More doc cleanup

Add missing entries to NAME section
Add SYNOPSIS lines, remove old NAME entries
Update find-doc-nits; better regexp's for parsing SYNOPSIS sections.
Rename a couple of files to have an API name.
Remove RSA_private_decrypt; it was duplicate content
Update for recent doc additions

Reviewed-by: Matt Caswell <matt@openssl.org>

75 files changed, 380 insertions, 268 deletions

diff --git a/doc/crypto/ASN1_STRING_length.pod b/doc/crypto/ASN1_STRING_length.pod
index 78513f8a89..a51d984454 100644
--- a/doc/crypto/ASN1_STRING_length.pod
+++ b/doc/crypto/ASN1_STRING_length.pod
@@ -3,7 +3,7 @@
 =head1 NAME
 
 ASN1_STRING_dup, ASN1_STRING_cmp, ASN1_STRING_set, ASN1_STRING_length,
-ASN1_STRING_length_set, ASN1_STRING_type, ASN1_STRING_data, ASN1_STRING_to_UTF8 -
+ASN1_STRING_type, ASN1_STRING_data, ASN1_STRING_to_UTF8 -
 ASN1_STRING utility functions
 
 =head1 SYNOPSIS
diff --git a/doc/crypto/ASYNC_start_job.pod b/doc/crypto/ASYNC_start_job.pod
index b5139a34a9..20bc1ad2aa 100644
--- a/doc/crypto/ASYNC_start_job.pod
+++ b/doc/crypto/ASYNC_start_job.pod
@@ -2,8 +2,8 @@
 
 =head1 NAME
 
+ASYNC_get_wait_ctx,
 ASYNC_init_thread, ASYNC_cleanup_thread, ASYNC_start_job, ASYNC_pause_job,
-ASYNC_in_job, ASYNC_get_wait_fd, ASYNC_set_wait_fd, ASYNC_clear_wait_fd,
 ASYNC_get_current_job, ASYNC_block_pause, ASYNC_unblock_pause, ASYNC_is_capable
 - asynchronous job management functions
 
diff --git a/doc/crypto/BIO_f_buffer.pod b/doc/crypto/BIO_f_buffer.pod
index 68811c3c93..286a39c9ed 100644
--- a/doc/crypto/BIO_f_buffer.pod
+++ b/doc/crypto/BIO_f_buffer.pod
@@ -2,6 +2,11 @@
 
 =head1 NAME
 
+BIO_get_buffer_num_lines,
+BIO_set_read_buffer_size,
+BIO_set_write_buffer_size,
+BIO_set_buffer_size,
+BIO_set_buffer_read_data,
 BIO_f_buffer - buffering BIO
 
 =head1 SYNOPSIS
diff --git a/doc/crypto/BIO_f_ssl.pod b/doc/crypto/BIO_f_ssl.pod
index 4c9da6a2ca..4007130150 100644
--- a/doc/crypto/BIO_f_ssl.pod
+++ b/doc/crypto/BIO_f_ssl.pod
@@ -2,7 +2,9 @@
 
 =head1 NAME
 
-BIO_f_ssl, BIO_set_ssl, BIO_get_ssl, BIO_set_ssl_mode, BIO_set_ssl_renegotiate_bytes,
+BIO_do_handshake,
+BIO_f_ssl, BIO_set_ssl, BIO_get_ssl, BIO_set_ssl_mode,
+BIO_set_ssl_renegotiate_bytes,
 BIO_get_num_renegotiates, BIO_set_ssl_renegotiate_timeout, BIO_new_ssl,
 BIO_new_ssl_connect, BIO_new_buffer_ssl_connect, BIO_ssl_copy_session_id,
 BIO_ssl_shutdown - SSL BIO
diff --git a/doc/crypto/BIO_find_type.pod b/doc/crypto/BIO_find_type.pod
index c5029837b0..f03071ad9b 100644
--- a/doc/crypto/BIO_find_type.pod
+++ b/doc/crypto/BIO_find_type.pod
@@ -2,6 +2,12 @@
 
 =head1 NAME
 
+BIO_TYPE_NONE, BIO_TYPE_MEM, BIO_TYPE_FILE, BIO_TYPE_FD, BIO_TYPE_SOCKET,
+BIO_TYPE_NULL, BIO_TYPE_SSL, BIO_TYPE_MD, BIO_TYPE_BUFFER, BIO_TYPE_CIPHER,
+BIO_TYPE_BASE64, BIO_TYPE_CONNECT, BIO_TYPE_ACCEPT, BIO_TYPE_PROXY_CLIENT,
+BIO_TYPE_PROXY_SERVER, BIO_TYPE_NBIO_TEST, BIO_TYPE_NULL_FILTER,
+BIO_TYPE_BER, BIO_TYPE_BIO, BIO_TYPE_DESCRIPTOR, BIO_TYPE_FILTER,
+BIO_TYPE_SOURCE_SINK,
 BIO_find_type, BIO_next, BIO_method_type - BIO chain traversal
 
 =head1 SYNOPSIS
diff --git a/doc/crypto/BIO_get_ex_new_index.pod b/doc/crypto/BIO_get_ex_new_index.pod
index 21e5bb76ab..3e24f10bc3 100644
--- a/doc/crypto/BIO_get_ex_new_index.pod
+++ b/doc/crypto/BIO_get_ex_new_index.pod
@@ -15,28 +15,38 @@ ECDSA_get_ex_new_index, ECDSA_set_ex_data, ECDSA_get_ex_data,
 RSA_get_ex_new_index, RSA_set_ex_data, RSA_get_ex_data
 - application-specific data
 
-=head1 SYNOPSIS
+=for comment generic
 
-The synopsis below is for the X509 structure, but is the same for all
-crypto structures:
+=head1 SYNOPSIS
 
  #include <openssl/x509.h>
 
- int X509_get_ex_new_index(long argl, void *argp,
+ int TYPE_get_ex_new_index(long argl, void *argp,
                 CRYPTO_EX_new *new_func,
                 CRYPTO_EX_dup *dup_func,
                 CRYPTO_EX_free *free_func);
 
- int X509_set_ex_data(X509 *d, int idx, void *arg);
+ int TYPE_set_ex_data(TYPE *d, int idx, void *arg);
 
- void *X509_get_ex_data(X509 *d, int idx);
+ void *TYPE_get_ex_data(TYPE *d, int idx);
 
 =head1 DESCRIPTION
 
-These functions handle application-specific data for OpenSSL crypto
+In the description here, I<TYPE> is used a placeholder
+for any of the OpenSSL datatypes listed in
+L<CRYPTO_get_ex_new_index(3)>.
+
+These functions handle application-specific data for OpenSSL data
 structures.
 
-For details, see L<CRYPTO_get_ex_new_index(3)>.
+TYPE_get_new_ex_index() is a macro that calls CRYPTO_get_ex_new_index()
+with the correct B<index> value.
+
+TYPE_set_ex_data() is a function that calls CRYPTO_set_ex_data() with
+an offset into the opaque exdata part of the TYPE object.
+
+TYPE_get_ex_data() is a function that calls CRYPTO_get_ex_data() with an
+an offset into the opaque exdata part of the TYPE object.
 
 =head1 SEE ALSO
 
diff --git a/doc/crypto/BIO_s_accept.pod b/doc/crypto/BIO_s_accept.pod
index ad7bfaac4b..a9259ab217 100644
--- a/doc/crypto/BIO_s_accept.pod
+++ b/doc/crypto/BIO_s_accept.pod
@@ -2,6 +2,7 @@
 
 =head1 NAME
 
+BIO_BIND_NORMAL, BIO_BIND_REUSEADDR_IF_UNUSED, BIO_BIND_REUSEADDR,
 BIO_s_accept, BIO_set_accept_port, BIO_get_accept_port, BIO_new_accept,
 BIO_set_nbio_accept, BIO_set_accept_bios, BIO_set_bind_mode,
 BIO_get_bind_mode, BIO_do_accept - accept BIO
diff --git a/doc/crypto/BIO_s_connect.pod b/doc/crypto/BIO_s_connect.pod
index d97d5899a5..29192a6cf0 100644
--- a/doc/crypto/BIO_s_connect.pod
+++ b/doc/crypto/BIO_s_connect.pod
@@ -2,9 +2,10 @@
 
 =head1 NAME
 
+BIO_set_conn_address, BIO_get_conn_address,
 BIO_s_connect, BIO_new_connect, BIO_set_conn_hostname, BIO_set_conn_port,
-BIO_set_conn_ip, BIO_set_conn_int_port, BIO_get_conn_hostname,
-BIO_get_conn_port, BIO_get_conn_ip, BIO_get_conn_int_port,
+BIO_get_conn_hostname,
+BIO_get_conn_port,
 BIO_set_nbio, BIO_do_connect - connect BIO
 
 =head1 SYNOPSIS
diff --git a/doc/crypto/BIO_s_mem.pod b/doc/crypto/BIO_s_mem.pod
index 56d10bd8dd..afde930906 100644
--- a/doc/crypto/BIO_s_mem.pod
+++ b/doc/crypto/BIO_s_mem.pod
@@ -2,6 +2,7 @@
 
 =head1 NAME
 
+BIO_s_secmem,
 BIO_s_mem, BIO_set_mem_eof_return, BIO_get_mem_data, BIO_set_mem_buf,
 BIO_get_mem_ptr, BIO_new_mem_buf - memory BIO
 
diff --git a/doc/crypto/BIO_s_socket.pod b/doc/crypto/BIO_s_socket.pod
index 88aaa88c49..ad0574aee6 100644
--- a/doc/crypto/BIO_s_socket.pod
+++ b/doc/crypto/BIO_s_socket.pod
@@ -10,9 +10,6 @@ BIO_s_socket, BIO_new_socket - socket BIO
 
  const BIO_METHOD *BIO_s_socket(void);
 
- long BIO_set_fd(BIO *b, int fd, long close_flag);
- long BIO_get_fd(BIO *b, int *c);
-
  BIO *BIO_new_socket(int sock, int close_flag);
 
 =head1 DESCRIPTION
@@ -26,12 +23,6 @@ BIO_puts() is supported but BIO_gets() is not.
 If the close flag is set then the socket is shut down and closed
 when the BIO is freed.
 
-BIO_set_fd() sets the socket of BIO B<b> to B<fd> and the close
-flag to B<close_flag>.
-
-BIO_get_fd() places the socket in B<c> if it is not NULL, it also
-returns the socket. If B<c> is not NULL it should be of type (int *).
-
 BIO_new_socket() returns a socket BIO using B<sock> and B<close_flag>.
 
 =head1 NOTES
@@ -44,17 +35,10 @@ platforms sockets are not file descriptors and use distinct I/O routines,
 Windows is one such platform. Any code mixing the two will not work on
 all platforms.
 
-BIO_set_fd() and BIO_get_fd() are macros.
-
 =head1 RETURN VALUES
 
 BIO_s_socket() returns the socket BIO method.
 
-BIO_set_fd() always returns 1.
-
-BIO_get_fd() returns the socket or -1 if the BIO has not been
-initialized.
-
 BIO_new_socket() returns the newly allocated BIO or NULL is an error
 occurred.
 
diff --git a/doc/crypto/BIO_should_retry.pod b/doc/crypto/BIO_should_retry.pod
index fc728ff9f2..2a6485af9a 100644
--- a/doc/crypto/BIO_should_retry.pod
+++ b/doc/crypto/BIO_should_retry.pod
@@ -2,6 +2,8 @@
 
 =head1 NAME
 
+BIO_FLAGS_READ, BIO_FLAGS_WRITE, BIO_FLAGS_IO_SPECIAL, BIO_FLAGS_RWS,
+BIO_FLAGS_SHOULD_RETRY,
 BIO_should_read, BIO_should_write,
 BIO_should_io_special, BIO_retry_type, BIO_should_retry,
 BIO_get_retry_BIO, BIO_get_retry_reason, BIO_set_retry_reason - BIO retry
diff --git a/doc/crypto/BN_CTX_new.pod b/doc/crypto/BN_CTX_new.pod
index f2edd49a97..ca54590517 100644
--- a/doc/crypto/BN_CTX_new.pod
+++ b/doc/crypto/BN_CTX_new.pod
@@ -2,7 +2,7 @@
 
 =head1 NAME
 
-BN_CTX_new, BN_CTX_secure_new, BN_CTX_init, BN_CTX_free - allocate and free BN_CTX structures
+BN_CTX_new, BN_CTX_secure_new, BN_CTX_free - allocate and free BN_CTX structures
 
 =head1 SYNOPSIS
 
diff --git a/doc/crypto/BN_bn2bin.pod b/doc/crypto/BN_bn2bin.pod
index b0a8b50d5e..14b152e430 100644
--- a/doc/crypto/BN_bn2bin.pod
+++ b/doc/crypto/BN_bn2bin.pod
@@ -2,6 +2,7 @@
 
 =head1 NAME
 
+BN_bn2binpad,
 BN_bn2bin, BN_bin2bn, BN_bn2lebinpad, BN_lebin2bn, BN_bn2hex, BN_bn2dec,
 BN_hex2bn, BN_dec2bn, BN_print, BN_print_fp, BN_bn2mpi,
 BN_mpi2bn - format conversions
diff --git a/doc/crypto/BN_mod_mul_montgomery.pod b/doc/crypto/BN_mod_mul_montgomery.pod
index 152185f6f2..bf1ef343cd 100644
--- a/doc/crypto/BN_mod_mul_montgomery.pod
+++ b/doc/crypto/BN_mod_mul_montgomery.pod
@@ -2,7 +2,7 @@
 
 =head1 NAME
 
-BN_mod_mul_montgomery, BN_MONT_CTX_new, BN_MONT_CTX_init,
+BN_mod_mul_montgomery, BN_MONT_CTX_new,
 BN_MONT_CTX_free, BN_MONT_CTX_set, BN_MONT_CTX_copy,
 BN_from_montgomery, BN_to_montgomery - Montgomery multiplication
 
@@ -69,26 +69,6 @@ The error codes can be obtained by L<ERR_get_error(3)>.
 The inputs must be reduced modulo B<m>, otherwise the result will be
 outside the expected range.
 
-=head1 REMOVED FUNCTIONALITY
-
- void BN_MONT_CTX_init(BN_MONT_CTX *c);
-
-BN_MONT_CTX_init() is no longer available as of OpenSSL 1.1.0. It was used to
-initialize an existing uninitialized B<BN_MONT_CTX>. Typically this would be
-done as follows:
-
- BN_MONT_CTX ctx;
- BN_MONT_CTX_init(&ctx);
-
-Instead applications should create a BN_MONT_CTX structure using
-BN_MONT_CTX_new:
-
- BN_MONT_CTX *ctx;
- ctx = BN_MONT_CTX_new();
- if(!ctx) /* handle error */
- ...
- BN_MONT_CTX_free(ctx);
-
 =head1 SEE ALSO
 
 L<bn(3)>, L<ERR_get_error(3)>, L<BN_add(3)>,
diff --git a/doc/crypto/BN_mod_mul_reciprocal.pod b/doc/crypto/BN_mod_mul_reciprocal.pod
index 86fb486385..23832b3b6c 100644
--- a/doc/crypto/BN_mod_mul_reciprocal.pod
+++ b/doc/crypto/BN_mod_mul_reciprocal.pod
@@ -2,7 +2,7 @@
 
 =head1 NAME
 
-BN_mod_mul_reciprocal,  BN_div_recp, BN_RECP_CTX_new, BN_RECP_CTX_init,
+BN_mod_mul_reciprocal,  BN_div_recp, BN_RECP_CTX_new,
 BN_RECP_CTX_free, BN_RECP_CTX_set - modular multiplication using
 reciprocal
 
@@ -30,7 +30,6 @@ using B<recp>=1/B<m>, which is set as described below.  B<ctx> is a
 previously allocated B<BN_CTX> used for temporary variables.
 
 BN_RECP_CTX_new() allocates and initializes a B<BN_RECP> structure.
-BN_RECP_CTX_init() initializes an existing uninitialized B<BN_RECP>.
 
 BN_RECP_CTX_free() frees the components of the B<BN_RECP>, and, if it
 was created by BN_RECP_CTX_new(), also the structure itself.
@@ -51,31 +50,11 @@ The B<BN_RECP_CTX> structure cannot be shared between threads.
 BN_RECP_CTX_new() returns the newly allocated B<BN_RECP_CTX>, and NULL
 on error.
 
-BN_RECP_CTX_init() and BN_RECP_CTX_free() have no return values.
+BN_RECP_CTX_free() has no return value.
 
 For the other functions, 1 is returned for success, 0 on error.
 The error codes can be obtained by L<ERR_get_error(3)>.
 
-=head1 REMOVED FUNCTIONALITY
-
- void BN_RECP_CTX_init(BN_RECP_CTX *recp);
-
-BN_RECP_CTX_init() is no longer available as of OpenSSL 1.1.0. It was used to
-initialize an existing uninitialized B<BN_RECP_CTX>. Typically this would be
-done as follows:
-
- BN_RECP_CTX ctx;
- BN_RECP_CTX_init(&ctx);
-
-Applications should replace use of BN_RECP_CTX_init with BN_RECP_CTX_new
-instead:
-
- BN_RECP_CTX *ctx;
- ctx = BN_RECP_CTX_new();
- if(!ctx) /* Handle error */
- ...
- BN_RECP_CTX_free(ctx);
-
 =head1 SEE ALSO
 
 L<bn(3)>, L<ERR_get_error(3)>, L<BN_add(3)>,
@@ -83,7 +62,7 @@ L<BN_CTX_new(3)>
 
 =head1 HISTORY
 
-BN_RECP_CTX_init was removed in OpenSSL 1.1.0
+BN_RECP_CTX_init() was removed in OpenSSL 1.1.0
 
 =head1 COPYRIGHT
 
diff --git a/doc/crypto/BUF_MEM_new.pod b/doc/crypto/BUF_MEM_new.pod
index 16fe3daa84..1a975776aa 100644
--- a/doc/crypto/BUF_MEM_new.pod
+++ b/doc/crypto/BUF_MEM_new.pod
@@ -2,8 +2,10 @@
 
 =head1 NAME
 
-BUF_MEM_new, BUF_MEM_new_ex, BUF_MEM_free, BUF_MEM_grow - simple
-character array structure
+BUF_MEM_FLAG_SECURE,
+BUF_MEM_new, BUF_MEM_new_ex, BUF_MEM_free, BUF_MEM_grow
+BUF_MEM_grow_clean, BUF_reverse
+- simple character array structure
 
 standard C library equivalents
 
@@ -17,9 +19,12 @@ standard C library equivalents
 
  BUF_MEM *BUF_MEM_new_ex(unsigned long flags);
 
- void   BUF_MEM_free(BUF_MEM *a);
+ void BUF_MEM_free(BUF_MEM *a);
 
- int    BUF_MEM_grow(BUF_MEM *str, int len);
+ int BUF_MEM_grow(BUF_MEM *str, int len);
+ size_t BUF_MEM_grow_clean(BUF_MEM *str, size_t len);
+
+ void BUF_reverse(unsigned char *out, const unsigned char *in, size_t size);
 
 =head1 DESCRIPTION
 
@@ -39,13 +44,20 @@ BUF_MEM_grow() changes the size of an already existing buffer to
 B<len>. Any data already in the buffer is preserved if it increases in
 size.
 
+BUF_MEM_grow_clean() is similar to BUF_MEM_grow() but it sets any free'd
+or additionally-allocated memory to zero.
+
+BUF_reverse() reverses B<size> bytes at B<in> into B<out>.  If B<out>
+is NULL, the array is reversed in-place.
+
 =head1 RETURN VALUES
 
 BUF_MEM_new() returns the buffer or NULL on error.
 
 BUF_MEM_free() has no return value.
 
-BUF_MEM_grow() returns zero on error or the new size (i.e. B<len>).
+BUF_MEM_grow() and BUF_MEM_grow_clean() return
+zero on error or the new size (i.e., B<len>).
 
 =head1 SEE ALSO
 
diff --git a/doc/crypto/CMS_get0_RecipientInfos.pod b/doc/crypto/CMS_get0_RecipientInfos.pod
index 9f0b4ebe3a..6c33c224e9 100644
--- a/doc/crypto/CMS_get0_RecipientInfos.pod
+++ b/doc/crypto/CMS_get0_RecipientInfos.pod
@@ -2,7 +2,12 @@
 
 =head1 NAME
 
-CMS_get0_RecipientInfos, CMS_RecipientInfo_type, CMS_RecipientInfo_ktri_get0_signer_id,CMS_RecipientInfo_ktri_cert_cmp, CMS_RecipientInfo_set0_pkey, CMS_RecipientInfo_kekri_get0_id, CMS_RecipientInfo_kekri_id_cmp, CMS_RecipientInfo_set0_key, CMS_RecipientInfo_decrypt, CMS_RecipientInfo_encrypt - CMS envelopedData RecipientInfo routines
+CMS_get0_RecipientInfos, CMS_RecipientInfo_type,
+CMS_RecipientInfo_ktri_get0_signer_id, CMS_RecipientInfo_ktri_cert_cmp,
+CMS_RecipientInfo_set0_pkey, CMS_RecipientInfo_kekri_get0_id,
+CMS_RecipientInfo_kekri_id_cmp, CMS_RecipientInfo_set0_key,
+CMS_RecipientInfo_decrypt, CMS_RecipientInfo_encrypt
+- CMS envelopedData RecipientInfo routines
 
 =head1 SYNOPSIS
 
diff --git a/doc/crypto/CMS_get0_SignerInfos.pod b/doc/crypto/CMS_get0_SignerInfos.pod
index 303e8754e2..c8071591f3 100644
--- a/doc/crypto/CMS_get0_SignerInfos.pod
+++ b/doc/crypto/CMS_get0_SignerInfos.pod
@@ -2,7 +2,10 @@
 
 =head1 NAME
 
-CMS_get0_SignerInfos, CMS_SignerInfo_get0_signer_id, CMS_SignerInfo_get0_signature, CMS_SignerInfo_cert_cmp, CMS_set1_signer_cert - CMS signedData signer functions
+CMS_SignerInfo_set1_signer_cert,
+CMS_get0_SignerInfos, CMS_SignerInfo_get0_signer_id,
+CMS_SignerInfo_get0_signature, CMS_SignerInfo_cert_cmp,
+- CMS signedData signer functions
 
 =head1 SYNOPSIS
 
diff --git a/doc/crypto/CRYPTO_get_ex_new_index.pod b/doc/crypto/CRYPTO_get_ex_new_index.pod
index f0e19b1eb1..17110f76d2 100644
--- a/doc/crypto/CRYPTO_get_ex_new_index.pod
+++ b/doc/crypto/CRYPTO_get_ex_new_index.pod
@@ -2,8 +2,9 @@
 
 =head1 NAME
 
+CRYPTO_EX_new, CRYPTO_EX_free, CRYPTO_EX_dup,
 CRYPTO_free_ex_index, CRYPTO_get_ex_new_index, CRYPTO_set_ex_data,
-CRYPTO_get_ex_data, CRYPTO_free_ex_data
+CRYPTO_get_ex_data, CRYPTO_free_ex_data, CRYPTO_new_ex_data
 - functions supporting application-specific data
 
 =head1 SYNOPSIS
@@ -23,6 +24,8 @@ CRYPTO_get_ex_data, CRYPTO_free_ex_data
  typedef int CRYPTO_EX_dup(CRYPTO_EX_DATA *to, CRYPTO_EX_DATA *from,
                            void *from_d, int idx, long argl, void *argp);
 
+ int CRYPTO_new_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad)
+
  int CRYPTO_set_ex_data(CRYPTO_EX_DATA *r, int idx, void *arg);
 
  void *CRYPTO_get_ex_data(CRYPTO_EX_DATA *r, int idx);
@@ -59,6 +62,10 @@ The API described here is used by OpenSSL to manipulate exdata for specific
 structures.  Since the application data can be anything at all it is passed
 and retrieved as a B<void *> type.
 
+The B<CRYPTO_EX_DATA> type is opaque.  To initialize the exdata part of
+a structure, call CRYPTO_new_ex_data(). This is only necessary for
+B<CRYPTO_EX_INDEX_APP> objects.
+
 Exdata types are identified by an B<index>, an integer guaranteed to be
 unique within structures for the lifetime of the program.  Applications
 using exdata typically call B<CRYPTO_get_ex_new_index> at startup, and
diff --git a/doc/crypto/DEFINE_STACK_OF.pod b/doc/crypto/DEFINE_STACK_OF.pod
index d32fb2177a..996bfcd64c 100644
--- a/doc/crypto/DEFINE_STACK_OF.pod
+++ b/doc/crypto/DEFINE_STACK_OF.pod
@@ -3,6 +3,12 @@
 =head1 NAME
 
 DEFINE_STACK_OF, DEFINE_STACK_OF_CONST, DEFINE_SPECIAL_STACK_OF,
+OPENSSL_sk_deep_copy, OPENSSL_sk_delete, OPENSSL_sk_delete_ptr,
+OPENSSL_sk_dup, OPENSSL_sk_find, OPENSSL_sk_find_ex, OPENSSL_sk_free,
+OPENSSL_sk_insert, OPENSSL_sk_is_sorted, OPENSSL_sk_new, OPENSSL_sk_new_null,
+OPENSSL_sk_num, OPENSSL_sk_pop, OPENSSL_sk_pop_free, OPENSSL_sk_push,
+OPENSSL_sk_set, OPENSSL_sk_set_cmp_func, OPENSSL_sk_shift, OPENSSL_sk_sort,
+OPENSSL_sk_unshift, OPENSSL_sk_value, OPENSSL_sk_zero,
 sk_TYPE_num, sk_TYPE_value, sk_TYPE_new, sk_TYPE_new_null, sk_TYPE_free,
 sk_TYPE_zero, sk_TYPE_delete, sk_TYPE_delete_ptr, sk_TYPE_push,
 sk_TYPE_unshift, sk_TYPE_pop, sk_TYPE_shift, sk_TYPE_pop_free,
@@ -53,7 +59,9 @@ stack container
 =head1 DESCRIPTION
 
 Applications can create and use their own stacks by placing any of the macros
-described below in a header file.  In the description below, I<TYPE> is used
+described below in a header file. These macros define typesafe inline
+functions that wrap around the utility B<OPENSSL_sk_> API.
+In the description here, I<TYPE> is used
 as a placeholder for any of the OpenSSL datatypes, such as I<X509>.
 
 DEFINE_STACK_OF(TYPE) creates set of functions for a stack of B<TYPE>. This
diff --git a/doc/crypto/DH_get_1024_160.pod b/doc/crypto/DH_get_1024_160.pod
new file mode 100644
index 0000000000..4044f10418
--- /dev/null
+++ b/doc/crypto/DH_get_1024_160.pod
@@ -0,0 +1,74 @@
+=pod
+
+=head1 NAME
+
+DH_get_1024_160,
+DH_get_2048_224,
+DH_get_2048_256,
+BN_get0_nist_prime_192,
+BN_get0_nist_prime_224,
+BN_get0_nist_prime_256,
+BN_get0_nist_prime_384,
+BN_get0_nist_prime_521,
+BN_get_rfc2409_prime_768,
+BN_get_rfc2409_prime_1024,
+BN_get_rfc3526_prime_1536,
+BN_get_rfc3526_prime_2048,
+BN_get_rfc3526_prime_3072,
+BN_get_rfc3526_prime_4096,
+BN_get_rfc3526_prime_6144,
+BN_get_rfc3526_prime_8192
+- Create standardized public primes or DH pairs
+
+=head1 SYNOPSIS
+
+ #include <openssl/dh.h>
+ DH *DH_get_1024_160(void)
+ DH *DH_get_2048_224(void)
+ DH *DH_get_2048_256(void)
+
+ const BIGNUM *BN_get0_nist_prime_192(void)
+ const BIGNUM *BN_get0_nist_prime_224(void)
+ const BIGNUM *BN_get0_nist_prime_256(void)
+ const BIGNUM *BN_get0_nist_prime_384(void)
+ const BIGNUM *BN_get0_nist_prime_521(void)
+
+ BIGNUM *BN_get_rfc2409_prime_768(BIGNUM *bn)
+ BIGNUM *BN_get_rfc2409_prime_1024(BIGNUM *bn)
+ BIGNUM *BN_get_rfc3526_prime_1536(BIGNUM *bn)
+ BIGNUM *BN_get_rfc3526_prime_2048(BIGNUM *bn)
+ BIGNUM *BN_get_rfc3526_prime_3072(BIGNUM *bn)
+ BIGNUM *BN_get_rfc3526_prime_4096(BIGNUM *bn)
+ BIGNUM *BN_get_rfc3526_prime_6144(BIGNUM *bn)
+ BIGNUM *BN_get_rfc3526_prime_8192(BIGNUM *bn)
+
+=head1 DESCRIPTION
+
+DH_get_1024_160(), DH_get_2048_224(), and DH_get_2048_256() each return
+a DH object for the IETF RFC 5114 value.
+
+BN_get0_nist_prime_192(), BN_get0_nist_prime_224(), BN_get0_nist_prime_256(),
+BN_get0_nist_prime_384(), and BN_get0_nist_prime_521() functions return
+a BIGNUM for the specific NIST prime curve (e.g., P-256).
+
+BN_get_rfc2409_prime_768(), BN_get_rfc2409_prime_1024(),
+BN_get_rfc3526_prime_1536(), BN_get_rfc3526_prime_2048(),
+BN_get_rfc3526_prime_3072(), BN_get_rfc3526_prime_4096(),
+BN_get_rfc3526_prime_6144(), and BN_get_rfc3526_prime_8192() functions
+return a BIGNUM for the specified size from IETF RFC 2409.  If B<bn>
+is not NULL, the BIGNUM will be set into that location as well.
+
+=head1 RETURN VALUES
+
+Defined above.
+
+=head1 COPYRIGHT
+
+Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/doc/crypto/DSA_SIG_new.pod b/doc/crypto/DSA_SIG_new.pod
index f2696801a6..7f6a5a121a 100644
--- a/doc/crypto/DSA_SIG_new.pod
+++ b/doc/crypto/DSA_SIG_new.pod
@@ -2,6 +2,7 @@
 
 =head1 NAME
 
+DSA_SIG_get0, DSA_SIG_set0,
 DSA_SIG_new, DSA_SIG_free - allocate and free DSA signature objects
 
 =head1 SYNOPSIS
diff --git a/doc/crypto/ECDSA_SIG_new.pod b/doc/crypto/ECDSA_SIG_new.pod
index e2015f100e..b6545c92e6 100644
--- a/doc/crypto/ECDSA_SIG_new.pod
+++ b/doc/crypto/ECDSA_SIG_new.pod
@@ -2,6 +2,7 @@
 
 =head1 NAME
 
+ECDSA_SIG_get0, ECDSA_SIG_set0,
 ECDSA_SIG_new, ECDSA_SIG_free, i2d_ECDSA_SIG, d2i_ECDSA_SIG, ECDSA_size,
 ECDSA_sign, ECDSA_do_sign, ECDSA_verify, ECDSA_do_verify, ECDSA_sign_setup,
 ECDSA_sign_ex, ECDSA_do_sign_ex - low level elliptic curve digital signature
diff --git a/doc/crypto/EC_GROUP_copy.pod b/doc/crypto/EC_GROUP_copy.pod
index aef888736a..6b398dfefc 100644
--- a/doc/crypto/EC_GROUP_copy.pod
+++ b/doc/crypto/EC_GROUP_copy.pod
@@ -2,7 +2,17 @@
 
 =head1 NAME
 
-EC_GROUP_copy, EC_GROUP_dup, EC_GROUP_method_of, EC_GROUP_set_generator, EC_GROUP_get0_generator, EC_GROUP_get_order, EC_GROUP_get_cofactor, EC_GROUP_set_curve_name, EC_GROUP_get_curve_name, EC_GROUP_set_asn1_flag, EC_GROUP_get_asn1_flag, EC_GROUP_set_point_conversion_form, EC_GROUP_get_point_conversion_form, EC_GROUP_get0_seed, EC_GROUP_get_seed_len, EC_GROUP_set_seed, EC_GROUP_get_degree, EC_GROUP_check, EC_GROUP_check_discriminant, EC_GROUP_cmp, EC_GROUP_get_basis_type, EC_GROUP_get_trinomial_basis, EC_GROUP_get_pentanomial_basis - Functions for manipulating EC_GROUP objects
+EC_GROUP_get0_order, EC_GROUP_order_bits, EC_GROUP_get0_cofactor,
+EC_GROUP_copy, EC_GROUP_dup, EC_GROUP_method_of, EC_GROUP_set_generator,
+EC_GROUP_get0_generator, EC_GROUP_get_order, EC_GROUP_get_cofactor,
+EC_GROUP_set_curve_name, EC_GROUP_get_curve_name, EC_GROUP_set_asn1_flag,
+EC_GROUP_get_asn1_flag, EC_GROUP_set_point_conversion_form,
+EC_GROUP_get_point_conversion_form, EC_GROUP_get0_seed,
+EC_GROUP_get_seed_len, EC_GROUP_set_seed, EC_GROUP_get_degree,
+EC_GROUP_check, EC_GROUP_check_discriminant, EC_GROUP_cmp,
+EC_GROUP_get_basis_type, EC_GROUP_get_trinomial_basis,
+EC_GROUP_get_pentanomial_basis
+- Functions for manipulating EC_GROUP objects
 
 =head1 SYNOPSIS
 
diff --git a/doc/crypto/EC_GROUP_new.pod b/doc/crypto/EC_GROUP_new.pod
index 7cf0f007d7..25129100b6 100644
--- a/doc/crypto/EC_GROUP_new.pod
+++ b/doc/crypto/EC_GROUP_new.pod
@@ -2,6 +2,7 @@
 
 =head1 NAME
 
+EC_GROUP_get_ecparameters, EC_GROUP_get_ecpkparameters,
 EC_GROUP_new, EC_GROUP_new_from_ecparameters,
 EC_GROUP_new_from_ecpkparameters,
 EC_GROUP_free, EC_GROUP_clear_free, EC_GROUP_new_curve_GFp,
diff --git a/doc/crypto/EC_KEY_new.pod b/doc/crypto/EC_KEY_new.pod
index 548165bc43..b6bd432579 100644
--- a/doc/crypto/EC_KEY_new.pod
+++ b/doc/crypto/EC_KEY_new.pod
@@ -2,6 +2,7 @@
 
 =head1 NAME
 
+EC_KEY_get_method, EC_KEY_set_method,
 EC_KEY_new, EC_KEY_get_flags, EC_KEY_set_flags, EC_KEY_clear_flags,
 EC_KEY_new_by_curve_name, EC_KEY_free, EC_KEY_copy, EC_KEY_dup, EC_KEY_up_ref,
 EC_KEY_get0_group, EC_KEY_set_group, EC_KEY_get0_private_key,
diff --git a/doc/crypto/EC_POINT_new.pod b/doc/crypto/EC_POINT_new.pod
index 0a27cd2575..206648c83b 100644
--- a/doc/crypto/EC_POINT_new.pod
+++ b/doc/crypto/EC_POINT_new.pod
@@ -2,15 +2,18 @@
 
 =head1 NAME
 
-EC_POINT_new, EC_POINT_free, EC_POINT_clear_free, EC_POINT_copy, EC_POINT_dup,
-EC_POINT_method_of, EC_POINT_set_to_infinity,
-EC_POINT_set_Jprojective_coordinates, EC_POINT_get_Jprojective_coordinates_GFp,
-EC_POINT_set_affine_coordinates_GFp, EC_POINT_get_affine_coordinates_GFp,
-EC_POINT_set_compressed_coordinates_GFp, EC_POINT_set_affine_coordinates_GF2m,
-EC_POINT_get_affine_coordinates_GF2m, EC_POINT_set_compressed_coordinates_GF2m,
-EC_POINT_point2oct, EC_POINT_oct2point, EC_POINT_point2bn, EC_POINT_bn2point,
-EC_POINT_point2hex, EC_POINT_hex2point - Functions for creating, destroying and
-manipulating EC_POINT objects
+EC_POINT_set_Jprojective_coordinates_GFp, EC_POINT_point2buf,
+EC_POINT_new, EC_POINT_free, EC_POINT_clear_free,
+EC_POINT_copy, EC_POINT_dup, EC_POINT_method_of,
+EC_POINT_set_to_infinity,
+EC_POINT_get_Jprojective_coordinates_GFp,
+EC_POINT_set_affine_coordinates_GFp,
+EC_POINT_get_affine_coordinates_GFp, EC_POINT_set_compressed_coordinates_GFp,
+EC_POINT_set_affine_coordinates_GF2m, EC_POINT_get_affine_coordinates_GF2m,
+EC_POINT_set_compressed_coordinates_GF2m, EC_POINT_point2oct,
+EC_POINT_oct2point, EC_POINT_point2bn, EC_POINT_bn2point, EC_POINT_point2hex,
+EC_POINT_hex2point
+- Functions for creating, destroying and manipulating EC_POINT objects
 
 =head1 SYNOPSIS
 
diff --git a/doc/crypto/ENGINE_add.pod b/doc/crypto/ENGINE_add.pod
index a934d96ec4..4e082bc7ef 100644
--- a/doc/crypto/ENGINE_add.pod
+++ b/doc/crypto/ENGINE_add.pod
@@ -2,7 +2,45 @@
 
 =head1 NAME
 
-engine - ENGINE cryptographic module support
+ENGINE_get_DH, ENGINE_get_DSA, ENGINE_get_ECDH, ENGINE_get_ECDSA,
+ENGINE_by_id, ENGINE_get_cipher_engine, ENGINE_get_default_DH,
+ENGINE_get_default_DSA, ENGINE_get_default_ECDH,
+ENGINE_get_default_ECDSA, ENGINE_get_default_RAND,
+ENGINE_get_default_RSA, ENGINE_get_digest_engine, ENGINE_get_first,
+ENGINE_get_last, ENGINE_get_next, ENGINE_get_prev, ENGINE_new,
+ENGINE_get_ciphers, ENGINE_get_ctrl_function, ENGINE_get_digests,
+ENGINE_get_destroy_function, ENGINE_get_finish_function,
+ENGINE_get_init_function, ENGINE_get_load_privkey_function,
+ENGINE_get_load_pubkey_function, ENGINE_load_private_key,
+ENGINE_load_public_key, ENGINE_get_RAND, ENGINE_get_RSA, ENGINE_get_id,
+ENGINE_get_name, ENGINE_get_cmd_defns, EVP_CIPHER ENGINE_get_cipher,
+ENGINE_get_digest, ENGINE_add, ENGINE_cmd_is_executable,
+ENGINE_ctrl, ENGINE_ctrl_cmd, ENGINE_ctrl_cmd_string,
+ENGINE_finish, ENGINE_free, ENGINE_get_flags, ENGINE_init,
+ENGINE_register_DH, ENGINE_register_DSA, ENGINE_register_ECDH,
+ENGINE_register_ECDSA, ENGINE_register_RAND, ENGINE_register_RSA,
+ENGINE_register_all_complete, ENGINE_register_ciphers,
+ENGINE_register_complete, ENGINE_register_digests, ENGINE_remove,
+ENGINE_set_DH, ENGINE_set_DSA, ENGINE_set_ECDH, ENGINE_set_ECDSA,
+ENGINE_set_RAND, ENGINE_set_RSA, ENGINE_set_ciphers,
+ENGINE_set_cmd_defns, ENGINE_set_ctrl_function, ENGINE_set_default,
+ENGINE_set_default_DH, ENGINE_set_default_DSA, ENGINE_set_default_ECDH,
+ENGINE_set_default_ECDSA, ENGINE_set_default_RAND, ENGINE_set_default_RSA,
+ENGINE_set_default_ciphers, ENGINE_set_default_digests,
+ENGINE_set_default_string, ENGINE_set_destroy_function,
+ENGINE_set_digests, ENGINE_set_finish_function, ENGINE_set_flags,
+ENGINE_set_id, ENGINE_set_init_function, ENGINE_set_load_privkey_function,
+ENGINE_set_load_pubkey_function, ENGINE_set_name, ENGINE_up_ref,
+ENGINE_get_table_flags, ENGINE_cleanup,
+ENGINE_load_builtin_engines, ENGINE_register_all_DH,
+ENGINE_register_all_DSA, ENGINE_register_all_ECDH,
+ENGINE_register_all_ECDSA, ENGINE_register_all_RAND,
+ENGINE_register_all_RSA, ENGINE_register_all_ciphers,
+ENGINE_register_all_digests, ENGINE_set_table_flags, ENGINE_unregister_DH,
+ENGINE_unregister_DSA, ENGINE_unregister_ECDH, ENGINE_unregister_ECDSA,
+ENGINE_unregister_RAND, ENGINE_unregister_RSA, ENGINE_unregister_ciphers,
+ENGINE_unregister_digests
+- ENGINE cryptographic module support
 
 =head1 SYNOPSIS
 
@@ -130,8 +168,6 @@ engine - ENGINE cryptographic module support
  EVP_PKEY *ENGINE_load_public_key(ENGINE *e, const char *key_id,
      UI_METHOD *ui_method, void *callback_data);
 
- void ENGINE_add_conf_module(void);
-
 Deprecated:
 
  #if OPENSSL_API_COMPAT < 0x10100000L
diff --git a/doc/crypto/ERR_print_errors.pod b/doc/crypto/ERR_print_errors.pod
index 4a19a59ec4..17229af30c 100644
--- a/doc/crypto/ERR_print_errors.pod
+++ b/doc/crypto/ERR_print_errors.pod
@@ -2,7 +2,8 @@
 
 =head1 NAME
 
-ERR_print_errors, ERR_print_errors_fp - print error messages
+ERR_print_errors, ERR_print_errors_fp, ERR_print_errors_cb
+- print error messages
 
 =head1 SYNOPSIS
 
@@ -10,6 +11,9 @@ ERR_print_errors, ERR_print_errors_fp - print error messages
 
  void ERR_print_errors(BIO *bp);
  void ERR_print_errors_fp(FILE *fp);
+ void ERR_print_errors_cb(int (*cb)(const char *str, size_t len, void *u),
+                          void *u)
+
 
 =head1 DESCRIPTION
 
@@ -20,6 +24,9 @@ emptying the error queue.
 ERR_print_errors_fp() is the same, except that the output goes to a
 B<FILE>.
 
+ERR_print_errors_cb() is the same, except that the callback function,
+B<cb>, is called for each error line with the string, length, and userdata
+B<u> as the callback parameters.
 
 The error strings will have the following format:
 
diff --git a/doc/crypto/ERR_put_error.pod b/doc/crypto/ERR_put_error.pod
index 9ddf534bbe..1ec3575f0d 100644
--- a/doc/crypto/ERR_put_error.pod
+++ b/doc/crypto/ERR_put_error.pod
@@ -12,6 +12,7 @@ ERR_put_error, ERR_add_error_data - record an error
          int line);
 
  void ERR_add_error_data(int num, ...);
+ void ERR_add_error_data(int num, va_list arg);
 
 =head1 DESCRIPTION
 
@@ -22,6 +23,7 @@ This function is usually called by a macro.
 
 ERR_add_error_data() associates the concatenation of its B<num> string
 arguments with the error code added last.
+ERR_add_error_vdata() is similar except the argument is a B<va_list>.
 
 L<ERR_load_strings(3)> can be used to register
 error strings so that the application can a generate human-readable
diff --git a/doc/crypto/EVP_DigestInit.pod b/doc/crypto/EVP_DigestInit.pod
index 750a51ef5f..405810ee24 100644
--- a/doc/crypto/EVP_DigestInit.pod
+++ b/doc/crypto/EVP_DigestInit.pod
@@ -40,16 +40,9 @@ EVP_get_digestbynid, EVP_get_digestbyobj - EVP digest routines
  int EVP_MD_block_size(const EVP_MD *md);
 
  const EVP_MD *EVP_MD_CTX_md(const EVP_MD_CTX *ctx);
- int (*EVP_MD_CTX_update_fn(EVP_MD_CTX *ctx))(EVP_MD_CTX *ctx,
-                                              const void *data, size_t count);
- void EVP_MD_CTX_set_update_fn(EVP_MD_CTX *ctx,
-                               int (*update) (EVP_MD_CTX *ctx,
-                                              const void *data, size_t count));
  int EVP_MD_CTX_size(const EVP_MD *ctx);
  int EVP_MD_CTX_block_size(const EVP_MD *ctx);
  int EVP_MD_CTX_type(const EVP_MD *ctx);
- EVP_PKEY_CTX *EVP_MD_CTX_pkey_ctx(const EVP_MD_CTX *ctx);
- void *EVP_MD_CTX_md_data(const EVP_MD_CTX *ctx);
 
  const EVP_MD *EVP_md_null(void);
  const EVP_MD *EVP_md2(void);
diff --git a/doc/crypto/EVP_EncryptInit.pod b/doc/crypto/EVP_EncryptInit.pod
index 90f1180f28..7b53302838 100644
--- a/doc/crypto/EVP_EncryptInit.pod
+++ b/doc/crypto/EVP_EncryptInit.pod
@@ -31,6 +31,8 @@ EVP_aes_256_cbc, EVP_aes_256_ecb, EVP_aes_256_cfb, EVP_aes_256_ofb,
 EVP_aes_128_gcm, EVP_aes_192_gcm, EVP_aes_256_gcm,
 EVP_aes_128_ccm, EVP_aes_192_ccm, EVP_aes_256_ccm - EVP cipher routines
 
+=for comment generic
+
 =head1 SYNOPSIS
 
  #include <openssl/evp.h>
@@ -99,9 +101,6 @@ EVP_aes_128_ccm, EVP_aes_192_ccm, EVP_aes_256_ccm - EVP cipher routines
  void *EVP_CIPHER_CTX_get_app_data(const EVP_CIPHER_CTX *ctx);
  void EVP_CIPHER_CTX_set_app_data(const EVP_CIPHER_CTX *ctx, void *data);
  int EVP_CIPHER_CTX_type(const EVP_CIPHER_CTX *ctx);
- void EVP_CIPHER_CTX_set_flags(const EVP_CIPHER_CTX *ctx, int flags);
- void EVP_CIPHER_CTX_clear_flags(const EVP_CIPHER_CTX *ctx, int flags);
- int EVP_CIPHER_CTX_test_flags(const EVP_CIPHER_CTX *ctx, int flags);
  int EVP_CIPHER_CTX_mode(const EVP_CIPHER_CTX *ctx);
 
  int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type);
diff --git a/doc/crypto/EVP_MD_meth_new.pod b/doc/crypto/EVP_MD_meth_new.pod
index 427ab268ed..6aab174ac9 100644
--- a/doc/crypto/EVP_MD_meth_new.pod
+++ b/doc/crypto/EVP_MD_meth_new.pod
@@ -2,6 +2,7 @@
 
 =head1 NAME
 
+EVP_MD_meth_dup,
 EVP_MD_meth_new, EVP_MD_meth_free, EVP_MD_meth_set_input_blocksize,
 EVP_MD_meth_set_result_size, EVP_MD_meth_set_app_datasize,
 EVP_MD_meth_set_flags, EVP_MD_meth_set_init, EVP_MD_meth_set_update,
@@ -10,17 +11,16 @@ EVP_MD_meth_set_ctrl, EVP_MD_meth_get_input_blocksize,
 EVP_MD_meth_get_result_size, EVP_MD_meth_get_app_datasize,
 EVP_MD_meth_get_flags, EVP_MD_meth_get_init, EVP_MD_meth_get_update,
 EVP_MD_meth_get_final, EVP_MD_meth_get_copy, EVP_MD_meth_get_cleanup,
-EVP_MD_meth_get_ctrl, EVP_MD_meth_get_pkey_types,
-EVP_MD_meth_get_sign, EVP_MD_meth_get_verify - Routines to build up
-EVP_MD methods
+EVP_MD_meth_get_ctrl, EVP_MD_CTX_md_data
+- Routines to build up EVP_MD methods
 
 =head1 SYNOPSIS
 
  #include <openssl/evp.h>
 
  EVP_MD *EVP_MD_meth_new(int md_type, int pkey_type);
- EVP_MD *EVP_MD_meth_dup(const EVP_MD *md);
  void EVP_MD_meth_free(EVP_MD *md);
+ EVP_MD *EVP_MD_meth_dup(const EVP_MD *md);
 
  int EVP_MD_meth_set_input_blocksize(EVP_MD *md, int blocksize);
  int EVP_MD_meth_set_result_size(EVP_MD *md, int resultsize);
@@ -34,6 +34,7 @@ EVP_MD methods
                                                     unsigned char *md));
  int EVP_MD_meth_set_copy(EVP_MD *md, int (*copy)(EVP_MD_CTX *to,
                                                   const EVP_MD_CTX *from));
+ void *EVP_MD_CTX_md_data(const EVP_MD_CTX *ctx);
  int EVP_MD_meth_set_cleanup(EVP_MD *md, int (*cleanup)(EVP_MD_CTX *ctx));
  int EVP_MD_meth_set_ctrl(EVP_MD *md, int (*ctrl)(EVP_MD_CTX *ctx, int cmd,
                                                   int p1, void *p2));
diff --git a/doc/crypto/EVP_PKEY_HKDF.pod b/doc/crypto/EVP_PKEY_HKDF.pod
index 8ce79c354d..61e0eec528 100644
--- a/doc/crypto/EVP_PKEY_HKDF.pod
+++ b/doc/crypto/EVP_PKEY_HKDF.pod
@@ -2,7 +2,7 @@
 
 =head1 NAME
 
-EVP_PKEY_HKDF, EVP_PKEY_CTX_set_hkdf_md, EVP_PKEY_CTX_set1_hkdf_salt,
+EVP_PKEY_CTX_set_hkdf_md, EVP_PKEY_CTX_set1_hkdf_salt,
 EVP_PKEY_CTX_set1_hkdf_key, EVP_PKEY_CTX_add1_hkdf_info -
 HMAC-based Extract-and-Expand key derivation algorithm
 
diff --git a/doc/crypto/EVP_PKEY_get_default_digest.pod b/doc/crypto/EVP_PKEY_get_default_digest_nid.pod
index 3dce5c59a8..3dce5c59a8 100644
--- a/doc/crypto/EVP_PKEY_get_default_digest.pod
+++ b/doc/crypto/EVP_PKEY_get_default_digest_nid.pod
diff --git a/doc/crypto/EVP_PKEY_keygen.pod b/doc/crypto/EVP_PKEY_keygen.pod
index ec803c9d9f..cebd95b5a1 100644
--- a/doc/crypto/EVP_PKEY_keygen.pod
+++ b/doc/crypto/EVP_PKEY_keygen.pod
@@ -2,7 +2,10 @@
 
 =head1 NAME
 
-EVP_PKEY_keygen_init, EVP_PKEY_keygen, EVP_PKEY_paramgen_init, EVP_PKEY_paramgen, EVP_PKEY_CTX_set_cb, EVP_PKEY_CTX_get_cb, EVP_PKEY_CTX_get_keygen_info, EVP_PKEVP_PKEY_CTX_set_app_data, EVP_PKEY_CTX_get_app_data - key and parameter generation functions
+EVP_PKEY_keygen_init, EVP_PKEY_keygen, EVP_PKEY_paramgen_init,
+EVP_PKEY_paramgen, EVP_PKEY_CTX_set_cb, EVP_PKEY_CTX_get_cb,
+EVP_PKEY_CTX_get_keygen_info, EVP_PKEY_CTX_set_app_data,
+EVP_PKEY_CTX_get_app_data - key and parameter generation functions
 
 =head1 SYNOPSIS
 
diff --git a/doc/crypto/EVP_PKEY_set1_RSA.pod b/doc/crypto/EVP_PKEY_set1_RSA.pod
index 90595d696e..1498df7413 100644
--- a/doc/crypto/EVP_PKEY_set1_RSA.pod
+++ b/doc/crypto/EVP_PKEY_set1_RSA.pod
@@ -6,7 +6,9 @@ EVP_PKEY_set1_RSA, EVP_PKEY_set1_DSA, EVP_PKEY_set1_DH, EVP_PKEY_set1_EC_KEY,
 EVP_PKEY_get1_RSA, EVP_PKEY_get1_DSA, EVP_PKEY_get1_DH, EVP_PKEY_get1_EC_KEY,
 EVP_PKEY_get0_RSA, EVP_PKEY_get0_DSA, EVP_PKEY_get0_DH, EVP_PKEY_get0_EC_KEY,
 EVP_PKEY_assign_RSA, EVP_PKEY_assign_DSA, EVP_PKEY_assign_DH, EVP_PKEY_assign_EC_KEY,
-EVP_PKEY_type, EVP_PKEY_id, EVP_PKEY_base_id - EVP_PKEY assignment functions
+EVP_PKEY_get0_hmac,
+EVP_PKEY_type, EVP_PKEY_id, EVP_PKEY_base_id
+- EVP_PKEY assignment functions
 
 =head1 SYNOPSIS
 
diff --git a/doc/crypto/EVP_SignInit.pod b/doc/crypto/EVP_SignInit.pod
index 171dbec409..ea4e71eb55 100644
--- a/doc/crypto/EVP_SignInit.pod
+++ b/doc/crypto/EVP_SignInit.pod
@@ -2,6 +2,7 @@
 
 =head1 NAME
 
+EVP_PKEY_size,
 EVP_SignInit, EVP_SignInit_ex, EVP_SignUpdate, EVP_SignFinal - EVP signing
 functions
 
diff --git a/doc/crypto/EVP_VerifyInit.pod b/doc/crypto/EVP_VerifyInit.pod
index 79bd581360..355dc9f409 100644
--- a/doc/crypto/EVP_VerifyInit.pod
+++ b/doc/crypto/EVP_VerifyInit.pod
@@ -2,7 +2,9 @@
 
 =head1 NAME
 
-EVP_VerifyInit, EVP_VerifyUpdate, EVP_VerifyFinal - EVP signature verification functions
+EVP_VerifyInit_ex,
+EVP_VerifyInit, EVP_VerifyUpdate, EVP_VerifyFinal
+- EVP signature verification functions
 
 =head1 SYNOPSIS
 
diff --git a/doc/crypto/OBJ_nid2obj.pod b/doc/crypto/OBJ_nid2obj.pod
index ac34a40225..9fa9e66425 100644
--- a/doc/crypto/OBJ_nid2obj.pod
+++ b/doc/crypto/OBJ_nid2obj.pod
@@ -2,17 +2,19 @@
 
 =head1 NAME
 
-OBJ_nid2obj, OBJ_nid2ln, OBJ_nid2sn, OBJ_obj2nid, OBJ_txt2nid, OBJ_ln2nid, OBJ_sn2nid,
-OBJ_cmp, OBJ_dup, OBJ_txt2obj, OBJ_obj2txt, OBJ_create, OBJ_cleanup - ASN1 object utility
-functions
+i2t_ASN1_OBJECT,
+OBJ_length, OBJ_get0_data, OBJ_nid2obj, OBJ_nid2ln,
+OBJ_nid2sn, OBJ_obj2nid, OBJ_txt2nid, OBJ_ln2nid, OBJ_sn2nid, OBJ_cmp,
+OBJ_dup, OBJ_txt2obj, OBJ_obj2txt, OBJ_create, OBJ_cleanup
+- ASN1 object utility functions
 
 =head1 SYNOPSIS
 
  #include <openssl/objects.h>
 
- ASN1_OBJECT * OBJ_nid2obj(int n);
- const char *  OBJ_nid2ln(int n);
- const char *  OBJ_nid2sn(int n);
+ ASN1_OBJECT *OBJ_nid2obj(int n);
+ const char *OBJ_nid2ln(int n);
+ const char *OBJ_nid2sn(int n);
 
  int OBJ_obj2nid(const ASN1_OBJECT *o);
  int OBJ_ln2nid(const char *ln);
@@ -20,13 +22,15 @@ functions
 
  int OBJ_txt2nid(const char *s);
 
- ASN1_OBJECT * OBJ_txt2obj(const char *s, int no_name);
+ ASN1_OBJECT *OBJ_txt2obj(const char *s, int no_name);
  int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name);
 
- int OBJ_cmp(const ASN1_OBJECT *a,const ASN1_OBJECT *b);
- ASN1_OBJECT * OBJ_dup(const ASN1_OBJECT *o);
+ int i2t_ASN1_OBJECT(char *buf, int buf_len, ASN1_OBJECT *a);
 
- int OBJ_create(const char *oid,const char *sn,const char *ln);
+ int OBJ_cmp(const ASN1_OBJECT *a, const ASN1_OBJECT *b);
+ ASN1_OBJECT *OBJ_dup(const ASN1_OBJECT *o);
+
+ int OBJ_create(const char *oid, const char *sn, const char *ln);
 
  size_t OBJ_length(const ASN1_OBJECT *obj);
  const unsigned char *OBJ_get0_data(const ASN1_OBJECT *obj);
@@ -66,6 +70,8 @@ if the object has a long or short name then that will be used, otherwise
 the numerical form will be used. If B<no_name> is 1 then the numerical
 form will always be used.
 
+i2t_ASN1_OBJECT() is the same as OBJ_obj2txt() with the B<no_name> set to zero.
+
 OBJ_cmp() compares B<a> to B<b>. If the two are identical 0 is returned.
 
 OBJ_dup() returns a copy of B<o>.
diff --git a/doc/crypto/OCSP_response_find_status.pod b/doc/crypto/OCSP_resp_find_status.pod
index a7394343fd..a852eaa8fb 100644
--- a/doc/crypto/OCSP_response_find_status.pod
+++ b/doc/crypto/OCSP_resp_find_status.pod
@@ -2,7 +2,10 @@
 
 =head1 NAME
 
-OCSP_resp_find_status, OCSP_resp_count, OCSP_resp_get0, OCSP_resp_find, OCSP_single_get0_status, OCSP_check_validity - OCSP response utility functions
+OCSP_resp_get0_produced_at,
+OCSP_resp_find_status, OCSP_resp_count, OCSP_resp_get0, OCSP_resp_find,
+OCSP_single_get0_status, OCSP_check_validity
+- OCSP response utility functions
 
 =head1 SYNOPSIS
 
diff --git a/doc/crypto/OPENSSL_init_crypto.pod b/doc/crypto/OPENSSL_init_crypto.pod
index ff2c2e8282..1989880752 100644
--- a/doc/crypto/OPENSSL_init_crypto.pod
+++ b/doc/crypto/OPENSSL_init_crypto.pod
@@ -2,6 +2,7 @@
 
 =head1 NAME
 
+OPENSSL_init_new, OPENSSL_INIT_set_config_appname, OPENSSL_INIT_free,
 OPENSSL_init_crypto, OPENSSL_cleanup,
 OPENSSL_atexit, OPENSSL_thread_stop - OpenSSL
 initialisation and deinitialisation functions
diff --git a/doc/crypto/OPENSSL_instrument_bus.pod b/doc/crypto/OPENSSL_instrument_bus.pod
index 42286f1f5e..1407261035 100644
--- a/doc/crypto/OPENSSL_instrument_bus.pod
+++ b/doc/crypto/OPENSSL_instrument_bus.pod
@@ -7,8 +7,8 @@ OPENSSL_instrument_bus, OPENSSL_instrument_bus2 - instrument references to memor
 =head1 SYNOPSIS
 
  #ifdef OPENSSL_CPUID_OBJ
- size_t OPENSSL_instrument_bus (int *vector,size_t num);
- size_t OPENSSL_instrument_bus2(int *vector,size_t num,size_t max);
+ size_t OPENSSL_instrument_bus(int *vector, size_t num);
+ size_t OPENSSL_instrument_bus2(int *vector, size_t num, size_t max);
  #endif
 
 =head1 DESCRIPTION
@@ -23,10 +23,10 @@ interlocked manner, which should contribute additional noise on
 multi-processor systems. This also means that B<vector[num]> should be
 zeroed upon invocation (if you want to retrieve actual probe values).
 
-OPENSSL_instrument_bus performs B<num> probes and records the number of
+OPENSSL_instrument_bus() performs B<num> probes and records the number of
 oscillator cycles every probe took.
 
-OPENSSL_instrument_bus2 on the other hand B<accumulates> consecutive
+OPENSSL_instrument_bus2() on the other hand B<accumulates> consecutive
 probes with the same value, i.e. in a way it records duration of
 periods when probe values appeared deterministic. The subroutine
 performs at most B<max> probes in attempt to fill the B<vector[num]>,
diff --git a/doc/crypto/OPENSSL_malloc.pod b/doc/crypto/OPENSSL_malloc.pod
index ca21698903..ba50221f1c 100644
--- a/doc/crypto/OPENSSL_malloc.pod
+++ b/doc/crypto/OPENSSL_malloc.pod
@@ -2,6 +2,8 @@
 
 =head1 NAME
 
+CRYPTO_MEM_CHECK_OFF, CRYPTO_MEM_CHECK_ON,
+CRYPTO_MEM_CHECK_DISABLE, CRYPTO_MEM_CHECK_ENABLE,
 OPENSSL_malloc_init,
 OPENSSL_malloc, OPENSSL_zalloc, OPENSSL_realloc, OPENSSL_free,
 OPENSSL_clear_realloc, OPENSSL_clear_free, OPENSSL_cleanse,
@@ -9,11 +11,12 @@ CRYPTO_malloc, CRYPTO_zalloc, CRYPTO_realloc, CRYPTO_free,
 OPENSSL_strdup, OPENSSL_strndup,
 OPENSSL_memdup, OPENSSL_strlcpy, OPENSSL_strlcat,
 OPENSSL_hexstr2buf, OPENSSL_buf2hexstr, OPENSSL_hexchar2int,
+CRYPTO_strdup, CRYPTO_strndup,
+OPENSSL_mem_debug_push, OPENSSL_mem_debug_pop,
+CRYPTO_mem_debug_push, CRYPTO_mem_debug_pop,
 CRYPTO_clear_realloc, CRYPTO_clear_free,
 CRYPTO_get_mem_functions, CRYPTO_set_mem_functions,
 CRYPTO_set_mem_debug, CRYPTO_mem_ctrl,
-OPENSSL_mem_debug_push, OPENSSL_mem_debug_pop,
-CRYPTO_mem_debug_push, CRYPTO_mem_debug_pop,
 CRYPTO_mem_leaks, CRYPTO_mem_leaks_fp - Memory allocation functions
 
 =head1 SYNOPSIS
@@ -28,6 +31,9 @@ CRYPTO_mem_leaks, CRYPTO_mem_leaks_fp - Memory allocation functions
  void OPENSSL_free(void *addr)
  char *OPENSSL_strdup(const char *str)
  char *OPENSSL_strndup(const char *str, size_t s)
+ size_t OPENSSL_strlcat(char *dst, const char *src, size_t size);
+ size_t OPENSSL_strlcpy(char *dst, const char *src, size_t size);
+ void *OPENSSL_memdup(void *data, size_t s)
  void *OPENSSL_clear_realloc(void *p, size_t old_len, size_t num)
  void OPENSSL_clear_free(void *str, size_t num)
  void OPENSSL_cleanse(void *ptr, size_t len);
@@ -64,12 +70,13 @@ CRYPTO_mem_leaks, CRYPTO_mem_leaks_fp - Memory allocation functions
  int CRYPTO_mem_ctrl(int mode);
 
  int OPENSSL_mem_debug_push(const char *info)
- int OPENSLS_mem_debug_pop)(void)
+ int OPENSSL_mem_debug_pop(void);
 
  int CRYPTO_mem_debug_push(const char *info, const char *file, int line);
+ int CRYPTO_mem_debug_pop(void);
 
  void CRYPTO_mem_leaks(BIO *b);
- void CRYPTO_mem_leaks(FILE *fp);
+ void CRYPTO_mem_leaks_fp(FILE *fp);
 
 =head1 DESCRIPTION
 
diff --git a/doc/crypto/OPENSSL_secure_malloc.pod b/doc/crypto/OPENSSL_secure_malloc.pod
index 9bc05e5ee6..517bfbcde1 100644
--- a/doc/crypto/OPENSSL_secure_malloc.pod
+++ b/doc/crypto/OPENSSL_secure_malloc.pod
@@ -6,7 +6,7 @@ CRYPTO_secure_malloc_init, CRYPTO_secure_malloc_initialized,
 CRYPTO_secure_malloc_done, OPENSSL_secure_malloc, CRYPTO_secure_malloc,
 OPENSSL_secure_zalloc, CRYPTO_secure_zalloc, OPENSSL_secure_free,
 CRYPTO_secure_free, OPENSSL_secure_actual_size, OPENSSL_secure_allocated,
-CYRPTO_secure_malloc_used - secure heap storage
+CYRPTO_secure_used - secure heap storage
 
 =head1 SYNOPSIS
 
diff --git a/doc/crypto/PEM_read.pod b/doc/crypto/PEM_read.pod
index c0bd010e40..3c6d2fd03b 100644
--- a/doc/crypto/PEM_read.pod
+++ b/doc/crypto/PEM_read.pod
@@ -25,7 +25,7 @@ pem_password_cb
  int PEM_do_header(EVP_CIPHER_INFO *cinfo, unsigned char *data, long *len,
                    pem_password_cb *cb, void *u);
 
- typedef int pem_password_cb (char *buf, int size, int rwflag, void *u);
+ typedef int (*pem_password_cb)(char *buf, int size, int rwflag, void *u);
 
 =head1 DESCRIPTION
 
diff --git a/doc/crypto/PEM_read_bio_PrivateKey.pod b/doc/crypto/PEM_read_bio_PrivateKey.pod
index f35519607c..dd5a230998 100644
--- a/doc/crypto/PEM_read_bio_PrivateKey.pod
+++ b/doc/crypto/PEM_read_bio_PrivateKey.pod
@@ -2,7 +2,7 @@
 
 =head1 NAME
 
-PEM, PEM_read_bio_PrivateKey, PEM_read_PrivateKey, PEM_write_bio_PrivateKey,
+PEM_read_bio_PrivateKey, PEM_read_PrivateKey, PEM_write_bio_PrivateKey,
 PEM_write_bio_PrivateKey_traditional, PEM_write_PrivateKey,
 PEM_write_bio_PKCS8PrivateKey, PEM_write_PKCS8PrivateKey,
 PEM_write_bio_PKCS8PrivateKey_nid, PEM_write_PKCS8PrivateKey_nid,
diff --git a/doc/crypto/PKCS7_verify.pod b/doc/crypto/PKCS7_verify.pod
index 51694e7c47..6cf80df333 100644
--- a/doc/crypto/PKCS7_verify.pod
+++ b/doc/crypto/PKCS7_verify.pod
@@ -2,6 +2,7 @@
 
 =head1 NAME
 
+PKCS7_NO_DUAL_CONTENT,
 PKCS7_verify, PKCS7_get0_signers - verify a PKCS#7 signedData structure
 
 =head1 SYNOPSIS
diff --git a/doc/crypto/RIPEMD160_init.pod b/doc/crypto/RIPEMD160_Init.pod
index a372e32ca3..a372e32ca3 100644
--- a/doc/crypto/RIPEMD160_init.pod
+++ b/doc/crypto/RIPEMD160_Init.pod
diff --git a/doc/crypto/RSA_check_key.pod b/doc/crypto/RSA_check_key.pod
index a8b1002fef..d8689f4a2b 100644
--- a/doc/crypto/RSA_check_key.pod
+++ b/doc/crypto/RSA_check_key.pod
@@ -2,7 +2,7 @@
 
 =head1 NAME
 
-RSA_check_key - validate private RSA keys
+RSA_check_key_ex, RSA_check_key - validate private RSA keys
 
 =head1 SYNOPSIS
 
diff --git a/doc/crypto/RSA_meth_new.pod b/doc/crypto/RSA_meth_new.pod
index 19743d1240..e46b3984f6 100644
--- a/doc/crypto/RSA_meth_new.pod
+++ b/doc/crypto/RSA_meth_new.pod
@@ -2,9 +2,10 @@
 
 =head1 NAME
 
+RSA_meth_get0_app_data, RSA_meth_set0_app_data,
 RSA_meth_new, RSA_meth_free, RSA_meth_dup, RSA_meth_get0_name,
 RSA_meth_set1_name, RSA_meth_get_flags, RSA_meth_set_flags,
-RSA_meth_get_app_data, RSA_meth_set_app_data, RSA_meth_get_pub_enc,
+RSA_meth_get_pub_enc,
 RSA_meth_set_pub_enc, RSA_meth_get_pub_dec, RSA_meth_set_pub_dec,
 RSA_meth_get_priv_enc, RSA_meth_set_priv_enc, RSA_meth_get_priv_dec,
 RSA_meth_set_priv_dec, RSA_meth_get_mod_exp, RSA_meth_set_mod_exp,
diff --git a/doc/crypto/RSA_private_decrypt.pod b/doc/crypto/RSA_private_decrypt.pod
deleted file mode 100644
index fa6c405364..0000000000
--- a/doc/crypto/RSA_private_decrypt.pod
+++ /dev/null
@@ -1,79 +0,0 @@
-=pod
-
-=head1 NAME
-
-RSA_private_decrypt,
-RSA_private_encrypt,
-RSA_public_decrypt,
-RSA_sign,
-RSA_verify,
-RSA_sign_ASN1_OCTET_STRING,
-RSA_verify_ASN1_OCTET_STRING
-- RSA public key cryptosystem
-
-=head1 SYNOPSIS
-
- #include <openssl/rsa.h>
-
- int RSA_private_decrypt(int flen, unsigned char *from,
-    unsigned char *to, RSA *rsa, int padding);
- int RSA_private_encrypt(int flen, unsigned char *from,
-    unsigned char *to, RSA *rsa,int padding);
- int RSA_public_decrypt(int flen, unsigned char *from,
-    unsigned char *to, RSA *rsa,int padding);
-
- int RSA_sign(int type, unsigned char *m, unsigned int m_len,
-    unsigned char *sigret, unsigned int *siglen, RSA *rsa);
- int RSA_verify(int type, unsigned char *m, unsigned int m_len,
-    unsigned char *sigbuf, unsigned int siglen, RSA *rsa);
-
- int RSA_sign_ASN1_OCTET_STRING(int dummy, unsigned char *m,
-    unsigned int m_len, unsigned char *sigret, unsigned int *siglen,
-    RSA *rsa);
- int RSA_verify_ASN1_OCTET_STRING(int dummy, unsigned char *m,
-    unsigned int m_len, unsigned char *sigbuf, unsigned int siglen,
-    RSA *rsa);
-
-=head1 DESCRIPTION
-
-These functions implement RSA public key encryption and signatures
-as defined in PKCS #1 v2.0 [RFC 2437].
-
-The B<RSA> structure represents public and private RSA keys.
-
-Note that RSA keys may use non-standard B<RSA_METHOD> implementations,
-either directly or by the use of B<ENGINE> modules. In some cases (eg. an
-ENGINE providing support for hardware-embedded keys), these BIGNUM values
-will not be used by the implementation or may be used for alternative data
-storage. For this reason, applications should generally avoid using RSA
-structure elements directly and instead use API functions to query or
-modify keys.
-
-=head1 CONFORMING TO
-
-SSL, PKCS #1 v2.0
-
-=head1 SEE ALSO
-
-L<bn(3)>, L<dsa(3)>, L<dh(3)>,
-L<rand(3)>, L<engine(3)>, L<RSA_new(3)>, L<RSA_set0_key(3)>
-L<RSA_public_encrypt(3)>,
-L<RSA_size(3)>,
-L<RSA_generate_key(3)>,
-L<RSA_check_key(3)>,
-L<RSA_blinding_on(3)>,
-L<RSA_set_method(3)>, L<RSA_print(3)>,
-L<RSA_get_ex_new_index(3)>,
-L<RSA_sign_ASN1_OCTET_STRING(3)>,
-L<RSA_padding_add_PKCS1_type_1(3)>
-
-=head1 COPYRIGHT
-
-Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-
-Licensed under the OpenSSL license (the "License").  You may not use
-this file except in compliance with the License.  You can obtain a copy
-in the file LICENSE in the source distribution or at
-L<https://www.openssl.org/source/license.html>.
-
-=cut
diff --git a/doc/crypto/UI_new.pod b/doc/crypto/UI_new.pod
index 78981c1478..72a2ea7095 100644
--- a/doc/crypto/UI_new.pod
+++ b/doc/crypto/UI_new.pod
@@ -2,13 +2,17 @@
 
 =head1 NAME
 
+UI, UI_METHOD, UI_INPUT_FLAG_ECHO,
+UI_INPUT_FLAG_DEFAULT_PWD,
+UI_CTRL_PRINT_ERRORS,
+UI_CTRL_IS_REDOABLE,
 UI_new, UI_new_method, UI_free, UI_add_input_string, UI_dup_input_string,
 UI_add_verify_string, UI_dup_verify_string, UI_add_input_boolean,
 UI_dup_input_boolean, UI_add_info_string, UI_dup_info_string,
 UI_add_error_string, UI_dup_error_string, UI_construct_prompt,
 UI_add_user_data, UI_get0_user_data, UI_get0_result, UI_process,
 UI_ctrl, UI_set_default_method, UI_get_default_method, UI_get_method,
-UI_set_method, UI_OpenSSL, ERR_load_UI_strings - user interface
+UI_set_method, UI_OpenSSL, - user interface
 
 =head1 SYNOPSIS
 
diff --git a/doc/crypto/X509V3_get_d2i.pod b/doc/crypto/X509V3_get_d2i.pod
index 30264ff338..f6f9be6694 100644
--- a/doc/crypto/X509V3_get_d2i.pod
+++ b/doc/crypto/X509V3_get_d2i.pod
@@ -2,6 +2,7 @@
 
 =head1 NAME
 
+X509_get0_extensions, X509_CRL_get0_extensions, X509_REVOKED_get0_extensions,
 X509V3_get_d2i, X509V3_add1_i2d, X509V3_EXT_d2i, X509V3_EXT_i2d,
 X509_get_ext_d2i, X509_add1_ext_i2d, X509_CRL_get_ext_d2i,
 X509_CRL_add1_ext_i2d, X509_REVOKED_get_ext_d2i,
@@ -206,7 +207,7 @@ cannot be encoded) or -1 due to a fatal error such as a memory allocation
 failure.
 
 X509_get0_extensions(), X509_CRL_get0_extensions() and
-X509_REVOKED_get0_extensions() return a stack of extensions. They can return
+X509_REVOKED_get0_extensions() return a stack of extensions. They return
 NULL if no extensions are present.
 
 =head1 SEE ALSO
diff --git a/doc/crypto/X509_NAME_get0_der.pod b/doc/crypto/X509_NAME_get0_der.pod
index 722fadb944..062bc7e7b4 100644
--- a/doc/crypto/X509_NAME_get0_der.pod
+++ b/doc/crypto/X509_NAME_get0_der.pod
@@ -2,6 +2,8 @@
 
 =head1 NAME
 
+X509_NAME_get0_der - get X509_NAME DER encoding
+
 =head1 SYNOPSIS
 
  #include <openssl/x509.h>
diff --git a/doc/crypto/X509_STORE_CTX_new.pod b/doc/crypto/X509_STORE_CTX_new.pod
index 08adb34e86..480b492eb7 100644
--- a/doc/crypto/X509_STORE_CTX_new.pod
+++ b/doc/crypto/X509_STORE_CTX_new.pod
@@ -11,6 +11,7 @@ X509_STORE_CTX_get0_untrusted, X509_STORE_CTX_set0_untrusted,
 X509_STORE_CTX_get_num_untrusted,
 X509_STORE_CTX_set_default,
 X509_STORE_CTX_set_verify,
+X509_STORE_set_verify,
 X509_STORE_CTX_get_verify - X509_STORE_CTX initialisation
 
 =head1 SYNOPSIS
diff --git a/doc/crypto/X509_dup.pod b/doc/crypto/X509_dup.pod
index e1dd91c338..b93c228738 100644
--- a/doc/crypto/X509_dup.pod
+++ b/doc/crypto/X509_dup.pod
@@ -233,6 +233,8 @@ X509_VAL_new,
 X509_dup,
 - ASN1 object utilities
 
+=for comment generic
+
 =head1 SYNOPSIS
 
  #include <openssl/asn1t.h>
diff --git a/doc/crypto/X509_get_extension_flags.pod b/doc/crypto/X509_get_extension_flags.pod
index 1452cc8a36..2509b65ca0 100644
--- a/doc/crypto/X509_get_extension_flags.pod
+++ b/doc/crypto/X509_get_extension_flags.pod
@@ -2,6 +2,7 @@
 
 =head1 NAME
 
+X509_get0_subject_key_id,
 X509_get_pathlen,
 X509_get_extension_flags, X509_get_key_usage, X509_get_extended_key_usage -
 retrieve certificate extension data
diff --git a/doc/crypto/X509_new.pod b/doc/crypto/X509_new.pod
index 0b9126ecf9..4f5349931a 100644
--- a/doc/crypto/X509_new.pod
+++ b/doc/crypto/X509_new.pod
@@ -2,6 +2,7 @@
 
 =head1 NAME
 
+X509_chain_up_ref,
 X509_new, X509_free, X509_up_ref - X509 certificate ASN1 allocation functions
 
 =head1 SYNOPSIS
diff --git a/doc/crypto/X509v3_get_ext_by_NID.pod b/doc/crypto/X509v3_get_ext_by_NID.pod
index f29b0fb9b4..b379678a64 100644
--- a/doc/crypto/X509v3_get_ext_by_NID.pod
+++ b/doc/crypto/X509v3_get_ext_by_NID.pod
@@ -4,8 +4,7 @@
 
 X509v3_get_ext_count, X509v3_get_ext, X509v3_get_ext_by_NID,
 X509v3_get_ext_by_OBJ, X509v3_get_ext_by_critical, X509v3_delete_ext,
-X509v3_add_ext, X509_get0_extensions, X509_CRL_get0_extensions,
-X509_REVOKED_get0_extensions, X509_get_ext_count, X509_get_ext,
+X509v3_add_ext, X509_get_ext_count, X509_get_ext,
 X509_get_ext_by_NID, X509_get_ext_by_OBJ, X509_get_ext_by_critical,
 X509_delete_ext, X509_add_ext, X509_CRL_get_ext_count, X509_CRL_get_ext,
 X509_CRL_get_ext_by_NID, X509_CRL_get_ext_by_OBJ, X509_CRL_get_ext_by_critical,
@@ -31,10 +30,6 @@ X509_REVOKED_add_ext - extension stack utility functions
  STACK_OF(X509_EXTENSION) *X509v3_add_ext(STACK_OF(X509_EXTENSION) **x,
                                           X509_EXTENSION *ex, int loc);
 
- STACK_OF(X509_EXTENSION) *X509_get0_extensions(const X509 *x);
- STACK_OF(X509_EXTENSION) *X509_CRL_get0_extensions(X509_CRL *crl);
- STACK_OF(X509_EXTENSION) *X509_REVOKED_get0_extensions(X509_REVOKED *r);
-
  int X509_get_ext_count(X509 *x);
  X509_EXTENSION *X509_get_ext(X509 *x, int loc);
  int X509_get_ext_by_NID(X509 *x, int nid, int lastpos);
@@ -88,10 +83,6 @@ B<loc> is B<-1> the new extension is added to the end. If B<*x> is B<NULL>
 a new stack will be allocated. The passed extension B<ex> is duplicated
 internally so it must be freed after use.
 
-X509_get0_extensions(), X509_CRL_get0_extensions() and
-X509_REVOKED_get0_extensions() retrieve the extensions from a certificate
-a CRL or a CRL entry respectively.
-
 X509_get_ext_count(), X509_get_ext(), X509_get_ext_by_NID(),
 X509_get_ext_by_OBJ(), X509_get_ext_by_critical(), X509_delete_ext()
 and X509_add_ext() operate on the extensions of certificate B<x> they are
@@ -133,10 +124,6 @@ error occurs.
 
 X509v3_add_ext() returns a stack of extensions or B<NULL> on error.
 
-X509_get0_extensions(), X509_CRL_get0_extensions() and
-X509_REVOKED_get0_extensions() return a stack of extensions. If the extensions
-field is absent it will return B<NULL>: this is B<not> an error condition.
-
 =head1 SEE ALSO
 
 L<X509V3_get_d2i(3)>
diff --git a/doc/crypto/d2i_PKCS8PrivateKey.pod b/doc/crypto/d2i_PKCS8PrivateKey_bio.pod
index 164d93ff4f..164d93ff4f 100644
--- a/doc/crypto/d2i_PKCS8PrivateKey.pod
+++ b/doc/crypto/d2i_PKCS8PrivateKey_bio.pod
diff --git a/doc/crypto/d2i_PrivateKey.pod b/doc/crypto/d2i_PrivateKey.pod
index a221b0f93f..6b12ad9eab 100644
--- a/doc/crypto/d2i_PrivateKey.pod
+++ b/doc/crypto/d2i_PrivateKey.pod
@@ -2,7 +2,7 @@
 
 =head1 NAME
 
-d2i_Private_key, d2i_AutoPrivateKey, i2d_PrivateKey,
+d2i_PrivateKey, d2i_AutoPrivateKey, i2d_PrivateKey,
 d2i_PrivateKey_bio, d2i_PrivateKey_fp
 - decode and encode functions for reading and saving EVP_PKEY structures
 
diff --git a/doc/ssl/SSL_CIPHER_get_name.pod b/doc/ssl/SSL_CIPHER_get_name.pod
index 643eea4b94..b7ee3c84f5 100644
--- a/doc/ssl/SSL_CIPHER_get_name.pod
+++ b/doc/ssl/SSL_CIPHER_get_name.pod
@@ -2,7 +2,11 @@
 
 =head1 NAME
 
-SSL_CIPHER_get_name, SSL_CIPHER_get_bits, SSL_CIPHER_get_version, SSL_CIPHER_description - get SSL_CIPHER properties
+SSL_CIPHER_get_cipher_nid, SSL_CIPHER_get_digest_nid, SSL_CIPHER_get_kx_nid,
+SSL_CIPHER_get_auth_nid, SSL_CIPHER_is_aead,
+SSL_CIPHER_get_name, SSL_CIPHER_get_bits,
+SSL_CIPHER_get_version, SSL_CIPHER_description
+- get SSL_CIPHER properties
 
 =head1 SYNOPSIS
 
diff --git a/doc/ssl/SSL_CONF_cmd.pod b/doc/ssl/SSL_CONF_cmd.pod
index 083b33a1c5..fb39f940ce 100644
--- a/doc/ssl/SSL_CONF_cmd.pod
+++ b/doc/ssl/SSL_CONF_cmd.pod
@@ -2,6 +2,7 @@
 
 =head1 NAME
 
+SSL_CONF_cmd_value_type, SSL_CONF_finish,
 SSL_CONF_cmd - send configuration command
 
 =head1 SYNOPSIS
diff --git a/doc/ssl/SSL_CTX_new.pod b/doc/ssl/SSL_CTX_new.pod
index 69b59bb576..e47083cf40 100644
--- a/doc/ssl/SSL_CTX_new.pod
+++ b/doc/ssl/SSL_CTX_new.pod
@@ -2,14 +2,15 @@
 
 =head1 NAME
 
+TLSv1_2_method, TLSv1_2_server_method, TLSv1_2_client_method,
 SSL_CTX_new, SSL_CTX_up_ref, SSLv3_method, SSLv3_server_method,
 SSLv3_client_method, TLSv1_method, TLSv1_server_method, TLSv1_client_method,
 TLSv1_1_method, TLSv1_1_server_method, TLSv1_1_client_method, TLS_method,
 TLS_server_method, TLS_client_method, SSLv23_method, SSLv23_server_method,
 SSLv23_client_method, DTLS_method, DTLS_server_method, DTLS_client_method,
 DTLSv1_method, DTLSv1_server_method, DTLSv1_client_method,
-DTLSv1_2_method, DTLSv1_2_server_method, DTLSv1_2_client_method -
-create a new SSL_CTX object as framework for TLS/SSL or DTLS enabled
+DTLSv1_2_method, DTLSv1_2_server_method, DTLSv1_2_client_method
+- create a new SSL_CTX object as framework for TLS/SSL or DTLS enabled
 functions
 
 =head1 SYNOPSIS
diff --git a/doc/ssl/SSL_CTX_set_default_passwd_cb.pod b/doc/ssl/SSL_CTX_set_default_passwd_cb.pod
index 2d407bbc39..fb448073f9 100644
--- a/doc/ssl/SSL_CTX_set_default_passwd_cb.pod
+++ b/doc/ssl/SSL_CTX_set_default_passwd_cb.pod
@@ -2,6 +2,7 @@
 
 =head1 NAME
 
+SSL_CTX_passwd_cb,
 SSL_CTX_set_default_passwd_cb, SSL_CTX_set_default_passwd_cb_userdata,
 SSL_CTX_get_default_passwd_cb, SSL_CTX_get_default_passwd_cb_userdata,
 SSL_set_default_passwd_cb, SSL_set_default_passwd_cb_userdata,
@@ -12,31 +13,31 @@ get passwd callback for encrypted PEM file handling
 
  #include <openssl/ssl.h>
 
- void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb);
+ void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, SSL_CTX_passwd_cb *cb);
  void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u);
- pem_password_cb *SSL_CTX_get_default_passwd_cb(SSL_CTX *ctx);
+ SSL_CTX_passwd_cb *SSL_CTX_get_default_passwd_cb(SSL_CTX *ctx);
  void *SSL_CTX_get_default_passwd_cb_userdata(SSL_CTX *ctx);
 
- void SSL_set_default_passwd_cb(SSL *s, pem_password_cb *cb);
+ void SSL_set_default_passwd_cb(SSL *s, SSL_CTX_passwd_cb *cb);
  void SSL_set_default_passwd_cb_userdata(SSL *s, void *u);
- pem_password_cb *SSL_get_default_passwd_cb(SSL *s);
+ SSL_CTX_passwd_cb *SSL_get_default_passwd_cb(SSL *s);
  void *SSL_get_default_passwd_cb_userdata(SSL *s);
 
- int pem_passwd_cb(char *buf, int size, int rwflag, void *userdata);
+ typedef int (*SSL_CTX_passwd_cb)(char *buf, int size, int rwflag, void *u);
 
 =head1 DESCRIPTION
 
 SSL_CTX_set_default_passwd_cb() sets the default password callback called
 when loading/storing a PEM certificate with encryption.
 
-SSL_CTX_set_default_passwd_cb_userdata() sets a pointer to B<userdata> which
-will be provided to the password callback on invocation.
+SSL_CTX_set_default_passwd_cb_userdata() sets a pointer to userdata, B<u>,
+which will be provided to the password callback on invocation.
 
 SSL_CTX_get_default_passwd_cb() returns a function pointer to the password
 callback currently set in B<ctx>. If no callback was explicitly set, the
 NULL pointer is returned.
 
-SSL_CTX_get_default_passwd_cb_userdata() returns a pointer to B<userdata>
+SSL_CTX_get_default_passwd_cb_userdata() returns a pointer to the userdata
 currently set in B<ctx>. If no userdata was explicitly set, the NULL pointer
 is returned.
 
@@ -44,9 +45,9 @@ SSL_set_default_passwd_cb(), SSL_set_default_passwd_cb_userdata(),
 SSL_get_default_passwd_cb() and SSL_get_default_passwd_cb_userdata() perform
 the same function as their SSL_CTX counterparts, but using an SSL object.
 
-The pem_passwd_cb(), which must be provided by the application, hands back the
-password to be used during decryption. On invocation a pointer to B<userdata>
-is provided. The pem_passwd_cb must write the password into the provided buffer
+The password callback, which must be provided by the application, hands back the
+password to be used during decryption. On invocation a pointer to userdata
+is provided. The function must store the password into the provided buffer
 B<buf> which is of size B<size>. The actual length of the password must
 be returned to the calling function. B<rwflag> indicates whether the
 callback is used for reading/decryption (rwflag=0) or writing/encryption
@@ -57,13 +58,13 @@ callback is used for reading/decryption (rwflag=0) or writing/encryption
 When loading or storing private keys, a password might be supplied to
 protect the private key. The way this password can be supplied may depend
 on the application. If only one private key is handled, it can be practical
-to have pem_passwd_cb() handle the password dialog interactively. If several
+to have the callback handle the password dialog interactively. If several
 keys have to be handled, it can be practical to ask for the password once,
 then keep it in memory and use it several times. In the last case, the
-password could be stored into the B<userdata> storage and the
-pem_passwd_cb() only returns the password already stored.
+password could be stored into the userdata storage and the
+callback only returns the password already stored.
 
-When asking for the password interactively, pem_passwd_cb() can use
+When asking for the password interactively, the callback can use
 B<rwflag> to check, whether an item shall be encrypted (rwflag=1).
 In this case the password dialog may ask for the same password twice
 for comparison in order to catch typos, that would make decryption
@@ -78,16 +79,16 @@ These functions do not provide diagnostic information.
 
 =head1 EXAMPLES
 
-The following example returns the password provided as B<userdata> to the
+The following example returns the password provided as userdata to the
 calling function. The password is considered to be a '\0' terminated
 string. If the password does not fit into the buffer, the password is
 truncated.
 
- int pem_passwd_cb(char *buf, int size, int rwflag, void *password)
+ int my_cb(char *buf, int size, int rwflag, void *u)
  {
-  strncpy(buf, (char *)(password), size);
-  buf[size - 1] = '\0';
-  return(strlen(buf));
+      strncpy(buf, (char *)u, size);
+      buf[size - 1] = '\0';
+      return strlen(buf);
  }
 
 =head1 HISTORY
diff --git a/doc/ssl/SSL_CTX_set_read_ahead.pod b/doc/ssl/SSL_CTX_set_read_ahead.pod
index e70db3c2a9..d2b584d35c 100644
--- a/doc/ssl/SSL_CTX_set_read_ahead.pod
+++ b/doc/ssl/SSL_CTX_set_read_ahead.pod
@@ -43,7 +43,7 @@ B<read_ahead> can impact the behaviour of the SSL_pending() function
 
 =head1 RETURN VALUES
 
-SSL_get_read_ahead and SSL_CTX_get_read_ahead return 0 if reading ahead is off,
+SSL_get_read_ahead() and SSL_CTX_get_read_ahead() return 0 if reading ahead is off,
 and non zero otherwise.
 
 =head1 SEE ALSO
diff --git a/doc/ssl/SSL_CTX_use_certificate.pod b/doc/ssl/SSL_CTX_use_certificate.pod
index 3fd23a410e..748175b995 100644
--- a/doc/ssl/SSL_CTX_use_certificate.pod
+++ b/doc/ssl/SSL_CTX_use_certificate.pod
@@ -2,7 +2,17 @@
 
 =head1 NAME
 
-SSL_CTX_use_certificate, SSL_CTX_use_certificate_ASN1, SSL_CTX_use_certificate_file, SSL_use_certificate, SSL_use_certificate_ASN1, SSL_use_certificate_file, SSL_CTX_use_certificate_chain_file, SSL_CTX_use_PrivateKey, SSL_CTX_use_PrivateKey_ASN1, SSL_CTX_use_PrivateKey_file, SSL_CTX_use_RSAPrivateKey, SSL_CTX_use_RSAPrivateKey_ASN1, SSL_CTX_use_RSAPrivateKey_file, SSL_use_PrivateKey_file, SSL_use_PrivateKey_ASN1, SSL_use_PrivateKey, SSL_use_RSAPrivateKey, SSL_use_RSAPrivateKey_ASN1, SSL_use_RSAPrivateKey_file, SSL_CTX_check_private_key, SSL_check_private_key - load certificate and key data
+SSL_CTX_use_certificate, SSL_CTX_use_certificate_ASN1,
+SSL_CTX_use_certificate_file, SSL_use_certificate, SSL_use_certificate_ASN1,
+SSL_use_certificate_file, SSL_CTX_use_certificate_chain_file,
+SSL_use_certificate_chain_file,
+SSL_CTX_use_PrivateKey, SSL_CTX_use_PrivateKey_ASN1,
+SSL_CTX_use_PrivateKey_file, SSL_CTX_use_RSAPrivateKey,
+SSL_CTX_use_RSAPrivateKey_ASN1, SSL_CTX_use_RSAPrivateKey_file,
+SSL_use_PrivateKey_file, SSL_use_PrivateKey_ASN1, SSL_use_PrivateKey,
+SSL_use_RSAPrivateKey, SSL_use_RSAPrivateKey_ASN1,
+SSL_use_RSAPrivateKey_file, SSL_CTX_check_private_key, SSL_check_private_key
+- load certificate and key data
 
 =head1 SYNOPSIS
 
diff --git a/doc/ssl/SSL_SESSION_get_hostname.pod b/doc/ssl/SSL_SESSION_get0_hostname.pod
index 6fb12bec37..6fb12bec37 100644
--- a/doc/ssl/SSL_SESSION_get_hostname.pod
+++ b/doc/ssl/SSL_SESSION_get0_hostname.pod
diff --git a/doc/ssl/SSL_SESSION_get_time.pod b/doc/ssl/SSL_SESSION_get_time.pod
index 1dd25da990..d92a8efb10 100644
--- a/doc/ssl/SSL_SESSION_get_time.pod
+++ b/doc/ssl/SSL_SESSION_get_time.pod
@@ -2,7 +2,10 @@
 
 =head1 NAME
 
-SSL_SESSION_get_time, SSL_SESSION_set_time, SSL_SESSION_get_timeout, SSL_SESSION_set_timeout - retrieve and manipulate session time and timeout settings
+SSL_SESSION_get_time, SSL_SESSION_set_time, SSL_SESSION_get_timeout,
+SSL_SESSION_set_timeout
+SSL_get_time, SSL_set_time, SSL_get_timeout, SSL_set_timeout,
+- retrieve and manipulate session time and timeout settings
 
 =head1 SYNOPSIS
 
diff --git a/doc/ssl/SSL_SESSION_has_ticket.pod b/doc/ssl/SSL_SESSION_has_ticket.pod
index 58f8e080e9..2982c19a77 100644
--- a/doc/ssl/SSL_SESSION_has_ticket.pod
+++ b/doc/ssl/SSL_SESSION_has_ticket.pod
@@ -2,7 +2,9 @@
 
 =head1 NAME
 
-SSL_SESSION_has_ticket, SSL_SESSION_get_ticket_lifetime_hint, SSL_SESSION_get_ticket - get details about the ticket associated with a session
+SSL_SESSION_get0_ticket,
+SSL_SESSION_has_ticket, SSL_SESSION_get_ticket_lifetime_hint,
+- get details about the ticket associated with a session
 
 =head1 SYNOPSIS
 
@@ -11,7 +13,7 @@ SSL_SESSION_has_ticket, SSL_SESSION_get_ticket_lifetime_hint, SSL_SESSION_get_ti
  int SSL_SESSION_has_ticket(const SSL_SESSION *s);
  unsigned long SSL_SESSION_get_ticket_lifetime_hint(const SSL_SESSION *s);
  void SSL_SESSION_get0_ticket(const SSL_SESSION *s, unsigned char **tick,
-                            size_t *len);
+                              size_t *len);
 
 =head1 DESCRIPTION
 
diff --git a/doc/ssl/SSL_CTX_set_custom_cli_ext.pod b/doc/ssl/SSL_extension_supported.pod
index f179f83d1a..a56087e130 100644
--- a/doc/ssl/SSL_CTX_set_custom_cli_ext.pod
+++ b/doc/ssl/SSL_extension_supported.pod
@@ -2,7 +2,9 @@
 
 =head1 NAME
 
-SSL_CTX_add_client_custom_ext, SSL_CTX_add_server_custom_ext - custom TLS extension handling
+SSL_extension_supported,
+SSL_CTX_add_client_custom_ext, SSL_CTX_add_server_custom_ext
+- custom TLS extension handling
 
 =head1 SYNOPSIS
 
diff --git a/doc/ssl/SSL_get_ciphers.pod b/doc/ssl/SSL_get_ciphers.pod
index 190e679dd0..cc55095d47 100644
--- a/doc/ssl/SSL_get_ciphers.pod
+++ b/doc/ssl/SSL_get_ciphers.pod
@@ -2,7 +2,9 @@
 
 =head1 NAME
 
-SSL_get_ciphers, SSL_CTX_get_ciphers, SSL_get_cipher_list - get list of available SSL_CIPHERs
+SSL_get1_supported_ciphers, SSL_get_client_ciphers,
+SSL_get_ciphers, SSL_CTX_get_ciphers, SSL_get_cipher_list
+- get list of available SSL_CIPHERs
 
 =head1 SYNOPSIS
 
diff --git a/doc/ssl/SSL_set_bio.pod b/doc/ssl/SSL_set_bio.pod
index 6d162339a5..204c89e3fc 100644
--- a/doc/ssl/SSL_set_bio.pod
+++ b/doc/ssl/SSL_set_bio.pod
@@ -9,6 +9,8 @@ SSL_set_bio, SSL_set_rbio, SSL_set_wbio - connect the SSL object with a BIO
  #include <openssl/ssl.h>
 
  void SSL_set_bio(SSL *ssl, BIO *rbio, BIO *wbio);
+ void SSL_set_rbio(SSL *s, BIO *rbio);
+ void SSL_set_wbio(SSL *s, BIO *wbio);
 
 =head1 DESCRIPTION
 
diff --git a/util/find-doc-nits.pl b/util/find-doc-nits.pl
index 69d7c93521..ba600367f6 100755
--- a/util/find-doc-nits.pl
+++ b/util/find-doc-nits.pl
@@ -68,10 +68,11 @@ sub name_synopsis()
     my $syn = $1;
     foreach my $line ( split /\n+/, $syn ) {
         my $sym;
-        $line =~ s/STACK_OF\([^)]+\)//;
+        $line =~ s/STACK_OF\([^)]+\)/int/g;
+        $line =~ s/__declspec\([^)]+\)//;
         if ( $line =~ /typedef.* (\S+);/ ) {
             $sym = $1;
-        } elsif ( $line =~ /#define (\S+)/ ) {
+        } elsif ( $line =~ /#define ([A-Za-z0-9_]+)/ ) {
             $sym = $1;
         } elsif ( $line =~ /([A-Za-z0-9_]+)\(/ ) {
             $sym = $1;