.  Instead, save and restore
+the session, if desired, and construct a fresh handle for each connection.
+
+The subset of settings in I<s> that are duplicated are:
+
+=over 4
+
+=item any session data if configured (including the session_id_context)
+
+=item any tmp_dh settings set via L<SSL_set_tmp_dh(3)>,
+L<SSL_set_tmp_dh_callback(3)>, or L<SSL_set_dh_auto(3)>
+
+=item any configured certificates, private keys or certificate chains
+
+=item any configured signature algorithms, or client signature algorithms
+
+=item any DANE settings
+
+=item any Options set via L<SSL_set_options(3)>
+
+=item any Mode set via L<SSL_set_mode(3)>
+
+=item any minimum or maximum protocol settings set via
+L<SSL_set_min_proto_version(3)> or L<SSL_set_max_proto_version(3)> (Note: Only
+from OpenSSL 1.1.1h and above)
+
+=item any Verify mode, callback or depth set via L<SSL_set_verify(3)> or
+L<SSL_set_verify_depth(3)> or any configured X509 verification parameters
+
+=item any msg callback or info callback set via L<SSL_set_msg_callback(3)> or
+L<SSL_set_info_callback(3)>
+
+=item any default password callback set via L<SSL_set_default_passwd_cb(3)>
+
+=item any session id generation callback set via L<SSL_set_generate_session_id(3)>
+
+=item any configured Cipher List
+
+=item initial accept (server) or connect (client) state
+
+=item the max cert list value set via L<SSL_set_max_cert_list(3)>
+
+=item the read_ahead value set via L<SSL_set_read_ahead(3)>
+
+=item application specific data set via L<SSL_set_ex_data(3)>
+
+=item any CA list or client CA list set via L<SSL_set0_CA_list(3)>,
+SSL_set0_client_CA_list() or similar functions
+
+=item any security level settings or callbacks
+
+=item any configured serverinfo data
+
+=item any configured PSK identity hint
+
+=item any configured custom extensions
+
+=item any client certificate types configured via SSL_set1_client_certificate_types
+
+=back
 
 =head1 RETURN VALUES
 
@@ -59,7 +124,7 @@ L<ssl(7)>
 
 =head1 COPYRIGHT
 
-Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

doc/man3/SSL_pending.pod

@@ -27,7 +27,7 @@ record) may have been read containing more TLS/SSL records. This also applies to
 DTLS and pipelining (see L<SSL_CTX_set_split_send_fragment(3)>). These
 additional bytes will be buffered by OpenSSL but will remain unprocessed until
 they are needed. As these bytes are still in an unprocessed state SSL_pending()
-will ignore them. Therefore it is possible for no more bytes to be readable from
+will ignore them. Therefore, it is possible for no more bytes to be readable from
 the underlying BIO (because OpenSSL has already read them) and for SSL_pending()
 to return 0, even though readable application data bytes are available (because
 the data is in unprocessed buffered records).
@@ -59,7 +59,7 @@ The SSL_has_pending() function was added in OpenSSL 1.1.0.
 
 =head1 COPYRIGHT
 
-Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy